lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAC1LvL1U1=Qb9Em5=uwC=RQw0pKPQ+dCdURgURbLgGAJkXm0eg@mail.gmail.com>
Date:   Mon, 6 Dec 2021 13:21:36 -0600
From:   Zvi Effron <zeffron@...tgames.com>
To:     Jesper Dangaard Brouer <jbrouer@...hat.com>
Cc:     Lorenzo Bianconi <lorenzo@...nel.org>, bpf@...r.kernel.org,
        netdev@...r.kernel.org, brouer@...hat.com,
        lorenzo.bianconi@...hat.com, davem@...emloft.net, kuba@...nel.org,
        ast@...nel.org, daniel@...earbox.net, shayagr@...zon.com,
        john.fastabend@...il.com, dsahern@...nel.org, echaudro@...hat.com,
        jasowang@...hat.com, alexander.duyck@...il.com, saeed@...nel.org,
        maciej.fijalkowski@...el.com, magnus.karlsson@...el.com,
        tirthendu.sarkar@...el.com, toke@...hat.com
Subject: Re: [PATCH v19 bpf-next 23/23] xdp: disable XDP_REDIRECT for xdp multi-buff

On Mon, Dec 6, 2021 at 11:11 AM Jesper Dangaard Brouer
<jbrouer@...hat.com> wrote:
>
> On 30/11/2021 12.53, Lorenzo Bianconi wrote:
> > XDP_REDIRECT is not fully supported yet for xdp multi-buff since not
> > all XDP capable drivers can map non-linear xdp_frame in ndo_xdp_xmit
> > so disable it for the moment.
> >
> > Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
> > ---
> >   net/core/filter.c | 7 +++++++
> >   1 file changed, 7 insertions(+)
> >
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index b70725313442..a87d835d1122 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -4189,6 +4189,13 @@ int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
> >       struct bpf_map *map;
> >       int err;
> >
> > +     /* XDP_REDIRECT is not fully supported yet for xdp multi-buff since
> > +      * not all XDP capable drivers can map non-linear xdp_frame in
> > +      * ndo_xdp_xmit.
> > +      */
> > +     if (unlikely(xdp_buff_is_mb(xdp)))
> > +             return -EOPNOTSUPP;
> > +
>
> This approach also exclude 'cpumap' use-case, which you AFAIK have added
> MB support for in this patchset.
>
> Generally this check is hopefully something we can remove again, once
> drivers add MB ndo_xdp_xmit support.
>

What happens in the future when a new driver is added without (in its intial
version) MB ndo_xdp_xmit support? Is MB support for ndo_xdp_xmit going to be a
requirement for a driver (with ndo_xdp_xmit) to be accepted to the kernel?

I'm not arguing against removing this check in the future, I'm just wondering
if we need a different mechanism than outright prohibiting XDP_REDIRECT with MB
to protect against the redirected device not having MB support?

>
> >       ri->map_id = 0; /* Valid map id idr range: [1,INT_MAX[ */
> >       ri->map_type = BPF_MAP_TYPE_UNSPEC;
> >
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ