Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5354620rwl; Tue, 21 Mar 2023 17:50:51 -0700 (PDT) X-Google-Smtp-Source: AK7set/4ZVFRCYeQv/n6VdW0YfyA+74zsRalUMRzPixcg8ShsdYd+ND1eE8aC4QIUccRB4dUBBkQ X-Received: by 2002:a17:906:749d:b0:92c:fc0:b229 with SMTP id e29-20020a170906749d00b0092c0fc0b229mr4703589ejl.0.1679446250846; Tue, 21 Mar 2023 17:50:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679446250; cv=none; d=google.com; s=arc-20160816; b=ZtqN5C7X0SynQmXUkp2tIW4LxYS0EzSBDOWhm2+BOoeDVQzgVgbgIA+6hYphSGwcLc 0oyJ1l6TCPx3KjewDY32OH3B3lrSKsVLS2Hjf6GeCKShaMqu/CZngERwlQ+gKJl9p5ZQ ImJf04d2SeyXZ6kqWLOTeImWEG7tEweoWvs4n0nRn6MpITmKWX702VQawIW0gHgetF7J aohZN/1NRxQVYMCIu6CUx6BxWtOm0CgZuIIVCquubOm8kIUVmnXvSvVPJMkd7a+4t2kp 0Hu0455Up3nymqtIajnTtSFWgldNaDAUYOUbil3U58CGhJdndS6dy+zY5rxe217Wmzpq CQ5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=/QpOu03OMHxoyPFRrcM3jxdNE487xqKrAW2wGh931kM=; b=yS7d53JCnQ1pQdXazhrRtBVl7K+hYOmfevsuSWATjCtV+sw/quLEZ3FTbM0ArRjYve JuKbLxEbveh77IXsYoQfJNlRGmIhZEjviRkSbatcUzhnl8m+ax8HpY/QmSTIVdqLrMGh ICp8SWUFfYHN61NjTzmgFsEF8yXl770u50+pG+H+hC/iCjrAxAthteEKb57WlqmXgfdg 0qAE2fG1giwEzXyT7kbIJQ5J9UKMe7Mf33Dsy8Mm7Wyqrdkxt5X4UiNK0KGY/U2Ww279 pW8FF4c4qTNnSoJ8KvFijxx62T1njdClnVDYDT/fq8WAV5FDuynP8DETdAHaC8GR1IJz sNnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=H8RBSaQO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m6-20020a1709060d8600b00930b13f6ab1si14492143eji.642.2023.03.21.17.50.26; Tue, 21 Mar 2023 17:50:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=H8RBSaQO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229713AbjCVAsr (ORCPT + 99 others); Tue, 21 Mar 2023 20:48:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229806AbjCVAsm (ORCPT ); Tue, 21 Mar 2023 20:48:42 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 679A8106 for ; Tue, 21 Mar 2023 17:47:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1679446076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/QpOu03OMHxoyPFRrcM3jxdNE487xqKrAW2wGh931kM=; b=H8RBSaQODZWXM9/NYRhEyViZ+rcc7paDveHTxmyGhFd0OV0nd80ZwZXDxsr+V5v+JF8JDJ da2L1pbKVQl0KyTZhG12pb9p70tU5j6OhgLpp0v4Mw0e+LYzNXN3U8AduTHFcOb39ajfmU OSrPiJpIpBMwoQNTma551KFepqti4f4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-574-8upX8vKWM_uqw-iYU6elwA-1; Tue, 21 Mar 2023 20:47:53 -0400 X-MC-Unique: 8upX8vKWM_uqw-iYU6elwA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7DE46185A791; Wed, 22 Mar 2023 00:47:52 +0000 (UTC) Received: from ovpn-8-18.pek2.redhat.com (ovpn-8-17.pek2.redhat.com [10.72.8.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5D5242166B29; Wed, 22 Mar 2023 00:47:46 +0000 (UTC) Date: Wed, 22 Mar 2023 08:47:41 +0800 From: Ming Lei To: Eric Blake Cc: josef@toxicpanda.com, linux-block@vger.kernel.org, nbd@other.debian.org, philipp.reisner@linbit.com, lars.ellenberg@linbit.com, christoph.boehmwalder@linbit.com, corbet@lwn.net, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, ming.lei@redhat.com Subject: Re: [PATCH v2 2/5] block nbd: send handle in network order Message-ID: References: <20230317202749.419094-1-eblake@redhat.com> <20230317202749.419094-3-eblake@redhat.com> <20230321135900.ni4w5ichvjba7s4u@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230321135900.ni4w5ichvjba7s4u@redhat.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 21, 2023 at 08:59:00AM -0500, Eric Blake wrote: > On Tue, Mar 21, 2023 at 07:20:33AM +0800, Ming Lei wrote: > > On Fri, Mar 17, 2023 at 03:27:46PM -0500, Eric Blake wrote: > > > The NBD spec says the client handle (or cookie) is opaque on the > > > server, and therefore it really doesn't matter what endianness we use; > > > to date, the use of memcpy() between u64 and a char[8] has exposed > > > native endianness when treating the handle as a 64-bit number. > > > > No, memcpy() works fine for char[8], which doesn't break endianness. > > I didn't say memcpy() breaks endianness, I said it preserves it. By > using memcpy(), you are exposing native endianness over the wire. > Thus, even though a server should not be making any decisions based on > the content of the handle (it is an opaque value handed back to the > client unchanged), the current kernel client code DOES leak through > information about whether the client is big- or little-endian; How is the client cpu endianness leaked with handle defined as char[8]? Suppose it is leaked, is it really one issue? Cause most of CPUs in the world is little-endian. > contrast to the NBD protocol saying that ALL data is > network-byte-order. That doesn't make sense for any data defined as char[] or byte which needn't to be little or big endian. > > > > > > However, since NBD protocol documents that everything else is in > > > network order, and tools like Wireshark will dump even the contents of > > > the handle as seen over the network, it's worth using a consistent > > > ordering regardless of the native endianness. > > > > > > Plus, using a consistent endianness now allows an upcoming patch to > > > simplify this to directly use integer assignment instead of memcpy(). > > > > It isn't necessary, given ->handle is actually u64, which is handled by > > nbd client only. > > No, re-read the whole series. ->handle is actually char[8]. Later in > the series adds ->cookie as __be64 as an alias to ->handle, precisely > so that we are converting the u64 'handle' in kernel code into a > big-endian value on the wire, regardless of the host type, and making > it impossible for a server to inspect the wire data and learn the > kernel's endianness. How does server learn the client cpu endianness in this way? Is it really one issue? > > > > > > > > > Signed-off-by: Eric Blake > > > > > > --- > > > v2: new patch > > > --- > > > drivers/block/nbd.c | 10 +++++++--- > > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > > > diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c > > > index 592cfa8b765a..8a9487e79f1c 100644 > > > --- a/drivers/block/nbd.c > > > +++ b/drivers/block/nbd.c > > > @@ -560,6 +560,7 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) > > > unsigned long size = blk_rq_bytes(req); > > > struct bio *bio; > > > u64 handle; > > > + __be64 tmp; > > > u32 type; > > > u32 nbd_cmd_flags = 0; > > > int sent = nsock->sent, skip = 0; > > > @@ -606,7 +607,8 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) > > > request.len = htonl(size); > > > } > > > handle = nbd_cmd_handle(cmd); > > > - memcpy(request.handle, &handle, sizeof(handle)); > > > + tmp = cpu_to_be64(handle); > > > + memcpy(request.handle, &tmp, sizeof(tmp)); > > > > This way copies handle two times, really not fun. > > Indeed. And as mentioned in the commit message, it is temporary; the > second copy goes away later in the series once we can use direct > integer assignment. Then please merge with following patch, given it is hard to review temporary change. thanks, Ming