| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2012 02:56:11 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: "K. Y. Srinivasan" <kys@...rosoft.com>,
linux-kernel@...r.kernel.org, devel@...uxdriverproject.org,
virtualization@...ts.osdl.org, olaf@...fle.de, apw@...onical.com
Subject: Re: [PATCH V2 02/18] Drivers: hv: Add KVP definitions for IP
address injection
On Mon, 2012-08-13 at 18:38 -0700, Greg KH wrote:
> On Mon, Aug 13, 2012 at 10:06:51AM -0700, K. Y. Srinivasan wrote:
> > Add the necessary definitions for supporting the IP injection functionality.
[...]
> > --- a/include/linux/hyperv.h
> > +++ b/include/linux/hyperv.h
> > @@ -122,12 +122,53 @@
> > #define REG_U32 4
> > #define REG_U64 8
> >
> > +/*
> > + * As we look at expanding the KVP functionality to include
> > + * IP injection functionality, we need to maintain binary
> > + * compatibility with older daemons.
> > + *
> > + * The KVP opcodes are defined by the host and it was unfortunate
> > + * that I chose to treat the registration operation as part of the
> > + * KVP operations defined by the host.
> > + * Here is the level of compatibility
> > + * (between the user level daemon and the kernel KVP driver) that we
> > + * will implement:
> > + *
> > + * An older daemon will always be supported on a newer driver.
> > + * A given user level daemon will require a minimal version of the
> > + * kernel driver.
> > + * If we cannot handle the version differences, we will fail gracefully
> > + * (this can happen when we have a user level daemon that is more
> > + * advanced than the KVP driver.
> > + *
> > + * We will use values used in this handshake for determining if we have
> > + * workable user level daemon and the kernel driver. We begin by taking the
> > + * registration opcode out of the KVP opcode namespace. We will however,
> > + * maintain compatibility with the existing user-level daemon code.
> > + */
> > +
> > +/*
> > + * Daemon code not supporting IP injection (legacy daemon).
> > + */
> > +
> > +#define KVP_OP_REGISTER 4
>
> Huh?
>
> > +/*
> > + * Daemon code supporting IP injection.
> > + * The KVP opcode field is used to communicate the
> > + * registration information; so define a namespace that
> > + * will be distinct from the host defined KVP opcode.
> > + */
> > +
> > +#define KVP_OP_REGISTER1 100
> > +
> > enum hv_kvp_exchg_op {
> > KVP_OP_GET = 0,
> > KVP_OP_SET,
> > KVP_OP_DELETE,
> > KVP_OP_ENUMERATE,
> > - KVP_OP_REGISTER,
> > + KVP_OP_GET_IP_INFO,
> > + KVP_OP_SET_IP_INFO,
>
> So you overloaded the command and somehow think that is ok? How is that
> supposed to work? Why not just always keep it there, but fail if it is
> called as you know you have a mismatch?
>
> Otherwise, again, you just broke older tools on a newer kernel.
>
> Or am I missing something here?
You are. The above enumeration is for the hypervisor-to-guest protocol,
whereas KVP_OP_REGISTER and KVP_OP_REGISTER1 are only used between
daemon and driver. The registration operation code should have been
defined as a sufficiently high value to avoid collision.
However, since the daemon will always send one of the registration
operations at start of day (and then never again), it seems that the
driver can avoid confusing registration with a reply to
KVP_OP_GET_IP_INFO. Instead, the two registration operation codes
distinguish the capabilities of the daemon and actually aid backward
compatibility.
Ben.
--
Ben Hutchings
I say we take off; nuke the site from orbit. It's the only way to be sure.
Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)
Powered by blists - more mailing lists