lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191210170000.GA1132@linux.home>
Date:   Tue, 10 Dec 2019 18:00:00 +0100
From:   Guillaume Nault <gnault@...hat.com>
To:     Hangbin Liu <liuhangbin@...il.com>
Cc:     David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
        ja@....bg, marcelo.leitner@...il.com, dsahern@...il.com,
        edumazet@...gle.com
Subject: Re: [PATCHv2 net] ipv6/route: should not update neigh confirm time
 during PMTU update

On Tue, Dec 10, 2019 at 11:36:56AM +0800, Hangbin Liu wrote:
> Hi David,
> 
> Sorry for the late reply. Hope you still have impression for this discussion.
> I discussed this issue with my colleagues offline and I still have some questions.
> Please see comments below.
> 
> On Tue, Dec 03, 2019 at 11:58:18AM -0800, David Miller wrote:
> > >> > That's not what I said.
> > >> > 
> > >> > I said that this interface is designed for situations where the neigh
> > >> > update is appropriate, and that's what happens for most callers _except_
> > >> > these tunnel cases.
> > >> > 
> > >> > The tunnel use is the exception and invoking the interface
> > >> > inappropriately.
> > >> > 
> > >> > It is important to keep the neigh reachability fresh for TCP flows so
> > >> > you cannot remove this dst_confirm_neigh() call.
> 
> The first is why IPv4 don't need this neigh update. I didn't
> find dst_confirm_neigh() or ipv4_confirm_neigh() in ip_rt_update_pmtu()
> 
> > > 
> > > I have one question here. Since we have the .confirm_neigh fuction in
> > > struct dst_ops. How about do a dst->ops->confirm_neigh() separately after
> > > dst->ops->update_pmtu()? Why should we mix the confirm_neigh() in
> > > update_pmtu(), like ip6_rt_update_pmtu()?
> > 
> > Two indirect calls which have high cost due to spectre mitigation?
> 
> Guillaume pointed me that dst_confirm_neigh() is also a indriect call.
> So it should take same cost to call dst_confirm_neigh() in or before
> __ip6_rt_update_pmtu(). If they are the same cose, I think there would
> have two fixes.
> 
OTOH, the dst_confirm_neigh() call could easily be replaced by a direct
ip6_confirm_neigh() call in the current code (maybe using an
INDIRECT_CALL wrapper if necessary).
I'm not sure where dst_confirm_neigh() would go if it was moved outside
of __ip6_rt_update_pmtu(), but that might make such optimisation
harder.

> 1. Add a new parameter 'bool confirm_neigh' to __ip6_rt_update_pmtu(),
> update struct dst_ops.update_mtu and all functions who called it.
> 
> 2. Move dst_confirm_neigh() out of __ip6_rt_update_pmtu() and only call it
>    in fuctions who need it, like inet6_csk_update_pmtu().
> 
> What do you think? Please tell me if I missed something.
> 
> Regards
> Hangbin
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ