| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190628065412.GA31217@apalos>
Date: Fri, 28 Jun 2019 09:54:12 +0300
From: Ilias Apalodimas <ilias.apalodimas@...aro.org>
To: Maciej Fijalkowski <maciejromanfijalkowski@...il.com>
Cc: netdev@...r.kernel.org, jaswinder.singh@...aro.org,
ard.biesheuvel@...aro.org, bjorn.topel@...el.com,
magnus.karlsson@...el.com, brouer@...hat.com, daniel@...earbox.net,
ast@...nel.org, makita.toshiaki@....ntt.co.jp,
jakub.kicinski@...ronome.com, john.fastabend@...il.com,
davem@...emloft.net
Subject: Re: [RFC, PATCH 2/2, net-next] net: netsec: add XDP support
Hi Maciej Fijalkowski,
[...]
> > + tx_ctrl.cksum_offload_flag = false;
> > + tx_ctrl.tcp_seg_offload_flag = false;
> > + tx_ctrl.tcp_seg_len = 0;
>
> Aren't these three lines redundant? tx_ctrl is zero initialized.
>
Yea i think i can remove those
> > +
> > + tx_desc.dma_addr = dma_handle;
> > + tx_desc.addr = xdpf->data;
> > + tx_desc.len = xdpf->len;
> > +
> > + netsec_set_tx_de(priv, tx_ring, &tx_ctrl, &tx_desc, xdpf);
> > +
> > + return NETSEC_XDP_TX;
> > +}
> > +
> > +static u32 netsec_xdp_xmit_back(struct netsec_priv *priv, struct xdp_buff *xdp)
> > +{
> > + struct netsec_desc_ring *tx_ring = &priv->desc_ring[NETSEC_RING_TX];
> > + struct xdp_frame *xdpf = convert_to_xdp_frame(xdp);
> > + u32 ret;
> > +
> > + if (unlikely(!xdpf))
> > + return NETSEC_XDP_CONSUMED;
> > +
> > + spin_lock(&tx_ring->lock);
> > + ret = netsec_xdp_queue_one(priv, xdpf, false);
> > + spin_unlock(&tx_ring->lock);
> > +
> > + return ret;
> > +}
> > +
> > +static u32 netsec_run_xdp(struct netsec_priv *priv, struct bpf_prog *prog,
> > + struct xdp_buff *xdp)
> > +{
> > + u32 ret = NETSEC_XDP_PASS;
> > + int err;
> > + u32 act;
> > +
> > + rcu_read_lock();
> > + act = bpf_prog_run_xdp(prog, xdp);
> > +
> > + switch (act) {
> > + case XDP_PASS:
> > + ret = NETSEC_XDP_PASS;
> > + break;
> > + case XDP_TX:
> > + ret = netsec_xdp_xmit_back(priv, xdp);
> > + if (ret != NETSEC_XDP_TX)
> > + xdp_return_buff(xdp);
> > + break;
> > + case XDP_REDIRECT:
> > + err = xdp_do_redirect(priv->ndev, xdp, prog);
> > + if (!err) {
> > + ret = NETSEC_XDP_REDIR;
> > + } else {
> > + ret = NETSEC_XDP_CONSUMED;
> > + xdp_return_buff(xdp);
> > + }
> > + break;
> > + default:
> > + bpf_warn_invalid_xdp_action(act);
> > + /* fall through */
> > + case XDP_ABORTED:
> > + trace_xdp_exception(priv->ndev, prog, act);
> > + /* fall through -- handle aborts by dropping packet */
> > + case XDP_DROP:
> > + ret = NETSEC_XDP_CONSUMED;
> > + xdp_return_buff(xdp);
> > + break;
> > + }
> > +
> > + rcu_read_unlock();
> > +
> > + return ret;
> > +}
> > +
> > static int netsec_process_rx(struct netsec_priv *priv, int budget)
> > {
> > struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
> > + struct bpf_prog *xdp_prog = READ_ONCE(priv->xdp_prog);
>
> Reading BPF prog should be RCU protected. There might be a case where RCU
> callback that destroys BPF prog is executed during the bottom half handling and
> you have the PREEMPT_RCU=y in your kernel config. I've just rephrased Brenden's
> words here, so for further info, see:
>
> https://lore.kernel.org/netdev/20160904042958.8594-1-bblanco@plumgrid.com/
>
> So either expand the RCU section or read prog pointer per each frame, under the
> lock, as it seems that currently we have these two schemes in drivers that
> support XDP.
>
Thanks, i'll fix it
Cheers
/Ilias
Powered by blists - more mailing lists