lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241008164726.GD99782@kernel.org>
Date: Tue, 8 Oct 2024 17:47:26 +0100
From: Simon Horman <horms@...nel.org>
To: Steffen Klassert <steffen.klassert@...unet.com>
Cc: Tobias Brunner <tobias@...ongswan.org>,
	Antony Antony <antony.antony@...unet.com>,
	Daniel Xu <dxu@...uu.xyz>, Paul Wouters <paul@...ats.ca>,
	Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org,
	devel@...ux-ipsec.org
Subject: Re: [PATCH 1/4] xfrm: Add support for per cpu xfrm state handling.

On Mon, Oct 07, 2024 at 08:44:50AM +0200, Steffen Klassert wrote:
> Currently all flows for a certain SA must be processed by the same
> cpu to avoid packet reordering and lock contention of the xfrm
> state lock.
> 
> To get rid of this limitation, the IETF is about to standardize
> per cpu SAs. This patch implements the xfrm part of it:
> 
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-multi-sa-performance/
> 
> This adds the cpu as a lookup key for xfrm states and a config option
> to generate acquire messages for each cpu.
> 
> With that, we can have on each cpu a SA with identical traffic selector
> so that flows can be processed in parallel on all cpu.
> 
> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>

...

> @@ -2521,6 +2547,7 @@ static inline unsigned int xfrm_aevent_msgsize(struct xfrm_state *x)
>  	       + nla_total_size(4) /* XFRM_AE_RTHR */
>  	       + nla_total_size(4) /* XFRM_AE_ETHR */
>  	       + nla_total_size(sizeof(x->dir)); /* XFRMA_SA_DIR */
> +	       + nla_total_size(4); /* XFRMA_SA_PCPU */

Hi Steffen,

It looks like the ';' needs to be dropped from the x->dir line.
(Completely untested!)

	       + nla_total_size(sizeof(x->dir)) /* XFRMA_SA_DIR */
	       + nla_total_size(4); /* XFRMA_SA_PCPU */

Flagged by Smatch.

>  }
>  
>  static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ