| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <vbfv9jn9gmi.fsf@mellanox.com>
Date: Fri, 19 Jun 2020 19:15:17 +0300
From: Vlad Buslov <vladbu@...lanox.com>
To: dsatish <satish.d@...convergence.com>
Cc: davem@...emloft.net, jhs@...atatu.com, xiyou.wangcong@...il.com,
jiri@...nulli.us, kuba@...nel.org, netdev@...r.kernel.org,
simon.horman@...ronome.com, kesavac@...il.com,
prathibha.nagooru@...convergence.com,
intiyaz.basha@...convergence.com, jai.rana@...convergence.com
Subject: Re: [PATCH net-next 3/3] cls_flower: Allow flow offloading though masked key exist.
On Fri 19 Jun 2020 at 12:41, dsatish <satish.d@...convergence.com> wrote:
> A packet reaches OVS user space, only if, either there is no rule in
> datapath/hardware or there is race condition that the flow is added
> to hardware but before it is processed another packet arrives.
>
> It is possible hardware as part of its limitations/optimizations
> remove certain flows. To handle such cases where the hardware lost
> the flows, tc can offload to hardware if it receives a flow for which
> there exists an entry in its flow table. To handle such cases TC when
> it returns EEXIST error, also programs the flow in hardware, if
> hardware offload is enabled.
>
> Signed-off-by: Chandra Kesava <kesavac@...il.com>
> Signed-off-by: Prathibha Nagooru <prathibha.nagooru@...convergence.com>
> Signed-off-by: Satish Dhote <satish.d@...convergence.com>
> ---
> net/sched/cls_flower.c | 23 +++++++++++++++++++----
> 1 file changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
> index f1a5352cbb04..d718233cd5b9 100644
> --- a/net/sched/cls_flower.c
> +++ b/net/sched/cls_flower.c
> @@ -431,7 +431,8 @@ static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
>
> static int fl_hw_replace_filter(struct tcf_proto *tp,
> struct cls_fl_filter *f, bool rtnl_held,
> - struct netlink_ext_ack *extack)
> + struct netlink_ext_ack *extack,
> + unsigned long cookie)
> {
> struct tcf_block *block = tp->chain->block;
> struct flow_cls_offload cls_flower = {};
> @@ -444,7 +445,7 @@ static int fl_hw_replace_filter(struct tcf_proto *tp,
>
> tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
> cls_flower.command = FLOW_CLS_REPLACE;
> - cls_flower.cookie = (unsigned long) f;
> + cls_flower.cookie = cookie;
> cls_flower.rule->match.dissector = &f->mask->dissector;
> cls_flower.rule->match.mask = &f->mask->key;
> cls_flower.rule->match.key = &f->mkey;
> @@ -2024,11 +2025,25 @@ static int fl_change(struct net *net, struct sk_buff *in_skb,
> fl_init_unmasked_key_dissector(&fnew->unmasked_key_dissector);
>
> err = fl_ht_insert_unique(fnew, fold, &in_ht);
> - if (err)
> + if (err) {
> + /* It is possible Hardware lost the flow even though TC has it,
> + * and flow miss in hardware causes controller to offload flow again.
> + */
> + if (err == -EEXIST && !tc_skip_hw(fnew->flags)) {
> + struct cls_fl_filter *f =
> + __fl_lookup(fnew->mask, &fnew->mkey);
You don't hold neither rcu read lock nor reference to the "f" filter
here, which means it can be concurrently destroyed at any time.
> +
> + if (f)
> + fl_hw_replace_filter(tp, fnew, rtnl_held,
> + extack,
> + (unsigned long)(f));
> + }
It looks like you are inventing filter replace/overwrite functionality
here. However, such functionality is already supported. fl_change()
receives "fold" via "arg" argument, if filter with specified key exists
in classifier instance and NLM_F_EXCL netlink message flag is not set.
> goto errout_mask;
> + }
>
> if (!tc_skip_hw(fnew->flags)) {
> - err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
> + err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack,
> + (unsigned long)fnew);
> if (err)
> goto errout_ht;
> }
Powered by blists - more mailing lists