lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3229ff0a-5ce5-4ee2-a79d-15007f2b6030@gmail.com> Date: Wed, 11 Oct 2023 17:21:51 -0700 From: Florian Fainelli <f.fainelli@...il.com> To: Michal Kubecek <mkubecek@...e.cz>, Florian Fainelli <florian.fainelli@...adcom.com>, Andrew Lunn <andrew@...n.ch> Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Jonathan Corbet <corbet@....net>, Broadcom internal kernel review list <bcm-kernel-feedback-list@...adcom.com>, Heiner Kallweit <hkallweit1@...il.com>, Russell King <linux@...linux.org.uk>, opendmb@...il.com, justin.chen@...adcom.com Subject: Re: [PATCH net-next 1/2] ethtool: Introduce WAKE_MDA On 10/11/2023 4:08 PM, Michal Kubecek wrote: > On Wed, Oct 11, 2023 at 03:12:39PM -0700, Florian Fainelli wrote: >> Allow Ethernet PHY and MAC drivers with simplified matching logic to be >> waking-up on a custom MAC destination address. This is particularly >> useful for Ethernet PHYs which have limited amounts of buffering but can >> still wake-up on a custom MAC destination address. >> >> When WAKE_MDA is specified, the "sopass" field in the existing struct >> ethtool_wolinfo is re-purposed to hold a custom MAC destination address >> to match against. >> >> Example: >> ethtool -s eth0 wol e mac-da 01:00:5e:00:00:fb >> >> Signed-off-by: Florian Fainelli <florian.fainelli@...adcom.com> >> --- >> Documentation/networking/ethtool-netlink.rst | 7 ++++++- >> include/uapi/linux/ethtool.h | 10 ++++++++-- >> include/uapi/linux/ethtool_netlink.h | 1 + >> net/ethtool/common.c | 1 + >> net/ethtool/netlink.h | 2 +- >> net/ethtool/wol.c | 21 ++++++++++++++++++++ >> 6 files changed, 38 insertions(+), 4 deletions(-) >> > [...] >> diff --git a/include/uapi/linux/ethtool.h b/include/uapi/linux/ethtool.h >> index f7fba0dc87e5..8134ac8870bd 100644 >> --- a/include/uapi/linux/ethtool.h >> +++ b/include/uapi/linux/ethtool.h >> @@ -207,12 +207,17 @@ struct ethtool_drvinfo { >> * @wolopts: Bitmask of %WAKE_* flags for enabled Wake-On-Lan modes. >> * @sopass: SecureOn(tm) password; meaningful only if %WAKE_MAGICSECURE >> * is set in @wolopts. >> + * @mac_da: Destination MAC address to match; meaningful only if >> + * %WAKE_MDA is set in @wolopts. >> */ >> struct ethtool_wolinfo { >> __u32 cmd; >> __u32 supported; >> __u32 wolopts; >> - __u8 sopass[SOPASS_MAX]; >> + union { >> + __u8 sopass[SOPASS_MAX]; >> + __u8 mac_da[ETH_ALEN]; >> + }; >> }; > > If we use the union here, we should also make sure the request cannot > set both WAKE_MAGICSECURE and WAKE_MDA, otherwise the same data will be > used for two different values (and interpreted in two different ways in > GET requests and notifications). > > Another option would be keeping the existing structure for ioctl UAPI > and using another structure (like we did in other cases where we needed > new attributes beyond frozen ioctl structures) so that a combination of > WAKE_MAGICSECURE and WAKE_MDA is possible. (It doesn't seem to make much > sense to me to combine WAKE_MAGICSECURE with other bits but I can't rule > out someone might want that one day.) I am having some second thoughts about this proposed interface as I can see a few limitations: - we can only specify an exact destination MAC address to match, but the HW filter underneath is typically implemented using a match + mask so you can actually be selective about which bits you want to match on. In the use case that I have in mind we would actually want to match both multicast MAC destination addresses corresponding to mDNS over IPv4 or IPv6 - in case a MAC/PHY/switch supports multiple filters/slots we would not be able to address a specific slot in the matching logic This sort of brings me back to the original proposal which allowed this: https://lore.kernel.org/all/20230516231713.2882879-1-florian.fainelli@broadcom.com/ Andrew, what do you think? > > [...] >> diff --git a/net/ethtool/wol.c b/net/ethtool/wol.c >> index 0ed56c9ac1bc..13dfcc9bb1e5 100644 >> --- a/net/ethtool/wol.c >> +++ b/net/ethtool/wol.c >> @@ -12,6 +12,7 @@ struct wol_reply_data { >> struct ethnl_reply_data base; >> struct ethtool_wolinfo wol; >> bool show_sopass; >> + bool show_mac_da; >> }; >> >> #define WOL_REPDATA(__reply_base) \ >> @@ -41,6 +42,8 @@ static int wol_prepare_data(const struct ethnl_req_info *req_base, >> /* do not include password in notifications */ >> data->show_sopass = !genl_info_is_ntf(info) && >> (data->wol.supported & WAKE_MAGICSECURE); >> + data->show_mac_da = !genl_info_is_ntf(info) && >> + (data->wol.supported & WAKE_MDA); >> >> return 0; >> } > > The test for !genl_info_is_ntf(info) above is meant to prevent the > sopass value (which is supposed to be secret) from being included in > notifications which can be seen by unprivileged users. Is the MAC > address to match also supposed to be secret? Either way could be considered, so I erred on the side of caution. -- Florian
Powered by blists - more mailing lists