| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220124113812.5b75eaab@kicinski-fedora-PC1C0HJN.hsd1.ca.comcast.net>
Date: Mon, 24 Jan 2022 11:38:12 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Vladimir Oltean <olteanv@...il.com>
Cc: Florian Fainelli <f.fainelli@...il.com>,
Luiz Angelo Daros de Luca <luizluca@...il.com>,
Andrew Lunn <andrew@...n.ch>,
Frank Wunderlich <frank-w@...lic-files.de>,
Alvin Šipraga <ALSI@...g-olufsen.dk>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linus.walleij@...aro.org" <linus.walleij@...aro.org>,
"vivien.didelot@...il.com" <vivien.didelot@...il.com>,
"arinc.unal@...nc9.com" <arinc.unal@...nc9.com>
Subject: Re: [PATCH net-next v4 11/11] net: dsa: realtek: rtl8365mb:
multiple cpu ports, non cpu extint
On Mon, 24 Jan 2022 21:08:45 +0200 Vladimir Oltean wrote:
> On Mon, Jan 24, 2022 at 10:20:51AM -0800, Jakub Kicinski wrote:
> > On Mon, 24 Jan 2022 09:35:56 -0800 Jakub Kicinski wrote:
> > > Sorry I used "geometry" loosely.
> > >
> > > What I meant is simply that if the driver uses NETIF_F_IP*_CSUM
> > > it should parse the packet before it hands it off to the HW.
> > >
> > > There is infinity of protocols users can come up with, while the device
> > > parser is very much finite, so it's only practical to check compliance
> > > with the HW parser in the driver. The reverse approach of adding
> > > per-protocol caps is a dead end IMO. And we should not bloat the stack
> > > when NETIF_F_HW_CSUM exists and the memo that parsing packets on Tx is
> > > bad b/c of protocol ossification went out a decade ago.
> >
> > > It's not about DSA. The driver should not check
> > >
> > > if (dsa())
> > > blah;
> > >
> > > it should check
> > >
> > > if (!(eth [-> vlan] -> ip -> tcp/udp))
> > > csum_help();
> >
> > Admittedly on a quick look thru the drivers which already do this
> > I only see L3, L4 and GRE/UDP encap checks. Nothing validates L2.
>
> So before we declare that any given Ethernet driver is buggy for declaring
> NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM and not checking that skb->csum_start
> points where it expects it to (taking into consideration potential VLAN
> headers, IPv6 extension headers),
Extension headers are explicitly not supported by NETIF_F_IPV6_CSUM.
IIRC Tom's hope was to delete NETIF_F_IP*_CSUM completely once all
drivers are converted to parsing and therefore can use NETIF_F_HW_CSUM.
> is there any driver that _does_ perform these checks correctly, that
> could be used as an example?
I don't think so. Let me put it this way - my understanding is that up
until now we had been using the vlan_features, mpls_features etc to
perform L2/L2.5/below-IP feature stripping. This scales poorly to DSA
tags, as discussed in this thread.
I'm suggesting we extend the kind of checking we already do to work
around inevitable deficiencies of device parsers for tunnels to DSA
tags.
We can come up with various schemes of expressing capabilities
between underlying driver and tag driver. I'm not aware of similar
out-of-band schemes existing today so it'd be "DSA doing it's own
thing", which does not seem great.
Powered by blists - more mailing lists