lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 May 2022 22:40:03 +0000 From: Vladimir Oltean <vladimir.oltean@....com> To: Maxime Chevallier <maxime.chevallier@...tlin.com> CC: "davem@...emloft.net" <davem@...emloft.net>, Rob Herring <robh+dt@...nel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>, "thomas.petazzoni@...tlin.com" <thomas.petazzoni@...tlin.com>, Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>, Heiner Kallweit <hkallweit1@...il.com>, Russell King <linux@...linux.org.uk>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, Luka Perkov <luka.perkov@...tura.hr>, Robert Marko <robert.marko@...tura.hr> Subject: Re: [PATCH net-next v2 2/5] net: dsa: add out-of-band tagging protocol On Sat, May 14, 2022 at 05:06:53PM +0200, Maxime Chevallier wrote: > This tagging protocol is designed for the situation where the link > between the MAC and the Switch is designed such that the Destination > Port, which is usually embedded in some part of the Ethernet Header, is > sent out-of-band, and isn't present at all in the Ethernet frame. > > This can happen when the MAC and Switch are tightly integrated on an > SoC, as is the case with the Qualcomm IPQ4019 for example, where the DSA > tag is inserted directly into the DMA descriptors. In that case, > the MAC driver is responsible for sending the tag to the switch using > the out-of-band medium. To do so, the MAC driver needs to have the > information of the destination port for that skb. > > This out-of-band tagging protocol is using the very beggining of the skb > headroom to store the tag. The drawback of this approch is that the > headroom isn't initialized upon allocating it, therefore we have a > chance that the garbage data that lies there at allocation time actually > ressembles a valid oob tag. This is only problematic if we are > sending/receiving traffic on the master port, which isn't a valid DSA > use-case from the beggining. When dealing from traffic to/from a slave > port, then the oob tag will be initialized properly by the tagger or the > mac driver through the use of the dsa_oob_tag_push() call. > > Signed-off-by: Maxime Chevallier <maxime.chevallier@...tlin.com> > --- Why put the DSA pseudo-header at skb->head rather than push it using skb_push()? I thought you were going to check for the presence of a DSA header using something like skb->mac_len == ETH_HLEN + tag len, but right now it sounds like treating garbage in the headroom as a valid DSA tag is indeed a potential problem. If you can't sort that out using information from the header offsets alone, maybe an skb extension is required?
Powered by blists - more mailing lists