| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aLxymFjpPjckFb2Q@krikkit>
Date: Sat, 6 Sep 2025 19:42:48 +0200
From: Sabrina Dubroca <sd@...asysnail.net>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: netdev@...r.kernel.org, Jay Vosburgh <jv@...sburgh.net>,
Andrew Lunn <andrew+netdev@...n.ch>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Jiri Pirko <jiri@...nulli.us>, Simon Horman <horms@...nel.org>,
Ido Schimmel <idosch@...dia.com>, Shuah Khan <shuah@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Kuniyuki Iwashima <kuniyu@...gle.com>,
Ahmed Zaki <ahmed.zaki@...el.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
bridge@...ts.linux.dev, linux-kselftest@...r.kernel.org
Subject: Re: [PATCHv2 net-next 1/5] net: add a common function to compute
features from lowers devices
2025-09-02, 07:25:58 +0000, Hangbin Liu wrote:
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 1d1650d9ecff..5c1c8b016c8e 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -12577,6 +12577,82 @@ netdev_features_t netdev_increment_features(netdev_features_t all,
> }
> EXPORT_SYMBOL(netdev_increment_features);
>
> +/**
> + * netdev_compute_features_from_lowers - compute feature from lowers
> + * @dev: the upper device
> + *
> + * Recompute the upper device's feature based on all lower devices.
> + */
> +void netdev_compute_features_from_lowers(struct net_device *dev)
> +{
> + unsigned int dst_release_flag = IFF_XMIT_DST_RELEASE | IFF_XMIT_DST_RELEASE_PERM;
> + netdev_features_t gso_partial_features = VIRTUAL_DEV_GSO_PARTIAL_FEATURES;
> +#ifdef CONFIG_XFRM_OFFLOAD
> + netdev_features_t xfrm_features = VIRTUAL_DEV_XFRM_FEATURES;
> +#endif
> + netdev_features_t mpls_features = VIRTUAL_DEV_MPLS_FEATURES;
> + netdev_features_t vlan_features = VIRTUAL_DEV_VLAN_FEATURES;
> + netdev_features_t enc_features = VIRTUAL_DEV_ENC_FEATURES;
> + unsigned int tso_max_size = TSO_MAX_SIZE;
> + u16 tso_max_segs = TSO_MAX_SEGS;
> + struct net_device *lower_dev;
> + struct list_head *iter;
> +
> + mpls_features = netdev_base_features(mpls_features);
> + vlan_features = netdev_base_features(vlan_features);
> + enc_features = netdev_base_features(enc_features);
> +
> + netdev_for_each_lower_dev(dev, lower_dev, iter) {
> + gso_partial_features = netdev_increment_features(gso_partial_features,
> + lower_dev->gso_partial_features,
> + VIRTUAL_DEV_GSO_PARTIAL_FEATURES);
> +
> + vlan_features = netdev_increment_features(vlan_features,
> + lower_dev->vlan_features,
> + VIRTUAL_DEV_VLAN_FEATURES);
> +
> +#ifdef CONFIG_XFRM_OFFLOAD
> + xfrm_features = netdev_increment_features(xfrm_features,
> + lower_dev->hw_enc_features,
> + VIRTUAL_DEV_XFRM_FEATURES);
> +#endif
> +
> + enc_features = netdev_increment_features(enc_features,
> + lower_dev->hw_enc_features,
> + VIRTUAL_DEV_ENC_FEATURES);
> +
> + mpls_features = netdev_increment_features(mpls_features,
> + lower_dev->mpls_features,
> + VIRTUAL_DEV_MPLS_FEATURES);
> +
> + dst_release_flag &= lower_dev->priv_flags;
> +
> + tso_max_size = min(tso_max_size, lower_dev->tso_max_size);
> + tso_max_segs = min(tso_max_segs, lower_dev->tso_max_segs);
> + }
> +
> + dev->gso_partial_features = gso_partial_features;
> + dev->vlan_features = vlan_features;
> +#ifdef CONFIG_XFRM_OFFLOAD
> + dev->hw_enc_features |= xfrm_features;
> +#endif
I'm not completely sure we want xfrm_features for upper devices other
than bonding [1], but this will get overwritten immediately
afterwards:
> + dev->hw_enc_features = enc_features | NETIF_F_GSO_ENCAP_ALL |
> + NETIF_F_HW_VLAN_CTAG_TX |
> + NETIF_F_HW_VLAN_STAG_TX;
[1] those lines in bond_compute_features were only added alongside
bond IPsec offload, see 18cb261afd7b ("bonding: support hardware
encryption offload to slaves")
but AFAIU hw_enc_features is only used as a mask over dev->features so
it shouldn't be a problem to have xfrm stuff in bridge/team as well
--
Sabrina
Powered by blists - more mailing lists