io-uring.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Victor Stewart <v@nametag.social>
To: io-uring <io-uring@vger.kernel.org>, Jens Axboe <axboe@kernel.dk>
Subject: [RFC 0/1] whitelisting UDP GSO and GRO cmsgs
Date: Mon, 23 Nov 2020 15:29:09 +0000	[thread overview]
Message-ID: <CAM1kxwi5m6i8hrtkw7nZYoziPTD-Wp03+fcsUwh3CuSc=81kUQ@mail.gmail.com> (raw)

so currently all cmsg headers are disabled through sendmsg and recvmsg
operations through io_uring because of
https://www.exploit-db.com/exploits/47779

i think it's time we start whitelisting the good guys though? GSO and
GRO are hugely important for QUIC servers, and together offer a higher
throughput gain than io_uring alone (rate of data transit
considering), thus io_uring is the lesser performance choice for QUIC
servers at the moment.

RE http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf,
GSO is about +~63% and GRO +~82%.

this patch closes that loophole.

Victor Stewart (1);
   net/socket.c: add __sys_whitelisted_cmsghdrs()

   net/socket.c | 15 ++++++++++++---
   1 file changed, 12 insertions(+), 3 deletions(-)

             reply	other threads:[~2020-11-23 15:29 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-23 15:29 Victor Stewart [this message]
2020-11-23 16:13 ` [RFC 0/1] whitelisting UDP GSO and GRO cmsgs Stefan Metzmacher
     [not found]   ` <CAM1kxwhUcXLKU=2hCVaBngOKRL_kgMX4ONy9kpzKW+ZBZraEYw@mail.gmail.com>
     [not found]     ` <5d71d36c-0bfb-a313-07e8-0e22f7331a7a@samba.org>
2020-11-28 19:03       ` Victor Stewart
2020-11-30 10:52         ` Stefan Metzmacher
2020-11-30 14:57           ` Soheil Hassas Yeganeh
2020-11-30 15:05             ` Stefan Metzmacher
2020-11-30 15:15               ` Soheil Hassas Yeganeh
2020-11-30 16:17                 ` Victor Stewart
2020-11-30 16:20                   ` Soheil Hassas Yeganeh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAM1kxwi5m6i8hrtkw7nZYoziPTD-Wp03+fcsUwh3CuSc=81kUQ@mail.gmail.com' \
    --to=v@nametag.social \
    --cc=axboe@kernel.dk \
    --cc=io-uring@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).