From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [PATCH net] tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
Date: Tue, 30 Jun 2020 20:40:05 -0400 (EDT) [thread overview]
Message-ID: <240687586.18247.1593564005555.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <CANn89iLvSSLRzRr0vPDNBfe_ukGecQZp4AN4ZODYjpebq643NQ@mail.gmail.com>
----- On Jun 30, 2020, at 8:34 PM, Eric Dumazet edumazet@google.com wrote:
> On Tue, Jun 30, 2020 at 5:27 PM Mathieu Desnoyers
> <mathieu.desnoyers@efficios.com> wrote:
>>
>> ----- On Jun 30, 2020, at 7:50 PM, Eric Dumazet edumazet@google.com wrote:
>>
>> > On Tue, Jun 30, 2020 at 4:47 PM Mathieu Desnoyers
>> > <mathieu.desnoyers@efficios.com> wrote:
>> >>
>> >> ----- On Jun 30, 2020, at 7:41 PM, Eric Dumazet edumazet@google.com wrote:
>> >>
>> >> > MD5 keys are read with RCU protection, and tcp_md5_do_add()
>> >> > might update in-place a prior key.
>> >> >
>> >> > Normally, typical RCU updates would allocate a new piece
>> >> > of memory. In this case only key->key and key->keylen might
>> >> > be updated, and we do not care if an incoming packet could
>> >> > see the old key, the new one, or some intermediate value,
>> >> > since changing the key on a live flow is known to be problematic
>> >> > anyway.
>> >>
>> >> What makes it acceptable to observe an intermediate bogus key during the
>> >> transition ?
>> >
>> > If you change a key while packets are in flight, the result is that :
>> >
>> > 1) Either your packet has the correct key and is handled
>> >
>> > 2) Or the key do not match, packet is dropped.
>> >
>> > Sender will retransmit eventually.
>>
>> This train of thoughts seem to apply to incoming traffic, what about outgoing ?
>
>
> Outgoing path is protected by the socket lock.
>
> You can not change the TCP MD5 key while xmit is in progress.
Allright, this is the part I missed, thanks!
Mathieu
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
next prev parent reply other threads:[~2020-07-01 0:40 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-30 23:41 [PATCH net] tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() Eric Dumazet
2020-06-30 23:47 ` Mathieu Desnoyers
2020-06-30 23:50 ` Eric Dumazet
2020-07-01 0:27 ` Mathieu Desnoyers
2020-07-01 0:34 ` Eric Dumazet
2020-07-01 0:40 ` Mathieu Desnoyers [this message]
2020-07-01 0:52 ` Hideaki Yoshifuji
2020-07-01 0:55 ` Eric Dumazet
2020-07-01 1:53 ` Mathieu Desnoyers
2020-07-01 1:15 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=240687586.18247.1593564005555.JavaMail.zimbra@efficios.com \
--to=mathieu.desnoyers@efficios.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).