lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180208045526.11282-1-jakub.kicinski@netronome.com>
Date:   Wed,  7 Feb 2018 20:55:21 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, oss-drivers@...ronome.com,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Subject: [PATCH net 0/5] nfp: fix disabling TC offloads in flower, max TSO segs and module version

Hi!

This set corrects the way nfp deals with the NETIF_F_HW_TC flag.
It has slipped the review that flower offload does not currently
refuse disabling this flag when filter offload is active.

nfp's flower offload does not actually keep track of how many filters
for each port are offloaded.  The accounting of the number of filters
is added to the nfp core structures, and BPF moved to use these
structures as well.

If users are allowed to disable TC offloads while filters are active,
not only is it incorrect behaviour, but actually the NFP will never
be told to remove the flows, leading to use-after-free when stats
arrive.

Fourth patch makes sure we declare the max number of TSO segments.
FW should drop longer packets cleanly (otherwise this would be a
security problem for untrusted VFs) but dropping longer TSO frames
is not nice and driver should prevent them from being generated.

Last small addition populates MODULE_VERSION with kernel version.

Jakub Kicinski (5):
  nfp: bpf: require ETH table
  nfp: don't advertise hw-tc-offload on non-port netdevs
  nfp: forbid disabling hw-tc-offload on representors while offload
    active
  nfp: limit the number of TSO segments
  nfp: populate MODULE_VERSION

 drivers/net/ethernet/netronome/nfp/bpf/main.c       | 21 +++++++++++++--------
 drivers/net/ethernet/netronome/nfp/flower/offload.c |  4 ++++
 drivers/net/ethernet/netronome/nfp/nfp_app.h        |  9 ---------
 drivers/net/ethernet/netronome/nfp/nfp_main.c       |  1 +
 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 11 ++++++-----
 drivers/net/ethernet/netronome/nfp/nfp_net_ctrl.h   |  5 ++++-
 drivers/net/ethernet/netronome/nfp/nfp_net_repr.c   |  1 +
 drivers/net/ethernet/netronome/nfp/nfp_port.c       | 18 ++++++++++++++++++
 drivers/net/ethernet/netronome/nfp/nfp_port.h       |  6 ++++++
 9 files changed, 53 insertions(+), 23 deletions(-)

-- 
2.15.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ