lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 16 Dec 2020 02:08:34 +0100
From:   Andrea Mayer <andrea.mayer@...roma2.it>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Lebrun <david.lebrun@...ouvain.be>,
        Mathieu Xhonneux <m.xhonneux@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        Colin Ian King <colin.king@...onical.com>,
        Stefano Salsano <stefano.salsano@...roma2.it>,
        Paolo Lungaroni <paolo.lungaroni@...t.it>,
        Ahmed Abdelsalam <ahabdels.dev@...il.com>,
        Andrea Mayer <andrea.mayer@...roma2.it>
Subject: Re: [PATCH net-next] seg6: fix the max number of supported SRv6
 behavior attributes

Hi Jakub,
thanks for your review.

On Mon, 14 Dec 2020 20:57:40 -0800
Jakub Kicinski <kuba@...nel.org> wrote:

> > 
> >  - At compile time we verify that the total number of attributes does not
> >    exceed the fixed value of 64. Otherwise, kernel build fails forcing
> >    developers to reconsider adding a new attribute or extending the
> >    total number of supported attributes by the SRv6 networking.
> 
> Over all seems like a good thing too catch but the patch seems to go
> further than necessary. And on 32bit systems using u64 is when we only
> need 10 attrs is kinda wasteful.
> 

Ok, so the maximum number of supported attributes will be 32 (i.e. the
minimum number of bits for an unsigned long).

> > Fixes: d1df6fd8a1d2 ("ipv6: sr: define core operations for seg6local lightweight tunnel")
> > Fixes: 140f04c33bbc ("ipv6: sr: implement several seg6local actions")
> > Fixes: 891ef8dd2a8d ("ipv6: sr: implement additional seg6local actions")
> > Fixes: 004d4b274e2a ("ipv6: sr: Add seg6local action End.BPF")
> > Fixes: 964adce526a4 ("seg6: improve management of behavior attributes")
> > Fixes: 0a3021f1d4e5 ("seg6: add support for optional attributes in SRv6 behaviors")
> > Fixes: 664d6f86868b ("seg6: add support for the SRv6 End.DT4 behavior")
> > Fixes: 20a081b7984c ("seg6: add VRF support for SRv6 End.DT6 behavior")
> 
> We use fixes tags for bugs only, nothing seems broken here. It's more
> of a fool-proofing for the future.
> 

Ok, I got it.

> > 
> > diff --git a/include/uapi/linux/seg6_local.h b/include/uapi/linux/seg6_local.h
> > index 3b39ef1dbb46..81b3ac430670 100644
> > --- a/include/uapi/linux/seg6_local.h
> > +++ b/include/uapi/linux/seg6_local.h
> > @@ -27,9 +27,19 @@ enum {
> >  	SEG6_LOCAL_OIF,
> >  	SEG6_LOCAL_BPF,
> >  	SEG6_LOCAL_VRFTABLE,
> > +	/* new attributes go here */
> >  	__SEG6_LOCAL_MAX,
> > +
> > +	/* Support up to 64 different types of attributes.
> > +	 *
> > +	 * If you need to add a new attribute, please make sure that it DOES
> > +	 * NOT violate the constraint of having a maximum of 64 possible
> > +	 * attributes.
> > +	 */
> > +	__SEG6_LOCAL_MAX_SUPP = 64,
> 
> Let's not define this, especially in a uAPI header. No need to make
> promises on max attr id to user space.
> 

Ok.

>
> > +#define SEG6_F_ATTR(i) (((u64)1) << (i))
> 
> This wrapper looks useful, worth keeping.
> 

We can go ahead with the wrapper that will become as follows:

 #define SEG6_F_ATTR(i) BIT(i)

> > @@ -1692,6 +1694,15 @@ static const struct lwtunnel_encap_ops seg6_local_ops = {
> >  
> >  int __init seg6_local_init(void)
> >  {
> > +	/* If the max total number of defined attributes is reached, then your
> > +	 * kernel build stops here.
> > +	 *
> > +	 * This check is required to avoid arithmetic overflows when processing
> > +	 * behavior attributes and the maximum number of defined attributes
> > +	 * exceeds the allowed value.
> > +	 */
> > +	BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > SEG6_LOCAL_MAX_SUPP);
> 
> BUILD_BUG_ON(SEG6_LOCAL_MAX > 31)
> 

I agree with this approach. Only for the sake of clarity I would prefer to
define the macro SEG6_LOCAL_MAX_SUPP as follows:

in seg6_local.c:
 [...]

 /* max total number of supported SRv6 behavior attributes */
 #define SEG6_LOCAL_MAX_SUPP 32

 int __init seg6_local_init(void)
 {
    BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > SEG6_LOCAL_MAX_SUPP);
    [...]
 }


Due to the changes, I will submit a new patch (v1) with a more appropriate
subject. The title of the new patch will most likely be:

 seg6: fool-proof the processing of SRv6 behavior attributes


Thanks for your time,
Andrea

Powered by blists - more mailing lists