lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Jan 2022 11:38:12 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     Florian Fainelli <f.fainelli@...il.com>,
        Luiz Angelo Daros de Luca <luizluca@...il.com>,
        Andrew Lunn <andrew@...n.ch>,
        Frank Wunderlich <frank-w@...lic-files.de>,
        Alvin Šipraga <ALSI@...g-olufsen.dk>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linus.walleij@...aro.org" <linus.walleij@...aro.org>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        "arinc.unal@...nc9.com" <arinc.unal@...nc9.com>
Subject: Re: [PATCH net-next v4 11/11] net: dsa: realtek: rtl8365mb:
 multiple cpu ports, non cpu extint

On Mon, 24 Jan 2022 21:08:45 +0200 Vladimir Oltean wrote:
> On Mon, Jan 24, 2022 at 10:20:51AM -0800, Jakub Kicinski wrote:
> > On Mon, 24 Jan 2022 09:35:56 -0800 Jakub Kicinski wrote:  
> > > Sorry I used "geometry" loosely.
> > >
> > > What I meant is simply that if the driver uses NETIF_F_IP*_CSUM
> > > it should parse the packet before it hands it off to the HW.
> > >
> > > There is infinity of protocols users can come up with, while the device
> > > parser is very much finite, so it's only practical to check compliance
> > > with the HW parser in the driver. The reverse approach of adding
> > > per-protocol caps is a dead end IMO. And we should not bloat the stack
> > > when NETIF_F_HW_CSUM exists and the memo that parsing packets on Tx is
> > > bad b/c of protocol ossification went out a decade ago.  
> >  
> > > It's not about DSA. The driver should not check
> > >
> > > if (dsa())
> > > 	blah;
> > >
> > > it should check
> > >
> > > if (!(eth [-> vlan] -> ip -> tcp/udp))
> > > 	csum_help();  
> >
> > Admittedly on a quick look thru the drivers which already do this
> > I only see L3, L4 and GRE/UDP encap checks. Nothing validates L2.  
> 
> So before we declare that any given Ethernet driver is buggy for declaring
> NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM and not checking that skb->csum_start
> points where it expects it to (taking into consideration potential VLAN
> headers, IPv6 extension headers), 

Extension headers are explicitly not supported by NETIF_F_IPV6_CSUM.

IIRC Tom's hope was to delete NETIF_F_IP*_CSUM completely once all
drivers are converted to parsing and therefore can use NETIF_F_HW_CSUM.

> is there any driver that _does_ perform these checks correctly, that
> could be used as an example?

I don't think so. Let me put it this way - my understanding is that up
until now we had been using the vlan_features, mpls_features etc to
perform L2/L2.5/below-IP feature stripping. This scales poorly to DSA
tags, as discussed in this thread.

I'm suggesting we extend the kind of checking we already do to work
around inevitable deficiencies of device parsers for tunnels to DSA
tags.

We can come up with various schemes of expressing capabilities
between underlying driver and tag driver. I'm not aware of similar
out-of-band schemes existing today so it'd be "DSA doing it's own
thing", which does not seem great.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ