lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aJoV1RPmh4UdNe3w@dcaratti.users.ipa.redhat.com>
Date: Mon, 11 Aug 2025 18:09:57 +0200
From: Davide Caratti <dcaratti@...hat.com>
To: Victor Nogueira <victor@...atatu.com>
Cc: Jamal Hadi Salim <jhs@...atatu.com>,
	Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>, Lion Ackermann <nnamrec@...il.com>,
	Petr Machata <petrm@...lanox.com>, netdev@...r.kernel.org,
	Ivan Vecera <ivecera@...hat.com>, Li Shuang <shuali@...hat.com>
Subject: Re: [PATCH net] net/sched: ets: use old 'nbands' while purging
 unused classes

On Mon, Aug 11, 2025 at 10:52:08AM -0300, Victor Nogueira wrote:
> On 8/11/25 06:53, Victor Nogueira wrote:
> > On 8/11/25 04:49, Davide Caratti wrote:
> > > Maybe it's better to extend sch_ets.sh from net/forwarding instead?
> > > If so, I can follow-up on net-next with a patch that adds a new
> > > test-case that includes the 3-lines in [1] - while this patch can go
> > > as-is in 'net' (and eventually in stable). In alternative, I can
> > > investigate on TDC adding "sch_plug" to the qdisc tree in a way
> > > that DWRR never deplete, and the crash would then happen with
> > > "verifyCmd".
> > > 
> > > WDYT?
> > 
> > That works for me as well.
> 
> Sorry, should've been more specific.
> I meant that the net/forwarding approach you suggested
> seems ok. The tdc approach would be a lot of work and
> I don't believe it's worth it.

I was more of the idea of avoiding a non-deterministic kselftest, because
with mausezahn running in the background we have to be "lucky" enough to
see the tc qdisc change command executed while the packet socket is
still emitting packets. And the sch_plug approach I mentioned this morning
looks doable: I just reproduced the NULL dereference on unpatched kernel
using something like:

 # ip link add name ddd0 type dummy
 # tc qdisc add dev ddd0 root handle 1: ets bands 4 strict 2 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
 # tc qdisc add dev ddd0 handle 10: parent 1:4 plug 
 # ip link set dev ddd0 up
 # tc qdisc change dev ddd0 handle 10: plug limit 5
 # mausezahn ddd0 -A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -c 5 00:c1:a0:c1:a0:00 -t udp
 # printf "press enter to crash..."
 # read -r _
 # tc qdisc change dev ddd0 handle 1: ets bands 2 strict 0

so, including "plug" children in the tree should make kselftest feasible either with 'net/forwarding'
or with TDC + scapy plugin superpowers.

@Victor + @Jakub, can we apply this patch to 'net', so that regression is fixed ASAP, and then I post
the kselftest in a separate submission for net-next?

-- 
davide

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ