lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 18 Apr 2024 11:50:22 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Sabrina Dubroca <sd@...asysnail.net>
CC: <netdev@...r.kernel.org>, <devel@...ux-ipsec.org>, Paul Wouters
	<paul@...ats.ca>, Antony Antony <antony.antony@...unet.com>, Tobias Brunner
	<tobias@...ongswan.org>, Daniel Xu <dxu@...uu.xyz>
Subject: Re: [PATCH ipsec-next 1/3] xfrm: Add support for per cpu xfrm state
 handling.

On Mon, Apr 15, 2024 at 04:12:30PM +0200, Sabrina Dubroca wrote:
> 2024-04-12, 08:05:51 +0200, Steffen Klassert wrote:
> > diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> > index 0c306473a79d..b41b5dd72d8e 100644
> > --- a/net/xfrm/xfrm_state.c
> > +++ b/net/xfrm/xfrm_state.c
> [...]
> > @@ -1096,6 +1098,9 @@ static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
> >  			       struct xfrm_state **best, int *acq_in_progress,
> >  			       int *error)
> >  {
> > +	unsigned int pcpu_id = get_cpu();
> > +	put_cpu();
> 
> That looks really strange to me. Is it safe? If it is, I guess you
> could just use smp_processor_id(), since you don't get anything out of
> the extra preempt_disable/enable pair.

We can use use smp_processor_id() as we just need the ID as a lookup
key.

> 
> (same in xfrm_state_find)
> 
> 
> [...]
> > @@ -2458,6 +2478,8 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct
> >  	err = xfrm_if_id_put(skb, x->if_id);
> >  	if (err)
> >  		goto out_cancel;
> > +	if (x->pcpu_num != UINT_MAX)
> > +		err = nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num);
> 
> Missing the corresponding change to xfrm_aevent_msgsize?

Right, fixed.

> [...]
> > @@ -3049,6 +3078,7 @@ const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
> >  	[XFRMA_SET_MARK_MASK]	= { .type = NLA_U32 },
> >  	[XFRMA_IF_ID]		= { .type = NLA_U32 },
> >  	[XFRMA_MTIMER_THRESH]   = { .type = NLA_U32 },
> > +	[XFRMA_SA_PCPU]		= { .type = NLA_U32 },
> 
> What about xfrm_compat? Don't we need to add XFRMA_SA_PCPU to
> compat_policy, and then some changes to the translators?

Yeah, I forgot this. The compat layer did not yet exist when
I wrote the initial pachset. The IETF standardization process
held this pachset off for about 5 years :-/

> [...]
> > @@ -3216,6 +3246,11 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct
> >  	err = xfrm_if_id_put(skb, x->if_id);
> >  	if (err)
> >  		return err;
> > +	if (x->pcpu_num != UINT_MAX) {
> > +		err = nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num);
> 
> Missing the corresponding change to xfrm_expire_msgsize?

Fixed.

> [...]
> > @@ -3453,6 +3490,8 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
> >  		err = xfrm_if_id_put(skb, xp->if_id);
> >  	if (!err && xp->xdo.dev)
> >  		err = copy_user_offload(&xp->xdo, skb);
> > +	if (!err && x->pcpu_num != UINT_MAX)
> > +		err = nla_put_u32(skb, XFRMA_SA_PCPU, x->pcpu_num);
> 
> Missing the corresponding change to xfrm_acquire_msgsize?

Fixed.

Thanks for the review Sabrina!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ