lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Feb 2021 02:37:29 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     George McCollister <george.mccollister@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jonathan Corbet <corbet@....net>, netdev@...r.kernel.org
Subject: Re: [RESEND PATCH net-next 1/4] net: hsr: generate supervision frame
 without HSR tag

On Mon, Feb 01, 2021 at 01:43:43PM -0600, George McCollister wrote:
> > > diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
> > > index ab953a1a0d6c..161b8da6a21d 100644
> > > --- a/net/hsr/hsr_device.c
> > > +++ b/net/hsr/hsr_device.c
> > > @@ -242,8 +242,7 @@ static struct sk_buff *hsr_init_skb(struct hsr_port *master, u16 proto)
> > >        * being, for PRP it is a trailer and for HSR it is a
> > >        * header
> > >        */
> > > -     skb = dev_alloc_skb(sizeof(struct hsr_tag) +
> > > -                         sizeof(struct hsr_sup_tag) +
> > > +     skb = dev_alloc_skb(sizeof(struct hsr_sup_tag) +
> > >                           sizeof(struct hsr_sup_payload) + hlen + tlen);
> >
> > Question 1: why are you no longer allocating struct hsr_tag (or struct prp_rct,
> > which has the same size)?
> 
> Because the tag is no longer being included in the supervisory frame
> here. If I understand correctly hsr_create_tagged_frame and
> prp_create_tagged_frame will create a new skb with HSR_HLEN added
> later.

I'm mostly doing static analysis of the code, which makes everything
more difficult and also my review more inaccurate. I'll try to give your
patches more testing when reviewing further, but I just got stuck into
trying to understand them first.

So your change makes fill_frame_info classify supervision frames as
skb_std instead of skb_hsr or skb_prp. The tag is added only in
hsr_create_tagged_frame right before dispatch to the egress port.

But that means that there are places like for example
hsr_handle_sup_frame which clearly don't like that: it checks whether
there's a tagged skb in either frame->skb_hsr or frame->skb_prp, but not
in frame->skb_std, so it now does basically nothing.

Don't we need hsr_handle_sup_frame?

> > In hsr->proto_ops->fill_frame_info in the call path above, the skb is
> > still put either into frame->skb_hsr or into frame->skb_prp, but not
> > into frame->skb_std, even if it does not contain a struct hsr_tag.
> 
> Are you sure? My patch changes hsr_fill_frame_info and
> prp_fill_frame_info not to do that if port->type is HSR_PT_MASTER
> which I'm pretty certain it always is when sending supervisory frames
> like this. If I've overlooked something let me know.

You're right, I had figured it out myself in the comment below where I
called it a kludge.

> >
> > Also, which code exactly will insert the hsr_tag later? I assume
> > hsr_fill_tag via hsr->proto_ops->create_tagged_frame?
> 
> Correct.

I think it's too late, see above.

> > > -     if (!hsr->prot_version)
> > > -             proto = ETH_P_PRP;
> > > -     else
> > > -             proto = ETH_P_HSR;
> > > -
> > > -     skb = hsr_init_skb(master, proto);
> > > +     skb = hsr_init_skb(master, ETH_P_PRP);
> >
> > Question 2: why is this correct, setting skb->protocol to ETH_P_PRP
> > (HSR v0) regardless of prot_version? Also, why is the change necessary?
> 
> This part is not intuitive and I don't have a copy of the documents
> where v0 was defined. It's unfortunate this code even supports v0
> because AFAIK no one else uses it; but it's in here so we have to keep
> supporting it I guess.
> In v1 the tag has an eth type of 0x892f and the encapsulated
> supervisory frame has a type of 0x88fb. In v0 0x88fb is used for the
> eth type and there is no encapsulation type. So... this is correct
> however I compared supervisory frame generation before and after this
> patch for v0 and I found a problem. My changes make it add 0x88fb
> again later for v0 which it's not supposed to do. I'll have to fix
> that part somehow.

Step 1: Sign up for HSR maintainership, it's currently orphan
Step 2: Delete HSRv0 support
Step 3: See if anyone shouts, probably not
Step 4: Profit.

> >
> > Why is it such a big deal if supervision frames have HSR/PRP tag or not?
> 
> Because if the switch does automatic HSR/PRP tag insertion it will end
> up in there twice. You simply can't send anything with an HSR/PRP tag
> if this is offloaded.

When exactly will your hardware push a second HSR tag when the incoming
packet already contains one? Obviously for tagged packets coming from
the ring it should not do that. It must be treating the CPU port special
somehow, but I don't understand how.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ