lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aGGfLB+vlSELiEu3@pop-os.localdomain>
Date: Sun, 29 Jun 2025 13:16:44 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: William Liu <will@...lsroot.io>, netdev@...r.kernel.org,
	victor@...atatu.com, pctammela@...atatu.com, pabeni@...hat.com,
	kuba@...nel.org, stephen@...workplumber.org, dcaratti@...hat.com,
	savy@...t3mfailure.io, jiri@...nulli.us, davem@...emloft.net,
	edumazet@...gle.com, horms@...nel.org
Subject: Re: [PATCH net v4 1/2] net/sched: Restrict conditions for adding
 duplicating netems to qdisc tree

On Sat, Jun 28, 2025 at 05:25:25PM -0400, Jamal Hadi Salim wrote:
> your approach was to overwrite the netem specific cb which is exposed
> via the cb ->data that can be overwritten for example by a trivial
> ebpf program attach to any level of the hierarchy. This specific
> variant from Cong is not accessible to ebpf but as i expressed my view
> in other email i feel it is not a good solution.
> 
> https://lore.kernel.org/netdev/CAM0EoMk4dxOFoN_=3yOy+XrtU=yvjJXAw3fVTmN9=M=R=vtbxA@mail.gmail.com/

Hi Jamal,

I have two concerns regarding your/Will's proposal:

1) I am not sure whether disallowing such case is safe. From my
understanding this case is not obviously or logically wrong. So if we
disallow it, we may have a chance to break some application.

2) Singling out this case looks not elegant to me. Even _if_ we really
want to disallow such case, we still need to find a better and more
elegant way to do so, for example, adding a new ops for netem and calling
it in sch_api.c. Something like below:

// Implement netem_avoid_duplicate()
// ...

static struct Qdisc_ops netem_qdisc_ops __read_mostly = {
  .avoid_duplicate = netem_avoid_duplicate,
};

// In sch_api.c
// traverse the Qdisch hierarch and call ->avoid_duplicate()

What do you think?

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ