lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190630164512.GD12704@khorivan>
Date:   Sun, 30 Jun 2019 19:45:13 +0300
From:   Ivan Khoronzhuk <ivan.khoronzhuk@...aro.org>
To:     Ilias Apalodimas <ilias.apalodimas@...aro.org>
Cc:     netdev@...r.kernel.org, jaswinder.singh@...aro.org,
        ard.biesheuvel@...aro.org, bjorn.topel@...el.com,
        magnus.karlsson@...el.com, brouer@...hat.com, daniel@...earbox.net,
        ast@...nel.org, makita.toshiaki@....ntt.co.jp,
        jakub.kicinski@...ronome.com, john.fastabend@...il.com,
        davem@...emloft.net, maciejromanfijalkowski@...il.com
Subject: Re: [net-next, PATCH 3/3, v2] net: netsec: add XDP support

On Sun, Jun 30, 2019 at 07:34:17PM +0300, Ilias Apalodimas wrote:
>Hi Ivan,
>>
>> [...]
>>
>> >+
>> >+static int netsec_xdp(struct net_device *ndev, struct netdev_bpf *xdp)
>> >+{
>> >+	struct netsec_priv *priv = netdev_priv(ndev);
>> >+
>> >+	switch (xdp->command) {
>> >+	case XDP_SETUP_PROG:
>> >+		return netsec_xdp_setup(priv, xdp->prog, xdp->extack);
>> >+	case XDP_QUERY_PROG:
>> >+		xdp->prog_id = priv->xdp_prog ? priv->xdp_prog->aux->id : 0;
>> xdp_attachment family to save bpf flags?
>Sure why not. This can always be added later though since many drivers are
>already doing it similarly no?
yes.
I can work w/o this ofc.
But netronome and cpsw (me) added this.
What I've seen it allows to prevent prog update if flag doesn't allow it.
Usually it doesn't allow, but can be forced with flag. In another case it can
be updated any time w/o reason...and seems like in your case it's sensitive.

>
>>
>> >+		return 0;
>> >+	default:
>> >+		return -EINVAL;
>> >+	}
>> >+}
>> >+
>> >static const struct net_device_ops netsec_netdev_ops = {
>> >	.ndo_init		= netsec_netdev_init,
>> >	.ndo_uninit		= netsec_netdev_uninit,
>> >@@ -1537,6 +1842,8 @@ static const struct net_device_ops netsec_netdev_ops = {
>> >	.ndo_set_mac_address    = eth_mac_addr,
>> >	.ndo_validate_addr	= eth_validate_addr,
>> >	.ndo_do_ioctl		= netsec_netdev_ioctl,
>> >+	.ndo_xdp_xmit		= netsec_xdp_xmit,
>> >+	.ndo_bpf		= netsec_xdp,
>> >};
>> >
>> >static int netsec_of_probe(struct platform_device *pdev,
>> >--
>> >2.20.1
>> >
>>
>> --
>> Regards,
>> Ivan Khoronzhuk
>
>Thanks
>/Ilias

-- 
Regards,
Ivan Khoronzhuk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ