| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Feb 2021 15:03:40 -0800
From: Arjun Roy <arjunroy@...gle.com>
To: Leon Romanovsky <leon@...nel.org>
Cc: David Ahern <dsahern@...il.com>, Jakub Kicinski <kuba@...nel.org>,
Arjun Roy <arjunroy.kdev@...il.com>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Soheil Hassas Yeganeh <soheil@...gle.com>
Subject: Re: [net-next v2 2/2] tcp: Add receive timestamp support for receive zerocopy.
On Mon, Feb 1, 2021 at 10:52 PM Leon Romanovsky <leon@...nel.org> wrote:
>
> On Mon, Feb 01, 2021 at 06:20:23PM -0800, Arjun Roy wrote:
> > On Mon, Feb 1, 2021 at 6:06 PM David Ahern <dsahern@...il.com> wrote:
> > >
> > > On 1/24/21 11:15 PM, Leon Romanovsky wrote:
> > > > On Fri, Jan 22, 2021 at 10:55:45PM -0700, David Ahern wrote:
> > > >> On 1/22/21 9:07 PM, Jakub Kicinski wrote:
> > > >>> On Wed, 20 Jan 2021 16:41:48 -0800 Arjun Roy wrote:
> > > >>>> diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h
> > > >>>> index 768e93bd5b51..b216270105af 100644
> > > >>>> --- a/include/uapi/linux/tcp.h
> > > >>>> +++ b/include/uapi/linux/tcp.h
> > > >>>> @@ -353,5 +353,9 @@ struct tcp_zerocopy_receive {
> > > >>>> __u64 copybuf_address; /* in: copybuf address (small reads) */
> > > >>>> __s32 copybuf_len; /* in/out: copybuf bytes avail/used or error */
> > > >>>> __u32 flags; /* in: flags */
> > > >>>> + __u64 msg_control; /* ancillary data */
> > > >>>> + __u64 msg_controllen;
> > > >>>> + __u32 msg_flags;
> > > >>>> + /* __u32 hole; Next we must add >1 u32 otherwise length checks fail. */
> > > >>>
> > > >>> Well, let's hope nobody steps on this landmine.. :)
> > > >>>
> > > >>
> > > >> Past suggestions were made to use anonymous declarations - e.g., __u32
> > > >> :32; - as a way of reserving the space for future use. That or declare
> > > >> '__u32 resvd', check that it must be 0 and makes it available for later
> > > >> (either directly or with a union).
> > > >
> > > > This is the schema (reserved field without union) used by the RDMA UAPIs from
> > > > the beginning (>20 years already) and it works like a charm.
> > > >
> > > > Highly recommend :).
> > > >
> > >
> > > agreed.
> > >
> > > Arjun: would you mind following up with a patch to make this hole
> > > explicit and usable for the next extension? Thanks,
> >
> > Will do.
>
> Please pay attention that all "in" and "out" fields that marked as reserved
> should be zeroed and kernel must check "in" field to ensure future compatibility.
>
> Thanks
>
A question about the approach where we mandate it as a reserved field;
assuming in the future it is only used as an OUT field where 0 is a
meaningful no-op value, then just setting it to 0 works just fine.
But, if it's an IN or IN-OUT field, it seems like mandating that the
application set it to 0 could break the case where a future
application sets it to some non-zero value and runs on an older
kernel. And allowing it to be non-zero can maybe yield an unexpected
outcome if an old application that did not zero it runs on a newer
kernel.
So: maybe the right move is to mark it as reserved, not care what the
input value is, always set it to 0 before returning to the user, and
explicitly mandate that any future use of the field must be as an
OUT-only parameter?
Thanks,
-Arjun
> >
> > -Arjun
Powered by blists - more mailing lists