* [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-17 6:46 ` Andi Kleen
2014-11-16 14:23 ` [PATCH net-next 02/14] amd-xgbe: use netdev_rss_key_fill() helper Eric Dumazet
` (13 subsequent siblings)
14 siblings, 1 reply; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
RSS (Receive Side Scaling) typically uses Toeplitz hash and a 40 or 52 bytes
RSS key.
Some drivers use a constant (and well known key), some drivers use a random
key per port, making bonding setups hard to tune. Well known keys increase
attack surface, considering that number of queues is usually a power of two.
This patch provides infrastructure to help drivers doing the right thing.
netdev_rss_key_fill() should be used by drivers to initialize their RSS key,
even if they provide ethtool -X support to let user redefine the key later.
A new /proc/sys/net/core/netdev_rss_key file can be used to get the host
RSS key even for drivers not providing ethtool -x support, in case some
applications want to precisely setup flows to match some RX queues.
Tested:
myhost:~# cat /proc/sys/net/core/netdev_rss_key
11:63:99:bb:79:fb:a5:a7:07:45:b2:20:bf:02:42:2d:08:1a:dd:19:2b:6b:23:ac:56:28:9d:70:c3:ac:e8:16:4b:b7:c1:10:53:a4:78:41:36:40:74:b6:15:ca:27:44:aa:b3:4d:72
myhost:~# ethtool -x eth0
RX flow hash indirection table for eth0 with 8 RX ring(s):
0: 0 1 2 3 4 5 6 7
RSS hash key:
11:63:99:bb:79:fb:a5:a7:07:45:b2:20:bf:02:42:2d:08:1a:dd:19:2b:6b:23:ac:56:28:9d:70:c3:ac:e8:16:4b:b7:c1:10:53:a4:78:41
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
Documentation/sysctl/net.txt | 22 ++++++++++++++++++++++
include/linux/netdevice.h | 6 ++++++
net/core/ethtool.c | 11 +++++++++++
net/core/sysctl_net_core.c | 19 +++++++++++++++++++
4 files changed, 58 insertions(+)
diff --git a/Documentation/sysctl/net.txt b/Documentation/sysctl/net.txt
index e26c607468a6..666594b43cff 100644
--- a/Documentation/sysctl/net.txt
+++ b/Documentation/sysctl/net.txt
@@ -142,6 +142,28 @@ netdev_max_backlog
Maximum number of packets, queued on the INPUT side, when the interface
receives packets faster than kernel can process them.
+netdev_rss_key
+--------------
+
+RSS (Receive Side Scaling) enabled drivers use a 40 bytes host key that is
+randomly generated.
+Some user space might need to gather its content even if drivers do not
+provide ethtool -x support yet.
+
+myhost:~# cat /proc/sys/net/core/netdev_rss_key
+84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8: ... (52 bytes total)
+
+File contains nul bytes if no driver ever called netdev_rss_key_fill() function.
+Note:
+/proc/sys/net/core/netdev_rss_key contains 52 bytes of key,
+but most drivers only use 40 bytes of it.
+
+myhost:~# ethtool -x eth0
+RX flow hash indirection table for eth0 with 8 RX ring(s):
+ 0: 0 1 2 3 4 5 6 7
+RSS hash key:
+84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89
+
netdev_tstamp_prequeue
----------------------
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 4a6f770377d3..db63cf459ba1 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3422,6 +3422,12 @@ void netdev_upper_dev_unlink(struct net_device *dev,
void netdev_adjacent_rename_links(struct net_device *dev, char *oldname);
void *netdev_lower_dev_get_private(struct net_device *dev,
struct net_device *lower_dev);
+
+/* RSS keys are 40 or 52 bytes long */
+#define NETDEV_RSS_KEY_LEN 52
+extern u8 netdev_rss_key[NETDEV_RSS_KEY_LEN];
+void netdev_rss_key_fill(void *buffer, size_t len);
+
int dev_get_nest_level(struct net_device *dev,
bool (*type_check)(struct net_device *dev));
int skb_checksum_help(struct sk_buff *skb);
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index b0f84f5ddda8..715f51f321e9 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -25,6 +25,7 @@
#include <linux/slab.h>
#include <linux/rtnetlink.h>
#include <linux/sched.h>
+#include <linux/net.h>
/*
* Some useful ethtool_ops methods that're device independent.
@@ -573,6 +574,16 @@ static int ethtool_copy_validate_indir(u32 *indir, void __user *useraddr,
return 0;
}
+u8 netdev_rss_key[NETDEV_RSS_KEY_LEN];
+
+void netdev_rss_key_fill(void *buffer, size_t len)
+{
+ BUG_ON(len > sizeof(netdev_rss_key));
+ net_get_random_once(netdev_rss_key, sizeof(netdev_rss_key));
+ memcpy(buffer, netdev_rss_key, len);
+}
+EXPORT_SYMBOL(netdev_rss_key_fill);
+
static noinline_for_stack int ethtool_get_rxfh_indir(struct net_device *dev,
void __user *useraddr)
{
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index f93f092fe226..31baba2a71ce 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -217,6 +217,18 @@ static int set_default_qdisc(struct ctl_table *table, int write,
}
#endif
+static int proc_do_rss_key(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+ struct ctl_table fake_table;
+ char buf[NETDEV_RSS_KEY_LEN * 3];
+
+ snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
+ fake_table.data = buf;
+ fake_table.maxlen = sizeof(buf);
+ return proc_dostring(&fake_table, write, buffer, lenp, ppos);
+}
+
static struct ctl_table net_core_table[] = {
#ifdef CONFIG_NET
{
@@ -265,6 +277,13 @@ static struct ctl_table net_core_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .procname = "netdev_rss_key",
+ .data = &netdev_rss_key,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = proc_do_rss_key,
+ },
#ifdef CONFIG_BPF_JIT
{
.procname = "bpf_jit_enable",
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* Re: [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure
2014-11-16 14:23 ` [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure Eric Dumazet
@ 2014-11-17 6:46 ` Andi Kleen
2014-11-17 6:58 ` Eric Dumazet
0 siblings, 1 reply; 27+ messages in thread
From: Andi Kleen @ 2014-11-17 6:46 UTC (permalink / raw)
To: Eric Dumazet
Cc: David S. Miller, netdev, Thomas Lendacky, Ariel Elior,
Michael Chan, Prashant Sreedharan, Rasesh Mody, Sathya Perla,
Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher,
Amir Vadai, Shradha Shah, Shreyas Bhatewara
Eric Dumazet <edumazet@google.com> writes:
> Some drivers use a constant (and well known key), some drivers use a random
> key per port, making bonding setups hard to tune. Well known keys increase
> attack surface, considering that number of queues is usually a power of two.
Wouldn't it be better to have some kernel facility to query on what
port a given mapping would end up rather than exporting
the key? Similar to querying the rounting table.
That would be more abstract.
> + {
> + .procname = "netdev_rss_key",
> + .data = &netdev_rss_key,
> + .maxlen = sizeof(int),
> + .mode = 0444,
Surely 0400 ? After all it's a kind a "secret"
-Andi
^ permalink raw reply [flat|nested] 27+ messages in thread* Re: [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure
2014-11-17 6:46 ` Andi Kleen
@ 2014-11-17 6:58 ` Eric Dumazet
0 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-17 6:58 UTC (permalink / raw)
To: Andi Kleen
Cc: Eric Dumazet, David S. Miller, netdev, Thomas Lendacky,
Ariel Elior, Michael Chan, Prashant Sreedharan, Rasesh Mody,
Sathya Perla, Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg,
Jeff Kirsher, Amir Vadai, Shradha Shah, Shreyas Bhatewara
On Sun, 2014-11-16 at 22:46 -0800, Andi Kleen wrote:
> Wouldn't it be better to have some kernel facility to query on what
> port a given mapping would end up rather than exporting
> the key? Similar to querying the rounting table.
> That would be more abstract.
It is already there, few drivers implement
ethtool -x eth0
And all users can read rss key :
$ ethtool -x eth0
RX flow hash indirection table for eth0 with 8 RX ring(s):
0: 0 1 2 3 4 5 6 7
RSS hash key:
d9:73:69:1e:c5:74:73:38:67:a4:a9:98:78:b1:e2:b6:39:1c:02:f9:30:57:79:84:02:b7:48:90:63:95:10:85:51:bb:f2:9e:f2:c5:85:27
>
> > + {
> > + .procname = "netdev_rss_key",
> > + .data = &netdev_rss_key,
> > + .maxlen = sizeof(int),
> > + .mode = 0444,
>
> Surely 0400 ? After all it's a kind a "secret"
Not really. Toeplitz is not cryptographic. A local program can easily
rebuild the key even if kept 'secret' by networking stack.
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH net-next 02/14] amd-xgbe: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 03/14] bnx2x: " Eric Dumazet
` (12 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use netdev_rss_key_fill() helper, as it provides better support for some
bonding setups.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Lendacky, Thomas <Thomas.Lendacky@amd.com>
---
drivers/net/ethernet/amd/xgbe/xgbe-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-main.c b/drivers/net/ethernet/amd/xgbe/xgbe-main.c
index 05fbdf96e77e..dbd3850b8b0a 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-main.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-main.c
@@ -338,7 +338,7 @@ static int xgbe_probe(struct platform_device *pdev)
}
/* Initialize RSS hash key and lookup table */
- get_random_bytes(pdata->rss_key, sizeof(pdata->rss_key));
+ netdev_rss_key_fill(pdata->rss_key, sizeof(pdata->rss_key));
for (i = 0; i < XGBE_RSS_MAX_TABLE_SIZE; i++)
XGMAC_SET_BITS(pdata->rss_table[i], MAC_RSSDR, DMCH,
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 03/14] bnx2x: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 01/14] net: provide a per host RSS key generic infrastructure Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 02/14] amd-xgbe: use netdev_rss_key_fill() helper Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 04/14] tg3: " Eric Dumazet
` (11 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use netdev_rss_key_fill() helper, as it provides better support for some
bonding setups.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ariel Elior <ariel.elior@qlogic.com>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index e9af4af5edba..b4d71fd909ee 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -2099,7 +2099,7 @@ int bnx2x_rss(struct bnx2x *bp, struct bnx2x_rss_config_obj *rss_obj,
if (config_hash) {
/* RSS keys */
- prandom_bytes(params.rss_key, T_ETH_RSS_KEY * 4);
+ netdev_rss_key_fill(params.rss_key, T_ETH_RSS_KEY * 4);
__set_bit(BNX2X_RSS_SET_SRCH, ¶ms.rss_flags);
}
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 04/14] tg3: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (2 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 03/14] bnx2x: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 05/14] bna: " Eric Dumazet
` (10 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Prashant Sreedharan <prashant@broadcom.com>
Cc: Michael Chan <mchan@broadcom.com>
---
drivers/net/ethernet/broadcom/tg3.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index dbb41c1923e6..2dc001559a97 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -10540,19 +10540,14 @@ static int tg3_reset_hw(struct tg3 *tp, bool reset_phy)
udelay(100);
if (tg3_flag(tp, ENABLE_RSS)) {
+ u32 rss_key[10];
+
tg3_rss_write_indir_tbl(tp);
- /* Setup the "secret" hash key. */
- tw32(MAC_RSS_HASH_KEY_0, 0x5f865437);
- tw32(MAC_RSS_HASH_KEY_1, 0xe4ac62cc);
- tw32(MAC_RSS_HASH_KEY_2, 0x50103a45);
- tw32(MAC_RSS_HASH_KEY_3, 0x36621985);
- tw32(MAC_RSS_HASH_KEY_4, 0xbf14c0e8);
- tw32(MAC_RSS_HASH_KEY_5, 0x1bc27a1e);
- tw32(MAC_RSS_HASH_KEY_6, 0x84f4b556);
- tw32(MAC_RSS_HASH_KEY_7, 0x094ea6fe);
- tw32(MAC_RSS_HASH_KEY_8, 0x7dda01e7);
- tw32(MAC_RSS_HASH_KEY_9, 0xc04d7481);
+ netdev_rss_key_fill(rss_key, 10 * sizeof(u32));
+
+ for (i = 0; i < 10 ; i++)
+ tw32(MAC_RSS_HASH_KEY_0 + i*4, rss_key[i]);
}
tp->rx_mode = RX_MODE_ENABLE;
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 05/14] bna: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (3 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 04/14] tg3: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 06/14] be2net:use " Eric Dumazet
` (9 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use netdev_rss_key_fill() helper, as it provides better support for some
bonding setups.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Rasesh Mody <rasesh.mody@qlogic.com>
---
drivers/net/ethernet/brocade/bna/bnad.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c
index c3861de9dc81..323721838cf9 100644
--- a/drivers/net/ethernet/brocade/bna/bnad.c
+++ b/drivers/net/ethernet/brocade/bna/bnad.c
@@ -2054,7 +2054,7 @@ bnad_init_rx_config(struct bnad *bnad, struct bna_rx_config *rx_config)
BFI_ENET_RSS_IPV4_TCP);
rx_config->rss_config.hash_mask =
bnad->num_rxp_per_rx - 1;
- get_random_bytes(rx_config->rss_config.toeplitz_hash_key,
+ netdev_rss_key_fill(rx_config->rss_config.toeplitz_hash_key,
sizeof(rx_config->rss_config.toeplitz_hash_key));
} else {
rx_config->rss_status = BNA_STATUS_T_DISABLED;
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 06/14] be2net:use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (4 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 05/14] bna: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 07/14] e100e: use " Eric Dumazet
` (8 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use netdev_rss_key_fill() helper, as it provides better support for some
bonding setups.
Rename rss_hkey local variable to rss_key to have consistent name among
drivers.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Sathya Perla <sathya.perla@emulex.com>
Cc: Subbu Seetharaman <subbu.seetharaman@emulex.com>
Cc: Ajit Khaparde <ajit.khaparde@emulex.com>
---
drivers/net/ethernet/emulex/benet/be_main.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
index 9a18e7930b31..54160cc62656 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -2853,10 +2853,10 @@ static int be_close(struct net_device *netdev)
static int be_rx_qs_create(struct be_adapter *adapter)
{
+ struct rss_info *rss = &adapter->rss_info;
+ u8 rss_key[RSS_HASH_KEY_LEN];
struct be_rx_obj *rxo;
int rc, i, j;
- u8 rss_hkey[RSS_HASH_KEY_LEN];
- struct rss_info *rss = &adapter->rss_info;
for_all_rx_queues(adapter, rxo, i) {
rc = be_queue_alloc(adapter, &rxo->q, RX_Q_LEN,
@@ -2901,15 +2901,15 @@ static int be_rx_qs_create(struct be_adapter *adapter)
rss->rss_flags = RSS_ENABLE_NONE;
}
- get_random_bytes(rss_hkey, RSS_HASH_KEY_LEN);
+ netdev_rss_key_fill(rss_key, RSS_HASH_KEY_LEN);
rc = be_cmd_rss_config(adapter, rss->rsstable, rss->rss_flags,
- 128, rss_hkey);
+ 128, rss_key);
if (rc) {
rss->rss_flags = RSS_ENABLE_NONE;
return rc;
}
- memcpy(rss->rss_hkey, rss_hkey, RSS_HASH_KEY_LEN);
+ memcpy(rss->rss_hkey, rss_key, RSS_HASH_KEY_LEN);
/* First time posting */
for_all_rx_queues(adapter, rxo, i)
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 07/14] e100e: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (5 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 06/14] be2net:use " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 08/14] fm10k: " Eric Dumazet
` (7 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
drivers/net/ethernet/intel/e1000e/netdev.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
index 247335d2c7ec..370cfa275ddb 100644
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -3449,15 +3449,12 @@ static void e1000e_setup_rss_hash(struct e1000_adapter *adapter)
{
struct e1000_hw *hw = &adapter->hw;
u32 mrqc, rxcsum;
+ u32 rss_key[10];
int i;
- static const u32 rsskey[10] = {
- 0xda565a6d, 0xc20e5b25, 0x3d256741, 0xb08fa343, 0xcb2bcad0,
- 0xb4307bae, 0xa32dcb77, 0x0cf23080, 0x3bb7426a, 0xfa01acbe
- };
- /* Fill out hash function seed */
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
for (i = 0; i < 10; i++)
- ew32(RSSRK(i), rsskey[i]);
+ ew32(RSSRK(i), rss_key[i]);
/* Direct all traffic to queue 0 */
for (i = 0; i < 32; i++)
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 08/14] fm10k: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (6 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 07/14] e100e: use " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 09/14] i40e: " Eric Dumazet
` (6 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
drivers/net/ethernet/intel/fm10k/fm10k_pci.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/fm10k/fm10k_pci.c b/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
index a0cb74ab3dc6..4f5892cc32d7 100644
--- a/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
+++ b/drivers/net/ethernet/intel/fm10k/fm10k_pci.c
@@ -1551,15 +1551,11 @@ void fm10k_down(struct fm10k_intfc *interface)
static int fm10k_sw_init(struct fm10k_intfc *interface,
const struct pci_device_id *ent)
{
- static const u32 seed[FM10K_RSSRK_SIZE] = { 0xda565a6d, 0xc20e5b25,
- 0x3d256741, 0xb08fa343,
- 0xcb2bcad0, 0xb4307bae,
- 0xa32dcb77, 0x0cf23080,
- 0x3bb7426a, 0xfa01acbe };
const struct fm10k_info *fi = fm10k_info_tbl[ent->driver_data];
struct fm10k_hw *hw = &interface->hw;
struct pci_dev *pdev = interface->pdev;
struct net_device *netdev = interface->netdev;
+ u32 rss_key[FM10K_RSSRK_SIZE];
unsigned int rss;
int err;
@@ -1673,8 +1669,8 @@ static int fm10k_sw_init(struct fm10k_intfc *interface,
/* initialize vxlan_port list */
INIT_LIST_HEAD(&interface->vxlan_port);
- /* initialize RSS key */
- memcpy(interface->rssrk, seed, sizeof(seed));
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
+ memcpy(interface->rssrk, rss_key, sizeof(rss_key));
/* Start off interface as being down */
set_bit(__FM10K_DOWN, &interface->state);
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 09/14] i40e: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (7 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 08/14] fm10k: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 10/14] igb: " Eric Dumazet
` (5 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 10 +++-------
drivers/net/ethernet/intel/i40evf/i40evf_main.c | 11 +++--------
2 files changed, 6 insertions(+), 15 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index de664631c807..a0bee83ab2de 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -7002,20 +7002,16 @@ static int i40e_setup_misc_vector(struct i40e_pf *pf)
**/
static int i40e_config_rss(struct i40e_pf *pf)
{
- /* Set of random keys generated using kernel random number generator */
- static const u32 seed[I40E_PFQF_HKEY_MAX_INDEX + 1] = {0x41b01687,
- 0x183cfd8c, 0xce880440, 0x580cbc3c, 0x35897377,
- 0x328b25e1, 0x4fa98922, 0xb7d90c14, 0xd5bad70d,
- 0xcd15a2c1, 0xe8580225, 0x4a1e9d11, 0xfe5731be};
+ u32 rss_key[I40E_PFQF_HKEY_MAX_INDEX + 1];
struct i40e_hw *hw = &pf->hw;
u32 lut = 0;
int i, j;
u64 hena;
u32 reg_val;
- /* Fill out hash function seed */
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
for (i = 0; i <= I40E_PFQF_HKEY_MAX_INDEX; i++)
- wr32(hw, I40E_PFQF_HKEY(i), seed[i]);
+ wr32(hw, I40E_PFQF_HKEY(i), rss_key[i]);
/* By default we enable TCP/UDP with IPv4/IPv6 ptypes */
hena = (u64)rd32(hw, I40E_PFQF_HENA(0)) |
diff --git a/drivers/net/ethernet/intel/i40evf/i40evf_main.c b/drivers/net/ethernet/intel/i40evf/i40evf_main.c
index f0d07ad54198..489227891ffb 100644
--- a/drivers/net/ethernet/intel/i40evf/i40evf_main.c
+++ b/drivers/net/ethernet/intel/i40evf/i40evf_main.c
@@ -1434,18 +1434,12 @@ static int next_queue(struct i40evf_adapter *adapter, int j)
**/
static void i40evf_configure_rss(struct i40evf_adapter *adapter)
{
+ u32 rss_key[I40E_VFQF_HKEY_MAX_INDEX + 1];
struct i40e_hw *hw = &adapter->hw;
u32 lut = 0;
int i, j;
u64 hena;
- /* Set of random keys generated using kernel random number generator */
- static const u32 seed[I40E_VFQF_HKEY_MAX_INDEX + 1] = {
- 0x794221b4, 0xbca0c5ab, 0x6cd5ebd9, 0x1ada6127,
- 0x983b3aa1, 0x1c4e71eb, 0x7f6328b2, 0xfcdc0da0,
- 0xc135cafa, 0x7a6f7e2d, 0xe7102d28, 0x163cd12e,
- 0x4954b126 };
-
/* No RSS for single queue. */
if (adapter->num_active_queues == 1) {
wr32(hw, I40E_VFQF_HENA(0), 0);
@@ -1454,8 +1448,9 @@ static void i40evf_configure_rss(struct i40evf_adapter *adapter)
}
/* Hash type is configured by the PF - we just supply the key */
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
for (i = 0; i <= I40E_VFQF_HKEY_MAX_INDEX; i++)
- wr32(hw, I40E_VFQF_HKEY(i), seed[i]);
+ wr32(hw, I40E_VFQF_HKEY(i), rss_key[i]);
/* Enable PCTYPES for RSS, TCP/UDP with IPv4/IPv6 */
hena = I40E_DEFAULT_RSS_HENA;
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 10/14] igb: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (8 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 09/14] i40e: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 11/14] ixgbe: " Eric Dumazet
` (4 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
drivers/net/ethernet/intel/igb/igb_main.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 1e35fae7a62b..b0e12e7c4a3d 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -3372,14 +3372,11 @@ static void igb_setup_mrqc(struct igb_adapter *adapter)
struct e1000_hw *hw = &adapter->hw;
u32 mrqc, rxcsum;
u32 j, num_rx_queues;
- static const u32 rsskey[10] = { 0xDA565A6D, 0xC20E5B25, 0x3D256741,
- 0xB08FA343, 0xCB2BCAD0, 0xB4307BAE,
- 0xA32DCB77, 0x0CF23080, 0x3BB7426A,
- 0xFA01ACBE };
+ u32 rss_key[10];
- /* Fill out hash function seeds */
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
for (j = 0; j < 10; j++)
- wr32(E1000_RSSRK(j), rsskey[j]);
+ wr32(E1000_RSSRK(j), rss_key[j]);
num_rx_queues = adapter->rss_queues;
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 11/14] ixgbe: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (9 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 10/14] igb: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 12/14] mlx4: " Eric Dumazet
` (3 subsequent siblings)
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index f5fcba4f9d21..932f77961d66 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -3243,10 +3243,8 @@ static void ixgbe_setup_reta(struct ixgbe_adapter *adapter, const u32 *seed)
static void ixgbe_setup_mrqc(struct ixgbe_adapter *adapter)
{
struct ixgbe_hw *hw = &adapter->hw;
- static const u32 seed[10] = { 0xE291D73D, 0x1805EC6C, 0x2A94B30D,
- 0xA54F2BEC, 0xEA49AF7C, 0xE214AD3D, 0xB855AABE,
- 0x6A3E67EA, 0x14364D17, 0x3BED200D};
u32 mrqc = 0, rss_field = 0;
+ u32 rss_key[10];
u32 rxcsum;
/* Disable indicating checksum in descriptor, enables RSS hash */
@@ -3290,7 +3288,8 @@ static void ixgbe_setup_mrqc(struct ixgbe_adapter *adapter)
if (adapter->flags2 & IXGBE_FLAG2_RSS_FIELD_IPV6_UDP)
rss_field |= IXGBE_MRQC_RSS_FIELD_IPV6_UDP;
- ixgbe_setup_reta(adapter, seed);
+ netdev_rss_key_fill(rss_key, sizeof(rss_key));
+ ixgbe_setup_reta(adapter, rss_key);
mrqc |= rss_field;
IXGBE_WRITE_REG(hw, IXGBE_MRQC, mrqc);
}
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (10 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 11/14] ixgbe: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-22 21:49 ` Ben Hutchings
2014-11-16 14:23 ` [PATCH net-next 13/14] sfc: " Eric Dumazet
` (2 subsequent siblings)
14 siblings, 1 reply; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Also provide ethtool -x support to fetch RSS key
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Amir Vadai <amirv@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 9 ++++++++-
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 6 +-----
include/linux/mlx4/qp.h | 4 +++-
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
index 6c643230a5ed..710cf309962a 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
@@ -973,6 +973,11 @@ static u32 mlx4_en_get_rxfh_indir_size(struct net_device *dev)
return priv->rx_ring_num;
}
+static u32 mlx4_en_get_rxfh_key_size(struct net_device *netdev)
+{
+ return MLX4_EN_RSS_KEY_SIZE;
+}
+
static int mlx4_en_get_rxfh(struct net_device *dev, u32 *ring_index, u8 *key)
{
struct mlx4_en_priv *priv = netdev_priv(dev);
@@ -988,7 +993,8 @@ static int mlx4_en_get_rxfh(struct net_device *dev, u32 *ring_index, u8 *key)
ring_index[n] = rss_map->qps[n % rss_rings].qpn -
rss_map->base_qpn;
}
-
+ if (key)
+ netdev_rss_key_fill(key, MLX4_EN_RSS_KEY_SIZE);
return err;
}
@@ -1799,6 +1805,7 @@ const struct ethtool_ops mlx4_en_ethtool_ops = {
.get_rxnfc = mlx4_en_get_rxnfc,
.set_rxnfc = mlx4_en_set_rxnfc,
.get_rxfh_indir_size = mlx4_en_get_rxfh_indir_size,
+ .get_rxfh_key_size = mlx4_en_get_rxfh_key_size,
.get_rxfh = mlx4_en_get_rxfh,
.set_rxfh = mlx4_en_set_rxfh,
.get_channels = mlx4_en_get_channels,
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_rx.c b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
index ccd95177ea7c..b7bda8956011 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
@@ -1169,9 +1169,6 @@ int mlx4_en_config_rss_steer(struct mlx4_en_priv *priv)
int i, qpn;
int err = 0;
int good_qps = 0;
- static const u32 rsskey[10] = { 0xD181C62C, 0xF7F4DB5B, 0x1983A2FC,
- 0x943E1ADB, 0xD9389E6B, 0xD1039C2C, 0xA74499AD,
- 0x593D56D9, 0xF3253C06, 0x2ADC1FFC};
en_dbg(DRV, priv, "Configuring rss steering\n");
err = mlx4_qp_reserve_range(mdev->dev, priv->rx_ring_num,
@@ -1226,8 +1223,7 @@ int mlx4_en_config_rss_steer(struct mlx4_en_priv *priv)
rss_context->flags = rss_mask;
rss_context->hash_fn = MLX4_RSS_HASH_TOP;
- for (i = 0; i < 10; i++)
- rss_context->rss_key[i] = cpu_to_be32(rsskey[i]);
+ netdev_rss_key_fill(rss_context->rss_key, MLX4_EN_RSS_KEY_SIZE);
err = mlx4_qp_to_ready(mdev->dev, &priv->res.mtt, &context,
&rss_map->indir_qp, &rss_map->indir_state);
diff --git a/include/linux/mlx4/qp.h b/include/linux/mlx4/qp.h
index 5f4e36cf0091..467ccdf94c98 100644
--- a/include/linux/mlx4/qp.h
+++ b/include/linux/mlx4/qp.h
@@ -120,13 +120,15 @@ enum {
MLX4_RSS_QPC_FLAG_OFFSET = 13,
};
+#define MLX4_EN_RSS_KEY_SIZE 40
+
struct mlx4_rss_context {
__be32 base_qpn;
__be32 default_qpn;
u16 reserved;
u8 hash_fn;
u8 flags;
- __be32 rss_key[10];
+ __be32 rss_key[MLX4_EN_RSS_KEY_SIZE / sizeof(__be32)];
__be32 base_qpn_udp;
};
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* Re: [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper
2014-11-16 14:23 ` [PATCH net-next 12/14] mlx4: " Eric Dumazet
@ 2014-11-22 21:49 ` Ben Hutchings
2014-11-22 23:58 ` Eric Dumazet
0 siblings, 1 reply; 27+ messages in thread
From: Ben Hutchings @ 2014-11-22 21:49 UTC (permalink / raw)
To: Eric Dumazet
Cc: David S. Miller, netdev, Thomas Lendacky, Ariel Elior,
Michael Chan, Prashant Sreedharan, Rasesh Mody, Sathya Perla,
Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher,
Amir Vadai, Shradha Shah, Shreyas Bhatewara
[-- Attachment #1: Type: text/plain, Size: 906 bytes --]
On Sun, 2014-11-16 at 06:23 -0800, Eric Dumazet wrote:
> Use of well known RSS key increases attack surface.
> Switch to a random one, using generic helper so that all
> ports share a common key.
>
> Also provide ethtool -x support to fetch RSS key
[...]
> @@ -1799,6 +1805,7 @@ const struct ethtool_ops mlx4_en_ethtool_ops = {
> .get_rxnfc = mlx4_en_get_rxnfc,
> .set_rxnfc = mlx4_en_set_rxnfc,
> .get_rxfh_indir_size = mlx4_en_get_rxfh_indir_size,
> + .get_rxfh_key_size = mlx4_en_get_rxfh_key_size,
> .get_rxfh = mlx4_en_get_rxfh,
> .set_rxfh = mlx4_en_set_rxfh,
[...]
A driver that implements get_rxfh_key_size() and set_rxfh() is assumed
to support setting the RSS key (and only the key). However,
mlx4_en_set_rxfh() will currently crash if a new indirection table is
not provided.
Ben.
--
Ben Hutchings
Logic doesn't apply to the real world. - Marvin Minsky
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 27+ messages in thread* Re: [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper
2014-11-22 21:49 ` Ben Hutchings
@ 2014-11-22 23:58 ` Eric Dumazet
2014-11-23 1:24 ` [PATCH net-next] mlx4: fix mlx4_en_set_rxfh() Eric Dumazet
2014-11-23 4:07 ` [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper Ben Hutchings
0 siblings, 2 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-22 23:58 UTC (permalink / raw)
To: Ben Hutchings
Cc: Eric Dumazet, David S. Miller, netdev, Thomas Lendacky,
Ariel Elior, Michael Chan, Prashant Sreedharan, Rasesh Mody,
Sathya Perla, Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg,
Jeff Kirsher, Amir Vadai, Shradha Shah, Shreyas Bhatewara
On Sat, 2014-11-22 at 21:49 +0000, Ben Hutchings wrote:
> On Sun, 2014-11-16 at 06:23 -0800, Eric Dumazet wrote:
> > Use of well known RSS key increases attack surface.
> > Switch to a random one, using generic helper so that all
> > ports share a common key.
> >
> > Also provide ethtool -x support to fetch RSS key
> [...]
> > @@ -1799,6 +1805,7 @@ const struct ethtool_ops mlx4_en_ethtool_ops = {
> > .get_rxnfc = mlx4_en_get_rxnfc,
> > .set_rxnfc = mlx4_en_set_rxnfc,
> > .get_rxfh_indir_size = mlx4_en_get_rxfh_indir_size,
> > + .get_rxfh_key_size = mlx4_en_get_rxfh_key_size,
> > .get_rxfh = mlx4_en_get_rxfh,
> > .set_rxfh = mlx4_en_set_rxfh,
> [...]
>
> A driver that implements get_rxfh_key_size() and set_rxfh() is assumed
> to support setting the RSS key (and only the key). However,
> mlx4_en_set_rxfh() will currently crash if a new indirection table is
> not provided.
Hi Ben.
Is this a net-next only concern, or is it an existing problem in net
tree ?
Thanks !
^ permalink raw reply [flat|nested] 27+ messages in thread* [PATCH net-next] mlx4: fix mlx4_en_set_rxfh()
2014-11-22 23:58 ` Eric Dumazet
@ 2014-11-23 1:24 ` Eric Dumazet
2014-11-23 16:53 ` Amir Vadai
2014-11-23 18:49 ` David Miller
2014-11-23 4:07 ` [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper Ben Hutchings
1 sibling, 2 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-23 1:24 UTC (permalink / raw)
To: Ben Hutchings; +Cc: David S. Miller, netdev, Amir Vadai
From: Eric Dumazet <edumazet@google.com>
mlx4_en_set_rxfh() can crash if no RSS indir table is provided.
While we are at it, allow RSS key to be changed with ethtool -X
Tested:
myhost:~# cat /proc/sys/net/core/netdev_rss_key
b6:89:91:f3:b2:c3:c2:90:11:e8:ce:45:e8:a9:9d:1c:f2:f6:d4:53:61:8b:26:3a:b3:9a:57:97:c3:b6:79:4d:2e:d9:66:5c:72:ed:b6:8e:c5:5d:4d:8c:22:67:30:ab:8a:6e:c3:6a
myhost:~# ethtool -x eth0
RX flow hash indirection table for eth0 with 8 RX ring(s):
0: 0 1 2 3 4 5 6 7
RSS hash key:
b6:89:91:f3:b2:c3:c2:90:11:e8:ce:45:e8:a9:9d:1c:f2:f6:d4:53:61:8b:26:3a:b3:9a:57:97:c3:b6:79:4d:2e:d9:66:5c:72:ed:b6:8e
myhost:~# ethtool -X eth0 hkey \
03:0e:e2:43:fa:82:0e:73:14:2d:c0:68:21:9e:82:99:b9:84:d0:22:e2:b3:64:9f:4a:af:00:fa:cc:05:b4:4a:17:05:14:73:76:58:bd:2f
myhost:~# ethtool -x eth0
RX flow hash indirection table for eth0 with 8 RX ring(s):
0: 0 1 2 3 4 5 6 7
RSS hash key:
03:0e:e2:43:fa:82:0e:73:14:2d:c0:68:21:9e:82:99:b9:84:d0:22:e2:b3:64:9f:4a:af:00:fa:cc:05:b4:4a:17:05:14:73:76:58:bd:2f
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: b9d1ab7eb42e ("mlx4: use netdev_rss_key_fill() helper")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Amir Vadai <amirv@mellanox.com>
---
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 10 +++++++---
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 +
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 3 +--
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 +
4 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
index bdff834a2a7e..c45e06abc073 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
@@ -994,7 +994,7 @@ static int mlx4_en_get_rxfh(struct net_device *dev, u32 *ring_index, u8 *key)
rss_map->base_qpn;
}
if (key)
- netdev_rss_key_fill(key, MLX4_EN_RSS_KEY_SIZE);
+ memcpy(key, priv->rss_key, MLX4_EN_RSS_KEY_SIZE);
return err;
}
@@ -1012,6 +1012,8 @@ static int mlx4_en_set_rxfh(struct net_device *dev, const u32 *ring_index,
* between rings
*/
for (i = 0; i < priv->rx_ring_num; i++) {
+ if (!ring_index)
+ continue;
if (i > 0 && !ring_index[i] && !rss_rings)
rss_rings = i;
@@ -1032,8 +1034,10 @@ static int mlx4_en_set_rxfh(struct net_device *dev, const u32 *ring_index,
mlx4_en_stop_port(dev, 1);
}
- priv->prof->rss_rings = rss_rings;
-
+ if (ring_index)
+ priv->prof->rss_rings = rss_rings;
+ if (key)
+ memcpy(priv->rss_key, key, MLX4_EN_RSS_KEY_SIZE);
if (port_up) {
err = mlx4_en_start_port(dev);
if (err)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
index 89440cb25ad8..b7c99780aef3 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c
@@ -2493,6 +2493,7 @@ int mlx4_en_init_netdev(struct mlx4_en_dev *mdev, int port,
priv->num_tx_rings_p_up = mdev->profile.num_tx_rings_p_up;
priv->tx_ring_num = prof->tx_ring_num;
priv->tx_work_limit = MLX4_EN_DEFAULT_TX_WORK;
+ netdev_rss_key_fill(priv->rss_key, sizeof(priv->rss_key));
priv->tx_ring = kzalloc(sizeof(struct mlx4_en_tx_ring *) * MAX_TX_RINGS,
GFP_KERNEL);
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_rx.c b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
index b7bda8956011..946d35280abc 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
@@ -1223,8 +1223,7 @@ int mlx4_en_config_rss_steer(struct mlx4_en_priv *priv)
rss_context->flags = rss_mask;
rss_context->hash_fn = MLX4_RSS_HASH_TOP;
- netdev_rss_key_fill(rss_context->rss_key, MLX4_EN_RSS_KEY_SIZE);
-
+ memcpy(rss_context->rss_key, priv->rss_key, MLX4_EN_RSS_KEY_SIZE);
err = mlx4_qp_to_ready(mdev->dev, &priv->res.mtt, &context,
&rss_map->indir_qp, &rss_map->indir_state);
if (err)
diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
index de456749ffae..aaa7efbb9664 100644
--- a/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
+++ b/drivers/net/ethernet/mellanox/mlx4/mlx4_en.h
@@ -618,6 +618,7 @@ struct mlx4_en_priv {
__be16 vxlan_port;
u32 pflags;
+ u8 rss_key[MLX4_EN_RSS_KEY_SIZE];
};
enum mlx4_en_wol {
^ permalink raw reply related [flat|nested] 27+ messages in thread* Re: [PATCH net-next] mlx4: fix mlx4_en_set_rxfh()
2014-11-23 1:24 ` [PATCH net-next] mlx4: fix mlx4_en_set_rxfh() Eric Dumazet
@ 2014-11-23 16:53 ` Amir Vadai
2014-11-23 17:05 ` Eric Dumazet
2014-11-23 18:49 ` David Miller
1 sibling, 1 reply; 27+ messages in thread
From: Amir Vadai @ 2014-11-23 16:53 UTC (permalink / raw)
To: Eric Dumazet, Ben Hutchings; +Cc: David S. Miller, netdev
On 11/23/2014 3:24 AM, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> mlx4_en_set_rxfh() can crash if no RSS indir table is provided.
>
> While we are at it, allow RSS key to be changed with ethtool -X
>
> Tested:
>
> myhost:~# cat /proc/sys/net/core/netdev_rss_key
> b6:89:91:f3:b2:c3:c2:90:11:e8:ce:45:e8:a9:9d:1c:f2:f6:d4:53:61:8b:26:3a:b3:9a:57:97:c3:b6:79:4d:2e:d9:66:5c:72:ed:b6:8e:c5:5d:4d:8c:22:67:30:ab:8a:6e:c3:6a
>
> myhost:~# ethtool -x eth0
> RX flow hash indirection table for eth0 with 8 RX ring(s):
> 0: 0 1 2 3 4 5 6 7
> RSS hash key:
> b6:89:91:f3:b2:c3:c2:90:11:e8:ce:45:e8:a9:9d:1c:f2:f6:d4:53:61:8b:26:3a:b3:9a:57:97:c3:b6:79:4d:2e:d9:66:5c:72:ed:b6:8e
>
> myhost:~# ethtool -X eth0 hkey \
> 03:0e:e2:43:fa:82:0e:73:14:2d:c0:68:21:9e:82:99:b9:84:d0:22:e2:b3:64:9f:4a:af:00:fa:cc:05:b4:4a:17:05:14:73:76:58:bd:2f
>
> myhost:~# ethtool -x eth0
> RX flow hash indirection table for eth0 with 8 RX ring(s):
> 0: 0 1 2 3 4 5 6 7
> RSS hash key:
> 03:0e:e2:43:fa:82:0e:73:14:2d:c0:68:21:9e:82:99:b9:84:d0:22:e2:b3:64:9f:4a:af:00:fa:cc:05:b4:4a:17:05:14:73:76:58:bd:2f
>
>
> Reported-by: Ben Hutchings <ben@decadent.org.uk>
> Fixes: b9d1ab7eb42e ("mlx4: use netdev_rss_key_fill() helper")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Amir Vadai <amirv@mellanox.com>
> ---
> drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 10 +++++++---
> drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 1 +
> drivers/net/ethernet/mellanox/mlx4/en_rx.c | 3 +--
> drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 +
> 4 files changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
> index bdff834a2a7e..c45e06abc073 100644
> --- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
> +++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
> @@ -994,7 +994,7 @@ static int mlx4_en_get_rxfh(struct net_device *dev, u32 *ring_index, u8 *key)
> rss_map->base_qpn;
> }
> if (key)
> - netdev_rss_key_fill(key, MLX4_EN_RSS_KEY_SIZE);
> + memcpy(key, priv->rss_key, MLX4_EN_RSS_KEY_SIZE);
> return err;
> }
>
> @@ -1012,6 +1012,8 @@ static int mlx4_en_set_rxfh(struct net_device *dev, const u32 *ring_index,
> * between rings
> */
> for (i = 0; i < priv->rx_ring_num; i++) {
> + if (!ring_index)
> + continue;
Why didn't you put the whole loop under the 'if'?
> if (i > 0 && !ring_index[i] && !rss_rings)
> rss_rings = i;
>
[...]
Amir
^ permalink raw reply [flat|nested] 27+ messages in thread* Re: [PATCH net-next] mlx4: fix mlx4_en_set_rxfh()
2014-11-23 16:53 ` Amir Vadai
@ 2014-11-23 17:05 ` Eric Dumazet
2014-11-23 20:56 ` Joe Perches
0 siblings, 1 reply; 27+ messages in thread
From: Eric Dumazet @ 2014-11-23 17:05 UTC (permalink / raw)
To: Amir Vadai; +Cc: Ben Hutchings, David S. Miller, netdev
On Sun, 2014-11-23 at 18:53 +0200, Amir Vadai wrote:
> > */
> > for (i = 0; i < priv->rx_ring_num; i++) {
> > + if (!ring_index)
> > + continue;
>
> Why didn't you put the whole loop under the 'if'?
To avoid adding one indentation on the block, and ease this code review.
This is hardly fast path, and compiler does the optim for us anyway.
^ permalink raw reply [flat|nested] 27+ messages in thread* Re: [PATCH net-next] mlx4: fix mlx4_en_set_rxfh()
2014-11-23 17:05 ` Eric Dumazet
@ 2014-11-23 20:56 ` Joe Perches
0 siblings, 0 replies; 27+ messages in thread
From: Joe Perches @ 2014-11-23 20:56 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Amir Vadai, Ben Hutchings, David S. Miller, netdev
On Sun, 2014-11-23 at 09:05 -0800, Eric Dumazet wrote:
> On Sun, 2014-11-23 at 18:53 +0200, Amir Vadai wrote:
> > > */
> > > for (i = 0; i < priv->rx_ring_num; i++) {
> > > + if (!ring_index)
> > > + continue;
> >
> > Why didn't you put the whole loop under the 'if'?
>
> To avoid adding one indentation on the block, and ease this code review.
>
> This is hardly fast path, and compiler does the optim for us anyway.
It might have been more sensible
to use break instead of continue
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH net-next] mlx4: fix mlx4_en_set_rxfh()
2014-11-23 1:24 ` [PATCH net-next] mlx4: fix mlx4_en_set_rxfh() Eric Dumazet
2014-11-23 16:53 ` Amir Vadai
@ 2014-11-23 18:49 ` David Miller
1 sibling, 0 replies; 27+ messages in thread
From: David Miller @ 2014-11-23 18:49 UTC (permalink / raw)
To: eric.dumazet; +Cc: ben, netdev, amirv
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Sat, 22 Nov 2014 17:24:19 -0800
> From: Eric Dumazet <edumazet@google.com>
>
> mlx4_en_set_rxfh() can crash if no RSS indir table is provided.
>
> While we are at it, allow RSS key to be changed with ethtool -X
>
> Tested:
...
> Reported-by: Ben Hutchings <ben@decadent.org.uk>
> Fixes: b9d1ab7eb42e ("mlx4: use netdev_rss_key_fill() helper")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
Applied, thanks Eric.
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper
2014-11-22 23:58 ` Eric Dumazet
2014-11-23 1:24 ` [PATCH net-next] mlx4: fix mlx4_en_set_rxfh() Eric Dumazet
@ 2014-11-23 4:07 ` Ben Hutchings
2014-11-23 4:14 ` Eric Dumazet
1 sibling, 1 reply; 27+ messages in thread
From: Ben Hutchings @ 2014-11-23 4:07 UTC (permalink / raw)
To: Eric Dumazet
Cc: Eric Dumazet, David S. Miller, netdev, Thomas Lendacky,
Ariel Elior, Michael Chan, Prashant Sreedharan, Rasesh Mody,
Sathya Perla, Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg,
Jeff Kirsher, Amir Vadai, Shradha Shah, Shreyas Bhatewara
[-- Attachment #1: Type: text/plain, Size: 1405 bytes --]
On Sat, 2014-11-22 at 15:58 -0800, Eric Dumazet wrote:
> On Sat, 2014-11-22 at 21:49 +0000, Ben Hutchings wrote:
> > On Sun, 2014-11-16 at 06:23 -0800, Eric Dumazet wrote:
> > > Use of well known RSS key increases attack surface.
> > > Switch to a random one, using generic helper so that all
> > > ports share a common key.
> > >
> > > Also provide ethtool -x support to fetch RSS key
> > [...]
> > > @@ -1799,6 +1805,7 @@ const struct ethtool_ops mlx4_en_ethtool_ops = {
> > > .get_rxnfc = mlx4_en_get_rxnfc,
> > > .set_rxnfc = mlx4_en_set_rxnfc,
> > > .get_rxfh_indir_size = mlx4_en_get_rxfh_indir_size,
> > > + .get_rxfh_key_size = mlx4_en_get_rxfh_key_size,
> > > .get_rxfh = mlx4_en_get_rxfh,
> > > .set_rxfh = mlx4_en_set_rxfh,
> > [...]
> >
> > A driver that implements get_rxfh_key_size() and set_rxfh() is assumed
> > to support setting the RSS key (and only the key). However,
> > mlx4_en_set_rxfh() will currently crash if a new indirection table is
> > not provided.
>
> Hi Ben.
>
> Is this a net-next only concern, or is it an existing problem in net
> tree ?
It's introduced by the above patch, as you seem to have worked out.
Drivers not implementing ethtool_ops::get_rxfh_key_size will always get
a non-null indir pointer (see commit 61d88c6811f2).
Ben.
--
Ben Hutchings
Never put off till tomorrow what you can avoid all together.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 27+ messages in thread* Re: [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper
2014-11-23 4:07 ` [PATCH net-next 12/14] mlx4: use netdev_rss_key_fill() helper Ben Hutchings
@ 2014-11-23 4:14 ` Eric Dumazet
0 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-23 4:14 UTC (permalink / raw)
To: Ben Hutchings
Cc: Eric Dumazet, David S. Miller, netdev, Thomas Lendacky,
Ariel Elior, Michael Chan, Prashant Sreedharan, Rasesh Mody,
Sathya Perla, Subbu Seetharaman, Ajit Khaparde, Jesse Brandeburg,
Jeff Kirsher, Amir Vadai, Shradha Shah, Shreyas Bhatewara
On Sun, 2014-11-23 at 04:07 +0000, Ben Hutchings wrote:
> It's introduced by the above patch, as you seem to have worked out.
> Drivers not implementing ethtool_ops::get_rxfh_key_size will always get
> a non-null indir pointer (see commit 61d88c6811f2).
Yep, thanks Ben ;)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH net-next 13/14] sfc: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (11 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 12/14] mlx4: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 14:23 ` [PATCH net-next 14/14] vmxnet3: " Eric Dumazet
2014-11-16 21:03 ` [PATCH net-next 00/14] net: provide common RSS key infrastructure David Miller
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use netdev_rss_key_fill() helper, as it provides better support for some
bonding setups.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Shradha Shah <sshah@solarflare.com>
---
drivers/net/ethernet/sfc/efx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/efx.c b/drivers/net/ethernet/sfc/efx.c
index b49d04886d4f..238482495e81 100644
--- a/drivers/net/ethernet/sfc/efx.c
+++ b/drivers/net/ethernet/sfc/efx.c
@@ -1616,7 +1616,7 @@ static int efx_probe_nic(struct efx_nic *efx)
goto fail2;
if (efx->n_channels > 1)
- get_random_bytes(&efx->rx_hash_key, sizeof(efx->rx_hash_key));
+ netdev_rss_key_fill(&efx->rx_hash_key, sizeof(efx->rx_hash_key));
for (i = 0; i < ARRAY_SIZE(efx->rx_indir_table); i++)
efx->rx_indir_table[i] =
ethtool_rxfh_indir_default(i, efx->rss_spread);
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* [PATCH net-next 14/14] vmxnet3: use netdev_rss_key_fill() helper
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (12 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 13/14] sfc: " Eric Dumazet
@ 2014-11-16 14:23 ` Eric Dumazet
2014-11-16 21:03 ` [PATCH net-next 00/14] net: provide common RSS key infrastructure David Miller
14 siblings, 0 replies; 27+ messages in thread
From: Eric Dumazet @ 2014-11-16 14:23 UTC (permalink / raw)
To: David S. Miller
Cc: netdev, Thomas Lendacky, Ariel Elior, Michael Chan,
Prashant Sreedharan, Rasesh Mody, Sathya Perla, Subbu Seetharaman,
Ajit Khaparde, Jesse Brandeburg, Jeff Kirsher, Amir Vadai,
Shradha Shah, Shreyas Bhatewara, Eric Dumazet
Use of well known RSS key increases attack surface.
Switch to a random one, using generic helper so that all
ports share a common key.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Shreyas Bhatewara <sbhatewara@vmware.com>
---
drivers/net/vmxnet3/vmxnet3_drv.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/net/vmxnet3/vmxnet3_drv.c b/drivers/net/vmxnet3/vmxnet3_drv.c
index 6dfcbf523936..afd295348ddb 100644
--- a/drivers/net/vmxnet3/vmxnet3_drv.c
+++ b/drivers/net/vmxnet3/vmxnet3_drv.c
@@ -2199,13 +2199,6 @@ vmxnet3_setup_driver_shared(struct vmxnet3_adapter *adapter)
if (adapter->rss) {
struct UPT1_RSSConf *rssConf = adapter->rss_conf;
- static const uint8_t rss_key[UPT1_RSS_MAX_KEY_SIZE] = {
- 0x3b, 0x56, 0xd1, 0x56, 0x13, 0x4a, 0xe7, 0xac,
- 0xe8, 0x79, 0x09, 0x75, 0xe8, 0x65, 0x79, 0x28,
- 0x35, 0x12, 0xb9, 0x56, 0x7c, 0x76, 0x4b, 0x70,
- 0xd8, 0x56, 0xa3, 0x18, 0x9b, 0x0a, 0xee, 0xf3,
- 0x96, 0xa6, 0x9f, 0x8f, 0x9e, 0x8c, 0x90, 0xc9,
- };
devRead->misc.uptFeatures |= UPT1_F_RSS;
devRead->misc.numRxQueues = adapter->num_rx_queues;
@@ -2216,7 +2209,7 @@ vmxnet3_setup_driver_shared(struct vmxnet3_adapter *adapter)
rssConf->hashFunc = UPT1_RSS_HASH_FUNC_TOEPLITZ;
rssConf->hashKeySize = UPT1_RSS_MAX_KEY_SIZE;
rssConf->indTableSize = VMXNET3_RSS_IND_TABLE_SIZE;
- memcpy(rssConf->hashKey, rss_key, sizeof(rss_key));
+ netdev_rss_key_fill(rssConf->hashKey, sizeof(rssConf->hashKey));
for (i = 0; i < rssConf->indTableSize; i++)
rssConf->indTable[i] = ethtool_rxfh_indir_default(
--
2.1.0.rc2.206.gedb03e5
^ permalink raw reply related [flat|nested] 27+ messages in thread* Re: [PATCH net-next 00/14] net: provide common RSS key infrastructure
2014-11-16 14:23 [PATCH net-next 00/14] net: provide common RSS key infrastructure Eric Dumazet
` (13 preceding siblings ...)
2014-11-16 14:23 ` [PATCH net-next 14/14] vmxnet3: " Eric Dumazet
@ 2014-11-16 21:03 ` David Miller
14 siblings, 0 replies; 27+ messages in thread
From: David Miller @ 2014-11-16 21:03 UTC (permalink / raw)
To: edumazet
Cc: netdev, Thomas.Lendacky, ariel.elior, mchan, prashant,
rasesh.mody, sathya.perla, subbu.seetharaman, ajit.khaparde,
jesse.brandeburg, jeffrey.t.kirsher, amirv, sshah, sbhatewara
From: Eric Dumazet <edumazet@google.com>
Date: Sun, 16 Nov 2014 06:23:04 -0800
> RSS (Receive Side Scaling) uses a 40 bytes key to provide hash for incoming
> packets to select appropriate incoming queue on NIC.
>
> Hash algo (Toeplitz) is also well known and documented by Microsoft
> (search for "Verifying the RSS Hash Calculation")
>
> Problem is that some drivers use a well known key.
> It makes very easy for attackers to target one particular RX queue,
> knowing that number of RX queues is a power of two, or at least some
> small number.
>
> Other drivers use a random value per port, making difficult
> tuning on bonding setups.
>
> Lets add a common infrastructure, so that host gets an unique
> RSS key, and drivers do not have to worry about this.
Looks good, series applied, thanks Eric.
^ permalink raw reply [flat|nested] 27+ messages in thread