lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 13 Jun 2023 19:59:37 +0200
From: Toke Høiland-Jørgensen <toke@...nel.org>
To: Maciej Fijalkowski <maciej.fijalkowski@...el.com>, Alexander Lobakin
 <aleksander.lobakin@...el.com>
Cc: netdev@...r.kernel.org, anthony.l.nguyen@...el.com,
 intel-wired-lan@...ts.osuosl.org, magnus.karlsson@...el.com,
 fred@...udflare.com
Subject: Re: [Intel-wired-lan] [PATCH iwl-next] ice: allow hot-swapping XDP
 programs

Maciej Fijalkowski <maciej.fijalkowski@...el.com> writes:

> On Tue, Jun 13, 2023 at 05:15:15PM +0200, Alexander Lobakin wrote:
>> From: Maciej Fijalkowski <maciej.fijalkowski@...el.com>
>> Date: Tue, 13 Jun 2023 17:10:05 +0200
>> 
>> > Currently ice driver's .ndo_bpf callback brings the interface down and
>> > up independently of the presence of XDP resources. This is only needed
>> > when either these resources have to be configured or removed. It means
>> > that if one is switching XDP programs on-the-fly with running traffic,
>> > packets will be dropped.
>> > 
>> > To avoid this, compare early on ice_xdp_setup_prog() state of incoming
>> > bpf_prog pointer vs the bpf_prog pointer that is already assigned to
>> > VSI. Do the swap in case VSI has bpf_prog and incoming one are non-NULL.
>> > 
>> > Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@...el.com>
>> 
>> [0] :D
>> 
>> But if be serious, are you sure you won't have any pointer tears /
>> partial reads/writes without such RCU protection as added in the
>> linked commit ?
>
> Since we removed rcu sections from driver sides and given an assumption
> that local_bh_{dis,en}able() pair serves this purpose now i believe this
> is safe. Are you aware of:
>
> https://lore.kernel.org/bpf/20210624160609.292325-1-toke@redhat.com/

As the author of that series, I agree that it's not necessary to add
additional RCU protection. ice_vsi_assign_bpf_prog() already uses xchg()
and WRITE_ONCE() which should protect against tearing, and the xdp_prog
pointer being passed to ice_run_xdp() is a copy residing on the stack,
so it will only be read once per NAPI cycle anyway (which is in line
with how most other drivers do it).

It *would* be nice to add an __rcu annotation to ice_vsi->xdp_prog and
ice_rx_ring->xdp_prog (and move to using rcu_dereference(),
rcu_assign_pointer() etc), but this is more a documentation/static
checker thing than it's a "correctness of the generated code" thing :)

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ