lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Jun 2017 14:47:39 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     julien@...sta.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next 1/2] ipmr: restrict mroute "queue full"
 warning to related error values

From: Julien Gomes <julien@...sta.com>
Date: Fri, 23 Jun 2017 10:52:26 -0700

> On 06/23/2017 10:39 AM, David Miller wrote:
> 
>> From: Julien Gomes <julien@...sta.com>
>> Date: Wed, 21 Jun 2017 10:58:10 -0700
>>
>>> When sending a cache report on mroute_sk, mroute will emit a
>>> "pending queue full" warning for every error value returned by
>>> sock_queue_rcv_skb().
>>> This warning can be misleading, for example on the EPERM error value
>>> that sk_filter() can return.
>>>
>>> Restricting this warning to only ENOMEM or ENOBUFS seems more
>>> appropriate.
>>>
>>> Signed-off-by: Julien Gomes <julien@...sta.com>
>> Incorrect, no other error codes are possible.
>>
>> We never attach a socket filter to these kernel internal sockets,
>> therefore sk_filter() is not even applicable in this analysis.
>>
>> Therefore, -ENOBUFS and -ENOMEM are the only errors we can ever see
>> returned from sock_queue_rcv_skb().
>>
>> This goes for your second patch as well.
> 
> Up to now I would agree, but now that cache reports are also sent
> through Netlink, wouldn't it make sense to allow the user of mroute_sk
> to attach a filter to it in order to not receive cache reports on it?

There is not visibility of this socket outside of the kernel.

I doubt it would ever be exported in any way, and until it would
be so worrying about this is truly a huge waste of time and developer
resources.

Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ