| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f7ea082a99224e12e085e879e7c067f23844874c.camel@mailbox.tu-berlin.de>
Date: Thu, 9 Jun 2022 10:55:25 +0200
From: Jörn-Thorben Hinz <jthinz@...lbox.tu-berlin.de>
To: Martin KaFai Lau <kafai@...com>
CC: <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
"Daniel Borkmann" <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next 2/2] bpf: Require only one of cong_avoid() and
cong_control() from a TCP CC
Thanks for the feedback, Martin.
On Wed, 2022-06-08 at 11:33 -0700, Martin KaFai Lau wrote:
> On Wed, Jun 08, 2022 at 07:48:43PM +0200, Jörn-Thorben Hinz wrote:
> > When a CC implements tcp_congestion_ops.cong_control(), the
> > alternate
> > cong_avoid() is not in use in the TCP stack. Do not force a BPF CC
> > to
> > implement cong_avoid() as a no-op by always requiring it.
> >
> > An incomplete BPF CC implementing neither cong_avoid() nor
> > cong_control() will still get rejected by
> > tcp_register_congestion_control().
> >
> > Signed-off-by: Jörn-Thorben Hinz <jthinz@...lbox.tu-berlin.de>
> > ---
> > net/ipv4/bpf_tcp_ca.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/net/ipv4/bpf_tcp_ca.c b/net/ipv4/bpf_tcp_ca.c
> > index 1f5c53ede4e5..37290d0bf134 100644
> > --- a/net/ipv4/bpf_tcp_ca.c
> > +++ b/net/ipv4/bpf_tcp_ca.c
> > @@ -17,6 +17,7 @@ extern struct bpf_struct_ops
> > bpf_tcp_congestion_ops;
> > static u32 optional_ops[] = {
> > offsetof(struct tcp_congestion_ops, init),
> > offsetof(struct tcp_congestion_ops, release),
> > + offsetof(struct tcp_congestion_ops, cong_avoid),
> At least one of the cong_avoid() or cong_control() is needed.
> It is better to remove is_optional(moff) check and its optional_ops[]
> here. Only depends on the tcp_register_congestion_control() which
> does a similar check at the beginning.
You mean completely remove this part of the validation from
bpf_tcp_ca.c and just rely on tcp_register_congestion_control()? True,
that would be even easier to maintain at this point, make
tcp_register_congestion_control() the one-and-only place that has to
know about required and optional functions.
Will rework the second patch.
>
> Patch 1 looks good. tcp_bbr.c also needs the sk_pacing fields.
>
> A selftest is needed. Can you share your bpf tcp-cc and
> use it as a selftest to exercise the change in this patch
> set ?
I cannot do that just now, unfortunately. It’s still earlier work in
progress. Also, it will have an additional, external dependency which
might make it unfit to be included here/as a selftest. I will keep it
in mind for later this year, though.
In the meantime, I could look into adding a more naive/trivial test,
that implements cong_control() without cong_avoid() and relies on
sk_pacing_* being writable, if you would prefer that? Would that be
fine as a follow-up patch (might take me a moment) or better be
included in this series?
>
>
> > offsetof(struct tcp_congestion_ops, set_state),
> > offsetof(struct tcp_congestion_ops, cwnd_event),
> > offsetof(struct tcp_congestion_ops, in_ack_event),
> > --
> > 2.30.2
> >
Powered by blists - more mailing lists