* [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
@ 2013-12-16 8:12 Atzm Watanabe
2013-12-16 10:09 ` Daniel Borkmann
0 siblings, 1 reply; 7+ messages in thread
From: Atzm Watanabe @ 2013-12-16 8:12 UTC (permalink / raw)
To: netdev
Cc: Stephen Hemminger, Ben Hutchings, David Miller, Daniel Borkmann,
David Laight
struct tpacket{2,3}_hdr is aligned to a multiple of TPACKET_ALIGNMENT.
Explicitly defining and zeroing the gap of this makes additional changes
easier.
Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
---
include/uapi/linux/if_packet.h | 3 ++-
net/packet/af_packet.c | 5 ++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
index 1e24aa7..9185dc9 100644
--- a/include/uapi/linux/if_packet.h
+++ b/include/uapi/linux/if_packet.h
@@ -133,7 +133,7 @@ struct tpacket2_hdr {
__u32 tp_sec;
__u32 tp_nsec;
__u16 tp_vlan_tci;
- __u16 tp_padding;
+ __u8 tp_padding[6];
};
struct tpacket_hdr_variant1 {
@@ -154,6 +154,7 @@ struct tpacket3_hdr {
union {
struct tpacket_hdr_variant1 hv1;
};
+ __u8 tp_padding[12];
};
struct tpacket_bd_ts {
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 1c8b982..5c75a1d 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1929,8 +1929,9 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
} else {
h.h2->tp_vlan_tci = 0;
}
- h.h2->tp_padding = 0;
hdrlen = sizeof(*h.h2);
+ memset(h.h2->tp_padding, 0,
+ hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
break;
case TPACKET_V3:
/* tp_nxt_offset,vlan are already populated above.
@@ -1944,6 +1945,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
h.h3->tp_sec = ts.tv_sec;
h.h3->tp_nsec = ts.tv_nsec;
hdrlen = sizeof(*h.h3);
+ memset(h.h3->tp_padding, 0,
+ hdrlen - offsetof(struct tpacket3_hdr, tp_padding));
break;
default:
BUG();
--
1.8.1.5
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 8:12 [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros Atzm Watanabe
@ 2013-12-16 10:09 ` Daniel Borkmann
2013-12-16 10:16 ` David Laight
0 siblings, 1 reply; 7+ messages in thread
From: Daniel Borkmann @ 2013-12-16 10:09 UTC (permalink / raw)
To: Atzm Watanabe
Cc: netdev, Stephen Hemminger, Ben Hutchings, David Miller, David Laight
On 12/16/2013 09:12 AM, Atzm Watanabe wrote:
> struct tpacket{2,3}_hdr is aligned to a multiple of TPACKET_ALIGNMENT.
> Explicitly defining and zeroing the gap of this makes additional changes
> easier.
I think these structure changes are okay.
What is the reason behind the memset? I don't think it's necessary and we
should try to avoid this additional overhead that is don for *each* packet.
We would signal availability for future structure members in the status
bits anyway.
Otherwise looks good.
> Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
> ---
> include/uapi/linux/if_packet.h | 3 ++-
> net/packet/af_packet.c | 5 ++++-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
> index 1e24aa7..9185dc9 100644
> --- a/include/uapi/linux/if_packet.h
> +++ b/include/uapi/linux/if_packet.h
> @@ -133,7 +133,7 @@ struct tpacket2_hdr {
> __u32 tp_sec;
> __u32 tp_nsec;
> __u16 tp_vlan_tci;
> - __u16 tp_padding;
> + __u8 tp_padding[6];
> };
>
> struct tpacket_hdr_variant1 {
> @@ -154,6 +154,7 @@ struct tpacket3_hdr {
> union {
> struct tpacket_hdr_variant1 hv1;
> };
> + __u8 tp_padding[12];
> };
>
> struct tpacket_bd_ts {
> diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
> index 1c8b982..5c75a1d 100644
> --- a/net/packet/af_packet.c
> +++ b/net/packet/af_packet.c
> @@ -1929,8 +1929,9 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
> } else {
> h.h2->tp_vlan_tci = 0;
> }
> - h.h2->tp_padding = 0;
> hdrlen = sizeof(*h.h2);
> + memset(h.h2->tp_padding, 0,
> + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
> break;
> case TPACKET_V3:
> /* tp_nxt_offset,vlan are already populated above.
> @@ -1944,6 +1945,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
> h.h3->tp_sec = ts.tv_sec;
> h.h3->tp_nsec = ts.tv_nsec;
> hdrlen = sizeof(*h.h3);
> + memset(h.h3->tp_padding, 0,
> + hdrlen - offsetof(struct tpacket3_hdr, tp_padding));
> break;
> default:
> BUG();
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 10:09 ` Daniel Borkmann
@ 2013-12-16 10:16 ` David Laight
2013-12-16 10:22 ` Daniel Borkmann
0 siblings, 1 reply; 7+ messages in thread
From: David Laight @ 2013-12-16 10:16 UTC (permalink / raw)
To: Daniel Borkmann, Atzm Watanabe
Cc: netdev, Stephen Hemminger, Ben Hutchings, David Miller
> > + memset(h.h2->tp_padding, 0,
> > + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
What is wrong with 'sizeof h.h2->tp_padding' ?
The compiler will probably inline the memset into a couple of word
sized writes of zero - probably not measurable.
Not zeroing them might be leaking kernel memory contents (depends
where the memory came from - might just be stale packet data).
David
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 10:16 ` David Laight
@ 2013-12-16 10:22 ` Daniel Borkmann
2013-12-16 12:41 ` Atzm Watanabe
0 siblings, 1 reply; 7+ messages in thread
From: Daniel Borkmann @ 2013-12-16 10:22 UTC (permalink / raw)
To: David Laight
Cc: Atzm Watanabe, netdev, Stephen Hemminger, Ben Hutchings, David Miller
On 12/16/2013 11:16 AM, David Laight wrote:
>>> + memset(h.h2->tp_padding, 0,
>>> + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
>
> What is wrong with 'sizeof h.h2->tp_padding' ?
> The compiler will probably inline the memset into a couple of word
> sized writes of zero - probably not measurable.
> Not zeroing them might be leaking kernel memory contents (depends
> where the memory came from - might just be stale packet data).
The ring buffer memory we're operating on comes from mmap(2) btw.
> David
>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 10:22 ` Daniel Borkmann
@ 2013-12-16 12:41 ` Atzm Watanabe
2013-12-16 12:55 ` Daniel Borkmann
0 siblings, 1 reply; 7+ messages in thread
From: Atzm Watanabe @ 2013-12-16 12:41 UTC (permalink / raw)
To: Daniel Borkmann, David Laight
Cc: netdev, Stephen Hemminger, Ben Hutchings, David Miller
At Mon, 16 Dec 2013 11:22:35 +0100,
Daniel Borkmann wrote:
>
> On 12/16/2013 11:16 AM, David Laight wrote:
> >>> + memset(h.h2->tp_padding, 0,
> >>> + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
> >
> > What is wrong with 'sizeof h.h2->tp_padding' ?
> > The compiler will probably inline the memset into a couple of word
> > sized writes of zero - probably not measurable.
> > Not zeroing them might be leaking kernel memory contents (depends
> > where the memory came from - might just be stale packet data).
>
> The ring buffer memory we're operating on comes from mmap(2) btw.
Thank you for comments.
In struct tpacket2_hdr, it seems that a padding member was really
zeroing to fix information leak on commit
13fcb7bd322164c67926ffe272846d4860196dc6 ("af_packet: prevent information leak").
So next time I'll try to zero tp_padding using sizof(h.h2->tp_padding)
David proposed. If you have any thoughts on this please share it with me.
Thank you again!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 12:41 ` Atzm Watanabe
@ 2013-12-16 12:55 ` Daniel Borkmann
2013-12-16 16:48 ` Atzm Watanabe
0 siblings, 1 reply; 7+ messages in thread
From: Daniel Borkmann @ 2013-12-16 12:55 UTC (permalink / raw)
To: Atzm Watanabe
Cc: David Laight, netdev, Stephen Hemminger, Ben Hutchings, David Miller
On 12/16/2013 01:41 PM, Atzm Watanabe wrote:
> At Mon, 16 Dec 2013 11:22:35 +0100,
> Daniel Borkmann wrote:
>>
>> On 12/16/2013 11:16 AM, David Laight wrote:
>>>>> + memset(h.h2->tp_padding, 0,
>>>>> + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
>>>
>>> What is wrong with 'sizeof h.h2->tp_padding' ?
>>> The compiler will probably inline the memset into a couple of word
>>> sized writes of zero - probably not measurable.
>>> Not zeroing them might be leaking kernel memory contents (depends
>>> where the memory came from - might just be stale packet data).
>>
>> The ring buffer memory we're operating on comes from mmap(2) btw.
>
> Thank you for comments.
> In struct tpacket2_hdr, it seems that a padding member was really
> zeroing to fix information leak on commit
> 13fcb7bd322164c67926ffe272846d4860196dc6 ("af_packet: prevent information leak").
> So next time I'll try to zero tp_padding using sizof(h.h2->tp_padding)
> David proposed. If you have any thoughts on this please share it with me.
Yep, 13fcb7bd was for struct tpacket_auxdata structure in packet_recvmsg()
that sits on the stack and copied uninitialized data to user space. But,
okay, lets go with the memset().
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros
2013-12-16 12:55 ` Daniel Borkmann
@ 2013-12-16 16:48 ` Atzm Watanabe
0 siblings, 0 replies; 7+ messages in thread
From: Atzm Watanabe @ 2013-12-16 16:48 UTC (permalink / raw)
To: Daniel Borkmann
Cc: David Laight, netdev, Stephen Hemminger, Ben Hutchings, David Miller
At Mon, 16 Dec 2013 13:55:43 +0100,
Daniel Borkmann wrote:
>
> On 12/16/2013 01:41 PM, Atzm Watanabe wrote:
> > At Mon, 16 Dec 2013 11:22:35 +0100,
> > Daniel Borkmann wrote:
> >>
> >> On 12/16/2013 11:16 AM, David Laight wrote:
> >>>>> + memset(h.h2->tp_padding, 0,
> >>>>> + hdrlen - offsetof(struct tpacket2_hdr, tp_padding));
> >>>
> >>> What is wrong with 'sizeof h.h2->tp_padding' ?
> >>> The compiler will probably inline the memset into a couple of word
> >>> sized writes of zero - probably not measurable.
> >>> Not zeroing them might be leaking kernel memory contents (depends
> >>> where the memory came from - might just be stale packet data).
> >>
> >> The ring buffer memory we're operating on comes from mmap(2) btw.
> >
> > Thank you for comments.
> > In struct tpacket2_hdr, it seems that a padding member was really
> > zeroing to fix information leak on commit
> > 13fcb7bd322164c67926ffe272846d4860196dc6 ("af_packet: prevent information leak").
> > So next time I'll try to zero tp_padding using sizof(h.h2->tp_padding)
> > David proposed. If you have any thoughts on this please share it with me.
>
> Yep, 13fcb7bd was for struct tpacket_auxdata structure in packet_recvmsg()
> that sits on the stack and copied uninitialized data to user space. But,
> okay, lets go with the memset().
Thank you, I understood.
I'll send the v4 as early as tomorrow.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-12-16 16:48 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-16 8:12 [PATCH v3 2/3] packet: fill the gap of TPACKET_ALIGNMENT with zeros Atzm Watanabe
2013-12-16 10:09 ` Daniel Borkmann
2013-12-16 10:16 ` David Laight
2013-12-16 10:22 ` Daniel Borkmann
2013-12-16 12:41 ` Atzm Watanabe
2013-12-16 12:55 ` Daniel Borkmann
2013-12-16 16:48 ` Atzm Watanabe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.