lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 2 Sep 2018 12:55:23 +0300
From:   Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
To:     Tariq Toukan <tariqt@...lanox.com>, netdev@...r.kernel.org,
        Saeed Mahameed <saeedm@...lanox.com>,
        Gal Pressman <galp@...lanox.com>,
        Or Gerlitz <ogerlitz@...lanox.com>,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH RFC] net/mlx5_en: switch to Toeplitz RSS hash by default

On 02.09.2018 12:29, Tariq Toukan wrote:
> 
> 
> On 31/08/2018 2:29 PM, Konstantin Khlebnikov wrote:
>> XOR (MLX5_RX_HASH_FN_INVERTED_XOR8) gives only 8 bits.
>> It seems not enough for RFS. All other drivers use toeplitz.
>>
>> Driver mlx4_en uses Toeplitz by default and warns if hash XOR is used
>> together with NETIF_F_RXHASH (enabled by default too): "Enabling both
>> XOR Hash function and RX Hashing can limit RPS functionality".
>>
>> XOR is default in mlx5_en since commit 2be6967cdbc9
>> ("net/mlx5e: Support ETH_RSS_HASH_XOR").
>>
>> Hash function could be set via ethtool. But it would be nice to have
>> single standard for drivers or proper description why this one is special.
>>
>> Signed-off-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
>> ---
> 
> Hi Konstantin,
> 
> Thanks for the patch.
> 
> I understand the motivation.
> 
> This change affects the default out-of-the-box behavior and requires a full performance cycle. We'll run performance regression tomorrow, 
> results should be ready by EOW.
>  > I'll update.

Ok, thank you.

The only mention I've found in your documentation
http://www.mellanox.com/related-docs/prod_software/Mellanox_EN_for_Linux_User_Manual_v4_4.pdf

is
---
1.1.10 RSS Support
1.1.10.1 RSS Hash Function
The device has the ability to use XOR as the RSS distribution function, instead of the default
Toplitz function.
The XOR function can be better distributed among driver's receive queues in small number of
streams, where it distributes each TCP/UDP stream to a different queue.
---

So Toeplitz is supposed to be default hash function for all versions of drivers and hardware.

Also XOR8 seems vulnerable for ddos - hash is predictable, no random\secret vector, only 8 bits.
So, it's easy to route all flows into one point. As we got it by accident.

Moreover, in kernel 4.4.y hash switch via ethtool is broken and does not work =)

> 
> Regards,
> Tariq

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ