| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 May 2023 11:51:33 +0200
From: Simon Horman <simon.horman@...igine.com>
To: edward.cree@....com
Cc: linux-net-drivers@....com, davem@...emloft.net, kuba@...nel.org,
pabeni@...hat.com, edumazet@...gle.com,
Edward Cree <ecree.xilinx@...il.com>, netdev@...r.kernel.org,
habetsm.xilinx@...il.com
Subject: Re: [PATCH v2 net-next 3/4] sfc: support TC decap rules matching on
enc_ip_tos
On Thu, May 11, 2023 at 08:47:30PM +0100, edward.cree@....com wrote:
> From: Edward Cree <ecree.xilinx@...il.com>
>
> Allow efx_tc_encap_match entries to include an ip_tos and ip_tos_mask.
> To avoid partially-overlapping Outer Rules (which can lead to undefined
> behaviour in the hardware), store extra "pseudo" entries in our
> encap_match hashtable, which are used to enforce that all Outer Rule
> entries within a given <src_ip,dst_ip,udp_dport> tuple (or IPv6
> equivalent) have the same ip_tos_mask.
> The "direct" encap_match entry takes a reference on the "pseudo",
> allowing it to be destroyed when all "direct" entries using it are
> removed.
> efx_tc_em_pseudo_type is an enum rather than just a bool because in
> future an additional pseudo-type will be added to support Conntrack
> offload.
>
> Signed-off-by: Edward Cree <ecree.xilinx@...il.com>
...
> @@ -425,12 +469,56 @@ static int efx_tc_flower_record_encap_match(struct efx_nic *efx,
> #endif
> encap->udp_dport = match->value.enc_dport;
> encap->tun_type = type;
> + encap->ip_tos = match->value.enc_ip_tos;
> + encap->ip_tos_mask = match->mask.enc_ip_tos;
> + encap->child_ip_tos_mask = child_ip_tos_mask;
> + encap->type = em_type;
> + encap->pseudo = pseudo;
> old = rhashtable_lookup_get_insert_fast(&efx->tc->encap_match_ht,
> &encap->linkage,
> efx_tc_encap_match_ht_params);
> if (old) {
> /* don't need our new entry */
> kfree(encap);
Hi Ed,
encap is freed here.
> + if (pseudo) /* don't need our new pseudo either */
> + efx_tc_flower_release_encap_match(efx, pseudo);
> + /* check old and new em_types are compatible */
> + switch (old->type) {
> + case EFX_TC_EM_DIRECT:
> + /* old EM is in hardware, so mustn't overlap with a
> + * pseudo, but may be shared with another direct EM
> + */
> + if (em_type == EFX_TC_EM_DIRECT)
> + break;
> + NL_SET_ERR_MSG_MOD(extack, "Pseudo encap match conflicts with existing direct entry");
> + return -EEXIST;
> + case EFX_TC_EM_PSEUDO_MASK:
> + /* old EM is protecting a ToS-qualified filter, so may
> + * only be shared with another pseudo for the same
> + * ToS mask.
> + */
> + if (em_type != EFX_TC_EM_PSEUDO_MASK) {
> + NL_SET_ERR_MSG_FMT_MOD(extack,
> + "%s encap match conflicts with existing pseudo(MASK) entry",
> + encap->type ? "Pseudo" : "Direct");
But dereferenced here.
> + return -EEXIST;
> + }
> + if (child_ip_tos_mask != old->child_ip_tos_mask) {
> + NL_SET_ERR_MSG_FMT_MOD(extack,
> + "Pseudo encap match for TOS mask %#04x conflicts with existing pseudo(MASK) entry for TOS mask %#04x",
> + child_ip_tos_mask,
> + old->child_ip_tos_mask);
> + return -EEXIST;
> + }
> + break;
> + default: /* Unrecognised pseudo-type. Just say no */
> + NL_SET_ERR_MSG_FMT_MOD(extack,
> + "%s encap match conflicts with existing pseudo(%d) entry",
> + encap->type ? "Pseudo" : "Direct",
And here.
> + old->type);
> + return -EEXIST;
> + }
> + /* check old and new tun_types are compatible */
> if (old->tun_type != type) {
> NL_SET_ERR_MSG_FMT_MOD(extack,
> "Egress encap match with conflicting tun_type %u != %u",
...
Powered by blists - more mailing lists