lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jun 2021 09:07:31 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Florian Westphal <fw@...len.de> CC: <netdev@...r.kernel.org>, <sd@...asysnail.net> Subject: Re: [PATCH ipsec-next v2 0/5] xfrm: remove xfrm replay indirections On Fri, Jun 18, 2021 at 03:51:55PM +0200, Florian Westphal wrote: > This is v2 of an older patchset that got stuck in backlog hell. Changes: > > - drop bogus "get rid of duplicated notification code" patch. As noted > by Sabrina it does change behavior. > - fix a compiler warning in patch 2. > > ipsec.c selftest passes. > > The xfrm replay logic is implemented via indirect calls. > > xfrm_state struct holds a pointer to a > 'struct xfrm_replay', which is one of several replay protection > backends. > > XFRM then invokes the backend via state->repl->callback(). > Due to retpoline all indirect calls have become a lot more > expensive. Fortunately, there are no 'replay modules', all are available > for direct calls. > > This series removes the 'struct xfrm_replay' and adds replay > functions that can be called instead of the redirection. > > Example: > - err = x->repl->overflow(x, skb); > + err = xfrm_replay_overflow(x, skb); > > Instead of a pointer to a struct with function pointers, xfrm_state > now holds an enum that tells the replay core what kind of replay > test is to be done. > > Florian Westphal (5): > xfrm: replay: avoid xfrm replay notify indirection > xfrm: replay: remove advance indirection > xfrm: replay: remove recheck indirection > xfrm: replay: avoid replay indirection > xfrm: replay: remove last replay indirection All applied, thanks a lot Florian!
Powered by blists - more mailing lists