lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191210033656.GM18865@dhcp-12-139.nay.redhat.com>
Date:   Tue, 10 Dec 2019 11:36:56 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     netdev@...r.kernel.org, ja@....bg, marcelo.leitner@...il.com,
        dsahern@...il.com, edumazet@...gle.com,
        Guillaume Nault <gnault@...hat.com>
Subject: Re: [PATCHv2 net] ipv6/route: should not update neigh confirm time
 during PMTU update

Hi David,

Sorry for the late reply. Hope you still have impression for this discussion.
I discussed this issue with my colleagues offline and I still have some questions.
Please see comments below.

On Tue, Dec 03, 2019 at 11:58:18AM -0800, David Miller wrote:
> >> > That's not what I said.
> >> > 
> >> > I said that this interface is designed for situations where the neigh
> >> > update is appropriate, and that's what happens for most callers _except_
> >> > these tunnel cases.
> >> > 
> >> > The tunnel use is the exception and invoking the interface
> >> > inappropriately.
> >> > 
> >> > It is important to keep the neigh reachability fresh for TCP flows so
> >> > you cannot remove this dst_confirm_neigh() call.

The first is why IPv4 don't need this neigh update. I didn't
find dst_confirm_neigh() or ipv4_confirm_neigh() in ip_rt_update_pmtu()

> > 
> > I have one question here. Since we have the .confirm_neigh fuction in
> > struct dst_ops. How about do a dst->ops->confirm_neigh() separately after
> > dst->ops->update_pmtu()? Why should we mix the confirm_neigh() in
> > update_pmtu(), like ip6_rt_update_pmtu()?
> 
> Two indirect calls which have high cost due to spectre mitigation?

Guillaume pointed me that dst_confirm_neigh() is also a indriect call.
So it should take same cost to call dst_confirm_neigh() in or before
__ip6_rt_update_pmtu(). If they are the same cose, I think there would
have two fixes.

1. Add a new parameter 'bool confirm_neigh' to __ip6_rt_update_pmtu(),
update struct dst_ops.update_mtu and all functions who called it.

2. Move dst_confirm_neigh() out of __ip6_rt_update_pmtu() and only call it
   in fuctions who need it, like inet6_csk_update_pmtu().

What do you think? Please tell me if I missed something.

Regards
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ