Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2111490imm; Sat, 28 Jul 2018 09:28:02 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdCTnyAFmSt8zqvjMvdiBBoKD6MGnT7/oZ8rsyBictNp0SBwznTW48z0sX65g+nCN6Cme8U X-Received: by 2002:a63:bf43:: with SMTP id i3-v6mr10314469pgo.342.1532795281974; Sat, 28 Jul 2018 09:28:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532795281; cv=none; d=google.com; s=arc-20160816; b=wKmenINKXfdjUDATp64OBDFakjQddkxly9kSPQvKcliBrFgb3l1RfitXbSgvN6HkRU 2UtthQS5Ey/GfSTyUeAmryvUPaEyCtRkSfcBX8GJcRp30zutpwlzR0u1fPiaJAVmG6kI KSmJ5x1ZFKVy74c3YHm7qK8X09tuD5Vxeoz8yV6mZSBWY2dimplYpRCENGaBkKVdCdvQ OSWrBucEX04CdZ4XAnOBPMQZf4bg9rs925P1P9FG+JbBF7K7MJ759kR3Sm8fvy4vTQFC eqZRnEihkpocFGvMCv3fat080ColpR5kw6qgchNybA2XkcUwemUc71oJEnY55BwAf0JA nxlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=n7+L4GqPbxZP4/dH4uzDfjMNyVc/hIi3LHfAPgk6uFQ=; b=yuThCj7fVYLdT+TbapazTsWgm9KQJYaIbOYo+FN5V2P3Oa8E9jHA+Aem0nG+6606i2 Sb/uv31La86YlIwtCqRc0qIffwfxEK5aIXlBEU7EFp+XwvEYW9QZAdFppD5MsjZ2bjfQ 9d7S4s+yibtuijm6WUABNdkr6YlewGo/tZcE7IoaTnZyFgKaBkoRJx1E3ie7pJV5b1Lv qWSFjjVqloA2Y9Uz+UM2f20S+XbFot7tOJ3LBXbcYrwYgSzHeYZdd7GSqknW+yUVo4xy F6bFsdYjTi8BqiAhE8E+ryn5zgl15n7RfCIyhRqom3XYb1LsSLQ/X3YXz9Lj8y2bqEAB GO7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=gATr94cO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v3-v6si5858385plo.208.2018.07.28.09.27.47; Sat, 28 Jul 2018 09:28:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=gATr94cO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729222AbeG1RyC (ORCPT + 99 others); Sat, 28 Jul 2018 13:54:02 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:44238 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729164AbeG1RyC (ORCPT ); Sat, 28 Jul 2018 13:54:02 -0400 Received: by mail-wr1-f66.google.com with SMTP id r16-v6so8122249wrt.11 for ; Sat, 28 Jul 2018 09:26:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=n7+L4GqPbxZP4/dH4uzDfjMNyVc/hIi3LHfAPgk6uFQ=; b=gATr94cOmJEqeHDPB6K1Xlzzo+mr0yVK0zKyJc0qcEc6jT9e4MA4O+6f9SnyhZ2wxk qSQikEErC5FPKv+ntGVFJXvNAOLuRN1H3BR9hP5IWZuwWkcS2ZA9LGKY6YOv/uNG8YOT m8eiYPzC32iWrDySbqs6MX2Ue4aG0HN0Shy/2iDyCNIq60KdaAEhb/gwhb547o2NSU9x 3MFQNIsslESCrhAcdZ/WLVZVD5u//VX11AZtFuvKrnSctqv4RksSNfLFObhJnGUXJNYp OY0veQL1ukMwz9y1EmnZt0uGt4Kq8zqnMYYKiuNMCp52bXqHQ9UmnXrx5x0a+g8qcnC3 TtYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=n7+L4GqPbxZP4/dH4uzDfjMNyVc/hIi3LHfAPgk6uFQ=; b=l50O1RQyY2aAxDts2jGBTxGxzs5D7wr7ItL0mbMqYPgXnPWSQ8V4n5sNbiQst5psS2 duh6kdGOXAgHt2qpeh0I0cz2M+ebJFj62HM6sYCzXWOnLS4UaQtUi/9k3c6bJdQ8Gbut j86/DWRvEnpJBiIWOrJWKGxZJP79icWkJH8usijp9YaPXdrc4AjveoeHjym2cSfRCXD1 QHBj3gzEbBS7fEmyTnWOeiyeRwn+CmrmOlukN44owdzyp3aJ627SNRx/DZZ+zthqtZJA YPL4kQOkZAi6/zSCHqN37Wxm1JYu1y5C/QKfZvJYkn3mBvXmC+Wquz+pMNzwe0yECt0H htCQ== X-Gm-Message-State: AOUpUlF4wnuymqbK/bryNZd/18GEBHGqLhVwQ9O/BlMl/CVudVAaq96Q 3v6zRYGnWlR9vGTnCekunqNwSBC/G+g= X-Received: by 2002:adf:9996:: with SMTP id y22-v6mr10357518wrb.69.1532795218317; Sat, 28 Jul 2018 09:26:58 -0700 (PDT) Received: from dhcp.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id b2-v6sm8491394wmh.20.2018.07.28.09.26.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 28 Jul 2018 09:26:57 -0700 (PDT) Message-ID: <1532795215.2679.27.camel@arista.com> Subject: Re: [PATCH 00/18] xfrm: Add compat layer From: Dmitry Safonov To: Nathan Harold Cc: Florian Westphal , Steffen Klassert , linux-kernel@vger.kernel.org, "David S. Miller" , Herbert Xu , Dmitry Safonov <0x7f454c46@gmail.com>, netdev@vger.kernel.org, Andy Lutomirski , Ard Biesheuvel , "H. Peter Anvin" , Ingo Molnar , John Stultz , "Kirill A. Shutemov" , Oleg Nesterov , Stephen Boyd , Steven Rostedt , Thomas Gleixner , x86@kernel.org, linux-efi@vger.kernel.org, Andrew Morton , Greg Kroah-Hartman , Mauro Carvalho Chehab , Shuah Khan , linux-kselftest@vger.kernel.org, Eric Paris , Jozsef Kadlecsik , Pablo Neira Ayuso , Paul Moore , coreteam@netfilter.org, linux-audit@redhat.com, netfilter-devel@vger.kernel.org, Fan Du Date: Sat, 28 Jul 2018 17:26:55 +0100 In-Reply-To: References: <20180726023144.31066-1-dima@arista.com> <20180726084959.pzjvflfjq6a76du6@breakpoint.cc> <20180727073747.h27dtojlnmc3k25v@gauss3.secunet.de> <1532700173.2679.18.camel@arista.com> <20180727141936.uze6ohordx7ue3no@breakpoint.cc> <1532703111.2679.20.camel@arista.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-07-27 at 09:48 -0700, Nathan Harold wrote: > We (Android) are very interested in removing the restriction for 32- > bit userspace processes accessing xfrm netlink on 64-bit kernels. > IPsec support is required to pass Android conformance tests, and any > manufacturer wishing to ship 32-bit userspace with a recent kernel > needs out-of-tree changes (removing the compat_task check) to do so. Glad to hear - that justify my attempts more :) > That said, it’s not difficult to work around alignment issues > directly in userspace, so maybe we could just remove the check and > make this the caller's responsibility? Here’s an example of the > workaround currently in the Android tree: > https://android.googlesource.com/platform/system/netd/+/refs/heads/ma > ster/server/XfrmController.h#257 We've kinda same workarounds in our userspace.. But I don't think reverting the check makes much sense - it'll make broken compat ABI in stone. If you're fine with disgraceful hacks and just want to get rid of additional non-mainstream patch - you can make 64-bit syscalls from 32- bit task (hint: examples in x86 selftests). > We could also employ a (relatively simple) solution such as the one > above in the uapi XFRM header itself, though it would require a > caller to declare the target kernel ABI at compile time. Maybe that’s > not unthinkable for an uncommon case? Well, I think, I'll rework my patches set according to critics and separate compat xfrm layer. I've already a selftest to check that 32/64 bit xfrm works - so the most time-taking part is done. So, if you'll wait a week or two - you may help me to justify acception of mainstreaming those patches. > On Fri, Jul 27, 2018 at 7:51 AM, Dmitry Safonov > wrote: > > On Fri, 2018-07-27 at 16:19 +0200, Florian Westphal wrote: > > > Dmitry Safonov wrote: > > > > 1. It will double copy netlink messages, making it O(n) instead > > of > > > > O(1), where n - is number of bind()s.. Probably we don't care > > much. > > > > > > About those bind() patches, I don't understand why they are > > needed. > > > > > > Why can't you just add the compat skb to the native skb when > > doing > > > the multicast call? > > > > > > skb_shinfo(skb)->frag_list = compat_skb; > > > xfrm_nlmsg_multicast(net, skb, 0, ... > > > > Oh yeah, sorry, I think I misread the patch - will try to add > > compat > > skb in the multicast call. > > -- Thanks, Dmitry