From: Daniel Borkmann <dborkman@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: luto@amacapital.net, torvalds@linux-foundation.org,
kaber@trash.net, netdev@vger.kernel.org, tgraf@suug.ch
Subject: Re: Netlink mmap tx security?
Date: Thu, 16 Oct 2014 08:45:44 +0200 [thread overview]
Message-ID: <543F6998.5090000@redhat.com> (raw)
In-Reply-To: <20141014.220908.123550384430402000.davem@davemloft.net>
On 10/15/2014 04:09 AM, David Miller wrote:
> From: Andy Lutomirski <luto@amacapital.net>
> Date: Tue, 14 Oct 2014 19:03:11 -0700
>
>> On Tue, Oct 14, 2014 at 7:01 PM, David Miller <davem@davemloft.net> wrote:
>>> I really think this means I'll have to remove all of the netlink
>>> mmap() support in order to prevent from breaking applications. :(
>>>
>>> The other option is to keep NETLINK_TX_RING, but copy the data into
>>> a kernel side buffer before acting upon it.
>>
>> Option 3, which sucks but maybe not that badly: change the value of
>> NETLINK_RX_RING. (Practically: add NETLINK_RX_RING2 or something like
>> that.)
>
> That would work as well.
>
> There are pros and cons to all of these approaches.
>
> I was thinking that if we do the "TX mmap --> copy to kernel buffer"
> approach, then if in the future we find a way to make it work
> reliably, we can avoid the copy. And frankly performance wise it's no
> worse than what happens via normal sendmsg() calls.
>
> And all applications using NETLINK_RX_RING keep working and keep
> getting the performance boost.
That would be better, yes. This would avoid having such a TPACKET_V*
API chaos we have in packet sockets if this could be fixed for netlink
eventually.
next prev parent reply other threads:[~2014-10-16 6:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CALCETrWsCqy7KEKPTOeHjrO1c2JE1E_seO_J+yA=sYFhS11NXQ@mail.gmail.com>
2014-05-12 21:08 ` Netlink mmap tx security? Andy Lutomirski
2014-10-11 22:29 ` Andy Lutomirski
2014-10-11 23:09 ` David Miller
2014-10-14 19:19 ` David Miller
2014-10-14 19:33 ` Andy Lutomirski
2014-10-14 20:00 ` David Miller
2014-10-14 22:16 ` Andy Lutomirski
2014-10-15 2:01 ` David Miller
2014-10-15 2:03 ` Andy Lutomirski
2014-10-15 2:09 ` David Miller
2014-10-16 6:45 ` Daniel Borkmann [this message]
2014-10-16 7:07 ` Thomas Graf
2014-12-16 22:58 ` David Miller
2014-12-16 23:58 ` Daniel Borkmann
2014-12-17 16:27 ` Thomas Graf
2014-12-18 17:36 ` David Miller
2014-12-17 0:02 ` Eric Dumazet
2014-12-17 16:26 ` Thomas Graf
2014-12-18 10:30 ` [PATCH net] netlink: Don't reorder loads/stores before marking mmap netlink frame as available Thomas Graf
2014-12-18 17:36 ` David Miller
2014-12-18 19:13 ` Linus Torvalds
2014-10-15 23:45 ` Netlink mmap tx security? Daniel Borkmann
2014-10-15 23:57 ` David Miller
2014-10-15 23:58 ` Andy Lutomirski
2014-10-16 3:34 ` David Miller
2014-10-16 5:52 ` Thomas Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543F6998.5090000@redhat.com \
--to=dborkman@redhat.com \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.