lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Ya5srnSIkt+bgJaC@lore-desk>
Date:   Mon, 6 Dec 2021 21:03:58 +0100
From:   Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
To:     Zvi Effron <zeffron@...tgames.com>
Cc:     Jesper Dangaard Brouer <jbrouer@...hat.com>,
        Lorenzo Bianconi <lorenzo@...nel.org>, bpf@...r.kernel.org,
        netdev@...r.kernel.org, brouer@...hat.com, davem@...emloft.net,
        kuba@...nel.org, ast@...nel.org, daniel@...earbox.net,
        shayagr@...zon.com, john.fastabend@...il.com, dsahern@...nel.org,
        echaudro@...hat.com, jasowang@...hat.com,
        alexander.duyck@...il.com, saeed@...nel.org,
        maciej.fijalkowski@...el.com, magnus.karlsson@...el.com,
        tirthendu.sarkar@...el.com, toke@...hat.com
Subject: Re: [PATCH v19 bpf-next 23/23] xdp: disable XDP_REDIRECT for xdp
 multi-buff

> On Mon, Dec 6, 2021 at 11:11 AM Jesper Dangaard Brouer
> <jbrouer@...hat.com> wrote:
> >
> > On 30/11/2021 12.53, Lorenzo Bianconi wrote:
> > > XDP_REDIRECT is not fully supported yet for xdp multi-buff since not
> > > all XDP capable drivers can map non-linear xdp_frame in ndo_xdp_xmit
> > > so disable it for the moment.
> > >
> > > Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
> > > ---
> > >   net/core/filter.c | 7 +++++++
> > >   1 file changed, 7 insertions(+)
> > >
> > > diff --git a/net/core/filter.c b/net/core/filter.c
> > > index b70725313442..a87d835d1122 100644
> > > --- a/net/core/filter.c
> > > +++ b/net/core/filter.c
> > > @@ -4189,6 +4189,13 @@ int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
> > >       struct bpf_map *map;
> > >       int err;
> > >
> > > +     /* XDP_REDIRECT is not fully supported yet for xdp multi-buff since
> > > +      * not all XDP capable drivers can map non-linear xdp_frame in
> > > +      * ndo_xdp_xmit.
> > > +      */
> > > +     if (unlikely(xdp_buff_is_mb(xdp)))
> > > +             return -EOPNOTSUPP;
> > > +
> >
> > This approach also exclude 'cpumap' use-case, which you AFAIK have added
> > MB support for in this patchset.
> >
> > Generally this check is hopefully something we can remove again, once
> > drivers add MB ndo_xdp_xmit support.
> >
> 
> What happens in the future when a new driver is added without (in its intial
> version) MB ndo_xdp_xmit support? Is MB support for ndo_xdp_xmit going to be a
> requirement for a driver (with ndo_xdp_xmit) to be accepted to the kernel?

I think the optimal solution would be export the driver XDP capabilities (AFAIK
there is an ogoing effort for this, but it is not available yet).

> 
> I'm not arguing against removing this check in the future, I'm just wondering
> if we need a different mechanism than outright prohibiting XDP_REDIRECT with MB
> to protect against the redirected device not having MB support?
> 
> >
> > >       ri->map_id = 0; /* Valid map id idr range: [1,INT_MAX[ */
> > >       ri->map_type = BPF_MAP_TYPE_UNSPEC;
> > >
> > >
> >
> 

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ