lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZXLq4Ttq7dEZpLIP@nanopsycho>
Date: Fri, 8 Dec 2023 11:07:29 +0100
From: Jiri Pirko <jiri@...nulli.us>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, pabeni@...hat.com, davem@...emloft.net,
	edumazet@...gle.com, jacob.e.keller@...el.com, jhs@...atatu.com,
	johannes@...solutions.net, andriy.shevchenko@...ux.intel.com,
	amritha.nambiar@...el.com, sdf@...gle.com, horms@...nel.org,
	przemyslaw.kitszel@...el.com
Subject: Re: [patch net-next v5 5/9] genetlink: introduce per-sock family
 private storage

Fri, Dec 08, 2023 at 03:55:26AM CET, kuba@...nel.org wrote:
>On Wed,  6 Dec 2023 19:21:16 +0100 Jiri Pirko wrote:
>> diff --git a/include/net/genetlink.h b/include/net/genetlink.h
>> index e18a4c0d69ee..dbf11464e96a 100644
>> --- a/include/net/genetlink.h
>> +++ b/include/net/genetlink.h
>> @@ -87,6 +87,9 @@ struct genl_family {
>>  	int			id;
>>  	/* starting number of multicast group IDs in this family */
>>  	unsigned int		mcgrp_offset;
>> +	size_t			sock_priv_size;
>> +	void			(*sock_priv_init)(void *priv);
>> +	void			(*sock_priv_destroy)(void *priv);
>
>👍️
>
>but I think it should be above the private fields (and have kdoc)
>The families are expected to make use the new fields, and are not
>supposed to touch anything private.

Oh, right, good point, I missed that.


>
>> --- a/net/netlink/af_netlink.h
>> +++ b/net/netlink/af_netlink.h
>> @@ -60,6 +60,21 @@ static inline struct netlink_sock *nlk_sk(struct sock *sk)
>>  
>>  #define nlk_test_bit(nr, sk) test_bit(NETLINK_F_##nr, &nlk_sk(sk)->flags)
>>  
>> +struct genl_sock {
>> +	struct netlink_sock nlk_sk;
>> +	struct xarray *family_privs;
>> +};
>> +
>> +static inline struct genl_sock *genl_sk(struct sock *sk)
>> +{
>> +	return container_of(nlk_sk(sk), struct genl_sock, nlk_sk);
>> +}
>> +
>> +/* Size of netlink sock is size of the biggest user with priv,
>> + * which is currently just Generic Netlink.
>> + */
>> +#define NETLINK_SOCK_SIZE sizeof(struct genl_sock)
>
>Would feel a little cleaner to me to add
>
>#define NETLINK_SOCK_PROTO_SIZE		8
>
>add that to the size, build time check that struct genl_sock's
>size is <= than sizeof(struct netlink_sock) + NETLINK_SOCK_PROTO_SIZE
>
>This way we don't have to fumble the layering by putting genl stuff
>in af_netlink.h

Yeah, I had it like that originally, I didn't like it :) Mainly because
if someone adds-in another field in the future, the build time check
may only fail on some archs. Also, wasting memory on archs there pointer
is 4 bytes :) But as you wish, I don't mind to switch it back.


>
>> +struct genl_sk_priv {
>> +	void (*destructor)(void *priv);
>> +	long priv[];
>> +};
>> +
>> +static struct genl_sk_priv *genl_sk_priv_alloc(struct genl_family *family)
>> +{
>> +	struct genl_sk_priv *priv;
>> +
>> +	priv = kzalloc(size_add(sizeof(*priv), family->sock_priv_size),
>> +		       GFP_KERNEL);
>> +	if (!priv)
>> +		return ERR_PTR(-ENOMEM);
>> +	priv->destructor = family->sock_priv_destroy;
>
>family->sock_priv_destroy may be in module memory.
>I think you need to wipe them when family goes :(
>
>> +	if (family->sock_priv_init)
>> +		family->sock_priv_init(priv->priv);
>> +	return priv;
>> +}
>
>> +static struct xarray *genl_family_privs_get(struct genl_sock *gsk)
>> +{
>> +	struct xarray *family_privs;
>> +
>> +again:
>> +	family_privs = READ_ONCE(gsk->family_privs);
>> +	if (family_privs)
>> +		return family_privs;
>> +
>> +	family_privs = kzalloc(sizeof(*family_privs), GFP_KERNEL);
>> +	if (!family_privs)
>> +		return ERR_PTR(-ENOMEM);
>> +	xa_init_flags(family_privs, XA_FLAGS_ALLOC);
>> +
>> +	/* Use genl lock to protect family_privs to be
>> +	 * initialized in parallel by different CPU.
>> +	 */
>> +	genl_lock();
>> +	if (unlikely(gsk->family_privs)) {
>> +		xa_destroy(family_privs);
>> +		kfree(family_privs);
>> +		genl_unlock();
>
>nit: unlock can be moved up

Okay.


>
>> +		goto again;
>
>why not return READ_ONCE(gsk->family_privs); ?
>there's no need to loop

Right.

>
>One could also be tempted to:
>
>lock()
>if (likely(!gsk->family_privs)) {
>	WRITE
>} else {
>	destory()
>	free()
>	family_privs = READ
>}
>unlock()
>
>but it could be argued success path should be flat

Okay, I will think about it.



Thanks!


>
>> +	}
>> +	WRITE_ONCE(gsk->family_privs, family_privs);
>> +	genl_unlock();
>> +	return family_privs;
>> +}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ