lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87mtlbxn1f.fsf@toke.dk>
Date:   Wed, 08 Dec 2021 14:07:40 +0100
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Lorenzo Bianconi <lorenzo.bianconi@...hat.com>,
        Zvi Effron <zeffron@...tgames.com>
Cc:     Jesper Dangaard Brouer <jbrouer@...hat.com>,
        Lorenzo Bianconi <lorenzo@...nel.org>, bpf@...r.kernel.org,
        netdev@...r.kernel.org, brouer@...hat.com, davem@...emloft.net,
        kuba@...nel.org, ast@...nel.org, daniel@...earbox.net,
        shayagr@...zon.com, john.fastabend@...il.com, dsahern@...nel.org,
        echaudro@...hat.com, jasowang@...hat.com,
        alexander.duyck@...il.com, saeed@...nel.org,
        maciej.fijalkowski@...el.com, magnus.karlsson@...el.com,
        tirthendu.sarkar@...el.com
Subject: Re: [PATCH v19 bpf-next 23/23] xdp: disable XDP_REDIRECT for xdp
 multi-buff

Lorenzo Bianconi <lorenzo.bianconi@...hat.com> writes:

>> On Mon, Dec 6, 2021 at 11:11 AM Jesper Dangaard Brouer
>> <jbrouer@...hat.com> wrote:
>> >
>> > On 30/11/2021 12.53, Lorenzo Bianconi wrote:
>> > > XDP_REDIRECT is not fully supported yet for xdp multi-buff since not
>> > > all XDP capable drivers can map non-linear xdp_frame in ndo_xdp_xmit
>> > > so disable it for the moment.
>> > >
>> > > Signed-off-by: Lorenzo Bianconi <lorenzo@...nel.org>
>> > > ---
>> > >   net/core/filter.c | 7 +++++++
>> > >   1 file changed, 7 insertions(+)
>> > >
>> > > diff --git a/net/core/filter.c b/net/core/filter.c
>> > > index b70725313442..a87d835d1122 100644
>> > > --- a/net/core/filter.c
>> > > +++ b/net/core/filter.c
>> > > @@ -4189,6 +4189,13 @@ int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
>> > >       struct bpf_map *map;
>> > >       int err;
>> > >
>> > > +     /* XDP_REDIRECT is not fully supported yet for xdp multi-buff since
>> > > +      * not all XDP capable drivers can map non-linear xdp_frame in
>> > > +      * ndo_xdp_xmit.
>> > > +      */
>> > > +     if (unlikely(xdp_buff_is_mb(xdp)))
>> > > +             return -EOPNOTSUPP;
>> > > +
>> >
>> > This approach also exclude 'cpumap' use-case, which you AFAIK have added
>> > MB support for in this patchset.
>> >
>> > Generally this check is hopefully something we can remove again, once
>> > drivers add MB ndo_xdp_xmit support.
>> >
>> 
>> What happens in the future when a new driver is added without (in its intial
>> version) MB ndo_xdp_xmit support? Is MB support for ndo_xdp_xmit going to be a
>> requirement for a driver (with ndo_xdp_xmit) to be accepted to the kernel?
>
> I think the optimal solution would be export the driver XDP capabilities (AFAIK
> there is an ogoing effort for this, but it is not available yet).

Until that materialises I think we can at least require new drivers to
check the MB flag and drop the frame if it doesn't know what to do with
it. A follow-on patch could also just update all the existing drivers to
do this and then remove this check...

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ