| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3229ff0a-5ce5-4ee2-a79d-15007f2b6030@gmail.com>
Date: Wed, 11 Oct 2023 17:21:51 -0700
From: Florian Fainelli <f.fainelli@...il.com>
To: Michal Kubecek <mkubecek@...e.cz>,
Florian Fainelli <florian.fainelli@...adcom.com>,
Andrew Lunn <andrew@...n.ch>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Jonathan Corbet <corbet@....net>,
Broadcom internal kernel review list
<bcm-kernel-feedback-list@...adcom.com>,
Heiner Kallweit <hkallweit1@...il.com>, Russell King
<linux@...linux.org.uk>, opendmb@...il.com, justin.chen@...adcom.com
Subject: Re: [PATCH net-next 1/2] ethtool: Introduce WAKE_MDA
On 10/11/2023 4:08 PM, Michal Kubecek wrote:
> On Wed, Oct 11, 2023 at 03:12:39PM -0700, Florian Fainelli wrote:
>> Allow Ethernet PHY and MAC drivers with simplified matching logic to be
>> waking-up on a custom MAC destination address. This is particularly
>> useful for Ethernet PHYs which have limited amounts of buffering but can
>> still wake-up on a custom MAC destination address.
>>
>> When WAKE_MDA is specified, the "sopass" field in the existing struct
>> ethtool_wolinfo is re-purposed to hold a custom MAC destination address
>> to match against.
>>
>> Example:
>> ethtool -s eth0 wol e mac-da 01:00:5e:00:00:fb
>>
>> Signed-off-by: Florian Fainelli <florian.fainelli@...adcom.com>
>> ---
>> Documentation/networking/ethtool-netlink.rst | 7 ++++++-
>> include/uapi/linux/ethtool.h | 10 ++++++++--
>> include/uapi/linux/ethtool_netlink.h | 1 +
>> net/ethtool/common.c | 1 +
>> net/ethtool/netlink.h | 2 +-
>> net/ethtool/wol.c | 21 ++++++++++++++++++++
>> 6 files changed, 38 insertions(+), 4 deletions(-)
>>
> [...]
>> diff --git a/include/uapi/linux/ethtool.h b/include/uapi/linux/ethtool.h
>> index f7fba0dc87e5..8134ac8870bd 100644
>> --- a/include/uapi/linux/ethtool.h
>> +++ b/include/uapi/linux/ethtool.h
>> @@ -207,12 +207,17 @@ struct ethtool_drvinfo {
>> * @wolopts: Bitmask of %WAKE_* flags for enabled Wake-On-Lan modes.
>> * @sopass: SecureOn(tm) password; meaningful only if %WAKE_MAGICSECURE
>> * is set in @wolopts.
>> + * @mac_da: Destination MAC address to match; meaningful only if
>> + * %WAKE_MDA is set in @wolopts.
>> */
>> struct ethtool_wolinfo {
>> __u32 cmd;
>> __u32 supported;
>> __u32 wolopts;
>> - __u8 sopass[SOPASS_MAX];
>> + union {
>> + __u8 sopass[SOPASS_MAX];
>> + __u8 mac_da[ETH_ALEN];
>> + };
>> };
>
> If we use the union here, we should also make sure the request cannot
> set both WAKE_MAGICSECURE and WAKE_MDA, otherwise the same data will be
> used for two different values (and interpreted in two different ways in
> GET requests and notifications).
>
> Another option would be keeping the existing structure for ioctl UAPI
> and using another structure (like we did in other cases where we needed
> new attributes beyond frozen ioctl structures) so that a combination of
> WAKE_MAGICSECURE and WAKE_MDA is possible. (It doesn't seem to make much
> sense to me to combine WAKE_MAGICSECURE with other bits but I can't rule
> out someone might want that one day.)
I am having some second thoughts about this proposed interface as I can
see a few limitations:
- we can only specify an exact destination MAC address to match, but the
HW filter underneath is typically implemented using a match + mask so
you can actually be selective about which bits you want to match on. In
the use case that I have in mind we would actually want to match both
multicast MAC destination addresses corresponding to mDNS over IPv4 or IPv6
- in case a MAC/PHY/switch supports multiple filters/slots we would not
be able to address a specific slot in the matching logic
This sort of brings me back to the original proposal which allowed this:
https://lore.kernel.org/all/20230516231713.2882879-1-florian.fainelli@broadcom.com/
Andrew, what do you think?
>
> [...]
>> diff --git a/net/ethtool/wol.c b/net/ethtool/wol.c
>> index 0ed56c9ac1bc..13dfcc9bb1e5 100644
>> --- a/net/ethtool/wol.c
>> +++ b/net/ethtool/wol.c
>> @@ -12,6 +12,7 @@ struct wol_reply_data {
>> struct ethnl_reply_data base;
>> struct ethtool_wolinfo wol;
>> bool show_sopass;
>> + bool show_mac_da;
>> };
>>
>> #define WOL_REPDATA(__reply_base) \
>> @@ -41,6 +42,8 @@ static int wol_prepare_data(const struct ethnl_req_info *req_base,
>> /* do not include password in notifications */
>> data->show_sopass = !genl_info_is_ntf(info) &&
>> (data->wol.supported & WAKE_MAGICSECURE);
>> + data->show_mac_da = !genl_info_is_ntf(info) &&
>> + (data->wol.supported & WAKE_MDA);
>>
>> return 0;
>> }
>
> The test for !genl_info_is_ntf(info) above is meant to prevent the
> sopass value (which is supposed to be secret) from being included in
> notifications which can be seen by unprivileged users. Is the MAC
> address to match also supposed to be secret?
Either way could be considered, so I erred on the side of caution.
--
Florian
Powered by blists - more mailing lists