lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 20 May 2019 09:04:05 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     netdev@...r.kernel.org, davem@...emloft.net,
        xdp-newbies@...r.kernel.org, bpf@...r.kernel.org,
        Stephen Hemminger <sthemmin@...rosoft.com>,
        Jason Wang <jasowang@...hat.com>
Subject: Re: [PATCH v2 net 2/2] net: core: generic XDP support for stacked
 device

On Mon, 20 May 2019 11:11:05 +0200
Jiri Pirko <jiri@...nulli.us> wrote:

> Sun, May 19, 2019 at 05:10:46AM CEST, stephen@...workplumber.org wrote:
> >When a device is stacked like (team, bonding, failsafe or netvsc) the
> >XDP generic program for the parent device is not called.  In these
> >cases, the rx handler changes skb->dev to its own in the receive
> >handler, and returns RX_HANDLER_ANOTHER.  Fix this by calling
> >do_xdp_generic if necessary before starting another round.
> >
> >Review of all the places RX_HANDLER_ANOTHER is returned
> >show that the current devices do correctly change skb->dev.
> >
> >There was an older patch that got abandoned that did the
> >same thing, this is just a rewrite.
> >
> >Suggested-by: Jason Wang <jasowang@...hat.com>
> >Fixes: d445516966dc ("net: xdp: support xdp generic on virtual devices")
> >Signed-off-by: Stephen Hemminger <sthemmin@...rosoft.com>
> >Acked-by: Jason Wang <jasowang@...hat.com>
> >---
> > net/core/dev.c | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> >diff --git a/net/core/dev.c b/net/core/dev.c
> >index b6b8505cfb3e..240d0b2de1a8 100644
> >--- a/net/core/dev.c
> >+++ b/net/core/dev.c
> >@@ -4921,6 +4921,16 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc,
> > 			ret = NET_RX_SUCCESS;
> > 			goto out;
> > 		case RX_HANDLER_ANOTHER:
> >+			if (static_branch_unlikely(&generic_xdp_needed_key)) {
> >+				struct bpf_prog *xdp_prog;
> >+
> >+				xdp_prog = rcu_dereference(skb->dev->xdp_prog);
> >+				ret = do_xdp_generic(xdp_prog, skb);
> >+				if (ret != XDP_PASS) {
> >+					ret = NET_RX_SUCCESS;
> >+					goto out;
> >+				}
> >+			}  
> 
> I'm always scarred of changes like this. The history tells us that this
> codepaths are very fragile. It took us non-trivial efford to fix bonding
> here, not to mention vlans (that was pain).
> 
> The reason for troubles was often fact that different flows were treated
> differently (vlan accel/non-accel).
> 
> This patch calls do_xdp_generic for master device in different point in
> the receive patch comparing to lower device. Would it be possible to
> unify this? E.g. by moving do_xdp_generice() call from
> netif_rx_internal()/netif_receive_skb_internal() here,
> to the beginning of __netif_receive_skb_core()?
> 

I am trying that now. But one problem is that it would break the case
where XDP was being run on one leg of a bridge. For example if eth1 is
part of br0; then it would no longer be possible to run XDP on eth1.

Running XDP on eth1 might be used to do some kind of ILA or overlay
network. That change would break it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ