lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iLfvOp+xpoFzsKojQs2SuCy+qL6PANj8Z04MwYaH31moA@mail.gmail.com> Date: Wed, 29 Nov 2023 22:01:25 +0100 From: Eric Dumazet <edumazet@...gle.com> To: Dmitry Safonov <dima@...sta.com> Cc: David Ahern <dsahern@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, linux-kernel@...r.kernel.org, Dmitry Safonov <0x7f454c46@...il.com>, Francesco Ruggeri <fruggeri05@...il.com>, Salam Noureddine <noureddine@...sta.com>, Simon Horman <horms@...nel.org>, netdev@...r.kernel.org Subject: Re: [PATCH v4 6/7] net/tcp: Store SNEs + SEQs on ao_info On Wed, Nov 29, 2023 at 8:58 PM Dmitry Safonov <dima@...sta.com> wrote: > > On 11/29/23 18:34, Eric Dumazet wrote: > > On Wed, Nov 29, 2023 at 7:14 PM Dmitry Safonov <dima@...sta.com> wrote: > >> > >> On 11/29/23 18:09, Eric Dumazet wrote: > >>> On Wed, Nov 29, 2023 at 5:57 PM Dmitry Safonov <dima@...sta.com> wrote: > >>>> > >>>> RFC 5925 (6.2): > >>>>> TCP-AO emulates a 64-bit sequence number space by inferring when to > >>>>> increment the high-order 32-bit portion (the SNE) based on > >>>>> transitions in the low-order portion (the TCP sequence number). > >>>> > >>>> snd_sne and rcv_sne are the upper 4 bytes of extended SEQ number. > >>>> Unfortunately, reading two 4-bytes pointers can't be performed > >>>> atomically (without synchronization). > >>>> > >>>> In order to avoid locks on TCP fastpath, let's just double-account for > >>>> SEQ changes: snd_una/rcv_nxt will be lower 4 bytes of snd_sne/rcv_sne. > >>>> > >>> > >>> This will not work on 32bit kernels ? > >> > >> Yeah, unsure if there's someone who wants to run BGP on 32bit box, so at > >> this moment it's already limited: > >> > >> config TCP_AO > >> bool "TCP: Authentication Option (RFC5925)" > >> select CRYPTO > >> select TCP_SIGPOOL > >> depends on 64BIT && IPV6 != m # seq-number extension needs WRITE_ONCE(u64) > >> > > > > Oh well, this seems quite strange to have such a limitation. > > I guess so. On the other side, it seems that there aren't many > non-hobbyist 32bit platforms: ia32 compatible layer will even be limited > with a boot parameter/compile option. Maybe I'm not aware of, but it > seems that arm64/ppc64/risc-v/x86_64 are the ones everyone interested in > these days. > > > > >> Probably, if there will be a person who is interested in this, it can > >> get a spinlock for !CONFIG_64BIT. > > > > > >> > >>> Unless ao->snd_sne and ao->rcv_sneare only read/written under the > >>> socket lock (and in this case no READ_ONCE()/WRITE_ONCE() should be > >>> necessary) > >> > > > > You have not commented on where these are read without the socket lock held ? > > Sorry for missing this, the SNEs are used with this helper > tcp_ao_compute_sne(), so these places are (in square brackets AFAICS, > there is a chance that I miss something obvious from your message): > > - tcp_v4_send_reset() => tcp_ao_prepare_reset() [rcu_read_lock()] > - __tcp_transmit_skb() => tcp_ao_transmit_skb() [TX softirq] > - tcp_v4_rcv() => tcp_inbound_ao_hash() [RX softirq] All these should/must have the socket lock held ! Or reading tcp_sk(sk)->rcv_nxt would be racy anyway (note the lack of READ_ONCE() on it) I think you need more work to make sure this is done correctly. ie tcp_inbound_hash() should be called from tcp_v4_do_rcv() after the bh_lock_sock_nested() and sock_owned_by_user() checks. > > > > tcp_ao_get_repair() can lock the socket. > > It can, sure. > > > In TW state, I guess these values can not be changed ? > > Currently, they are considered constant on TW. The incoming segments are > not verified on twsk (so no need for SNEs). And from ACK side not > expecting SEQ roll-over (tcp_ao_compute_sne() is not called) - this may > change, but not quite critical it seems. > > If we go with this patch in question, I'll have to update this: > : key.sne = READ_ONCE(ao_info->snd_sne); > (didn't adjust it for higher-bytes shift) > > > I think you can remove all these READ_ONCE()/WRITE_ONCE() which are not needed, > > or please add a comment if they really are. > > Not sure if I answered above.. > > > Then, you might be able to remove the 64BIT dependency ... > > At this moment I fail to imagine anyone running BGP + TCP-AO on 32bit > kernel. I may be wrong, for sure. I fail to see anyone using TCP-AO today. (up to linux-6.6), regardless of the architecture. Would that be a reason for not supporting it in the future ? 32bit or 64bit should not be in the picture, especially if done for the wrong reasons.
Powered by blists - more mailing lists