lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20181205205917.169177-1-zenczykowski@gmail.com>
Date:   Wed,  5 Dec 2018 12:59:17 -0800
From:   Maciej Żenczykowski <zenczykowski@...il.com>
To:     Maciej Żenczykowski <maze@...gle.com>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>
Cc:     netdev@...r.kernel.org
Subject: [PATCH] net-udp: deprioritize cpu match for udp socket lookup

From: Maciej Żenczykowski <maze@...gle.com>

During udp socket lookup cpu match should be lowest priority,
hence it should increase score by only 1.

The next priority is delivering v4 to v4 sockets, and v6 to v6 sockets.
The v6 code path doesn't have to deal with this so it always gets
a score of '4'.  The v4 code path uses '4' or '2' depending on
whether we're delivering to a v4 socket or a dualstack v6 socket.

This is more important than cpu match, so has to be greater than
the '1' bump in score from cpu match.

All other matches (src/dst ip, src port) are even *more* important,
so need to bump score by 4 for ipv4.

For ipv6 we could simply bump by 2, but let's keep the two code
paths as similar as possible.

(also, while at it, remove two unnecessary unconditional score bumps)

Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
---
 net/ipv4/udp.c | 3 +--
 net/ipv6/udp.c | 9 ++++-----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index aff2a8e99e01..0c0ab0383cec 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -380,7 +380,7 @@ static int compute_score(struct sock *sk, struct net *net,
 	    ipv6_only_sock(sk))
 		return -1;
 
-	score = (sk->sk_family == PF_INET) ? 2 : 1;
+	score = (sk->sk_family == PF_INET) ? 4 : 2;
 	inet = inet_sk(sk);
 
 	if (inet->inet_rcv_saddr) {
@@ -405,7 +405,6 @@ static int compute_score(struct sock *sk, struct net *net,
 					dif, sdif);
 	if (!dev_match)
 		return -1;
-	score += 4;
 
 	if (sk->sk_incoming_cpu == raw_smp_processor_id())
 		score++;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 09cba4cfe31f..5441062d7d5e 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -125,31 +125,30 @@ static int compute_score(struct sock *sk, struct net *net,
 	    sk->sk_family != PF_INET6)
 		return -1;
 
-	score = 0;
+	score = 4;
 	inet = inet_sk(sk);
 
 	if (inet->inet_dport) {
 		if (inet->inet_dport != sport)
 			return -1;
-		score++;
+		score += 4;
 	}
 
 	if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
 		if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
 			return -1;
-		score++;
+		score += 4;
 	}
 
 	if (!ipv6_addr_any(&sk->sk_v6_daddr)) {
 		if (!ipv6_addr_equal(&sk->sk_v6_daddr, saddr))
 			return -1;
-		score++;
+		score += 4;
 	}
 
 	dev_match = udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif);
 	if (!dev_match)
 		return -1;
-	score++;
 
 	if (sk->sk_incoming_cpu == raw_smp_processor_id())
 		score++;
-- 
2.20.0.rc1.387.gf8505762e3-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ