lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 May 2023 15:44:26 -0400
From: Tom Talpey <tom@...pey.com>
To: Chuck Lever III <chuck.lever@...cle.com>, Jason Gunthorpe <jgg@...pe.ca>
Cc: Chuck Lever <cel@...nel.org>, Netdev <netdev@...r.kernel.org>,
 linux-rdma <linux-rdma@...r.kernel.org>, Bernard Metzler <BMT@...ich.ibm.com>
Subject: Re: [PATCH RFC 3/3] RDMA/siw: Require non-zero 6-byte MACs for soft
 iWARP

On 5/23/2023 3:18 PM, Chuck Lever III wrote:
> 
>> On May 5, 2023, at 3:58 PM, Jason Gunthorpe <jgg@...pe.ca> wrote:
>>
>> On Fri, May 05, 2023 at 11:43:11AM -0400, Chuck Lever wrote:
>>> From: Chuck Lever <chuck.lever@...cle.com>
>>>
>>> In the past, LOOPBACK and NONE (tunnel) devices had all-zero MAC
>>> addresses. siw_device_create() would fall back to copying the
>>> device's name in those cases, because an all-zero MAC address breaks
>>> the RDMA core IP-to-device lookup mechanism.
>>
>> Why not just make up a dummy address in SIW? It shouldn't need to leak
>> out of it.. It is just some artifact of how the iWarp stuff has been
>> designed
> 
> So that approach is already being done in siw_device_create(),
> even though it is broken (the device name hasn't been initialized
> when the phony MAC is created, so it is all zeroes). I've fixed
> that and it still doesn't help.
> 
> siw cannot modify the underlying net_device to add a made-up
> MAC address.
> 
> The core address resolution code wants to find an L2 address
> for the egress device. The underlying ib_device, where a made-up
> GID might be stored, is not involved with address resolution
> AFAICT.
> 
> tun devices have no L2 address. Neither do loopback devices,
> but address resolution makes an exception for LOOPBACK devices
> by redirecting to a local physical Ethernet device.
> 
> Redirecting tun traffic to the local Ethernet device seems
> dodgy at best.
> 
> I wasn't sure that an L2 address was required for siw before,
> but now I'm pretty confident that it is required by our
> implementation.

Does rxe work over tunnels? Seems like it would have the same issue.

int rxe_register_device(struct rxe_dev *rxe, const char *ibdev_name)
{
...
         addrconf_addr_eui48((unsigned char *)&dev->node_guid,
                             rxe->ndev->dev_addr);

static struct siw_device *siw_device_create(struct net_device *netdev)
{
...
         addrconf_addr_eui48((unsigned char *)&base_dev->node_guid,
                                     netdev->dev_addr);

Tom.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ