lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 26 Sep 2011 09:57:17 -0700
From:	"Rose, Gregory V" <gregory.v.rose@...el.com>
To:	Stephen Hemminger <shemminger@...tta.com>
CC:	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"gospo@...hat.com" <gospo@...hat.com>
Subject: RE: [net-next 05/10] if_link: Add additional parameter to
 IFLA_VF_INFO for spoof checking

> -----Original Message-----
> From: netdev-owner@...r.kernel.org [mailto:netdev-owner@...r.kernel.org]
> On Behalf Of Stephen Hemminger
> Sent: Monday, September 26, 2011 9:21 AM
> To: Rose, Gregory V
> Cc: Kirsher, Jeffrey T; davem@...emloft.net; netdev@...r.kernel.org;
> gospo@...hat.com
> Subject: Re: [net-next 05/10] if_link: Add additional parameter to
> IFLA_VF_INFO for spoof checking
> 
> On Mon, 26 Sep 2011 09:18:34 -0700
> "Rose, Gregory V" <gregory.v.rose@...el.com> wrote:
> 
> > > -----Original Message-----
> > > From: Stephen Hemminger [mailto:shemminger@...tta.com]
> > > Sent: Sunday, September 25, 2011 10:23 AM
> > > To: Kirsher, Jeffrey T
> > > Cc: davem@...emloft.net; Rose, Gregory V; netdev@...r.kernel.org;
> > > gospo@...hat.com
> > > Subject: Re: [net-next 05/10] if_link: Add additional parameter to
> > > IFLA_VF_INFO for spoof checking
> > >
> > > On Sat, 24 Sep 2011 02:17:38 -0700
> > > Jeff Kirsher <jeffrey.t.kirsher@...el.com> wrote:
> > >
> > > > From: Greg Rose <gregory.v.rose@...el.com>
> > > >
> > > > Add configuration setting for drivers to turn spoof checking on or
> off
> > > > for discrete VFs.
> > > >
> > > > Signed-off-by: Greg Rose <gregory.v.rose@...el.com>
> > > > Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@...el.com>
> > > > ---
> > > >  include/linux/if_link.h   |    7 +++++++
> > > >  include/linux/netdevice.h |    3 +++
> > > >  net/core/rtnetlink.c      |   25 ++++++++++++++++++++++---
> > > >  3 files changed, 32 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/include/linux/if_link.h b/include/linux/if_link.h
> > > > index 0ee969a..8bd6d6d 100644
> > > > --- a/include/linux/if_link.h
> > > > +++ b/include/linux/if_link.h
> > > > @@ -279,6 +279,7 @@ enum {
> > > >  	IFLA_VF_MAC,		/* Hardware queue specific attributes
> */
> > > >  	IFLA_VF_VLAN,
> > > >  	IFLA_VF_TX_RATE,	/* TX Bandwidth Allocation */
> > > > +	IFLA_VF_SPOOFCHK,	/* Spoof Checking on/off switch */
> > > >  	__IFLA_VF_MAX,
> > > >  };
> > > >
> > > > @@ -300,12 +301,18 @@ struct ifla_vf_tx_rate {
> > > >  	__u32 rate; /* Max TX bandwidth in Mbps, 0 disables throttling
> */
> > > >  };
> > > >
> > > > +struct ifla_vf_spoofchk {
> > > > +	__u32 vf;
> > > > +	__u32 setting;
> > > > +};
> > > > +
> > > >  struct ifla_vf_info {
> > > >  	__u32 vf;
> > > >  	__u8 mac[32];
> > > >  	__u32 vlan;
> > > >  	__u32 qos;
> > > >  	__u32 tx_rate;
> > > > +	__u32 spoofchk;
> > > >  };
> > >
> > > This breaks ABI compatibility, unless you add some special case code
> > > to handle the case of tools sending the old ifla_vf_info. Users may
> have
> > > older version
> > > of ip utilities that send smaller size structure.
> >
> > The structure is not sent directly to the kernel from user space.  The
> kernel will get the information and stuff it into individual data units
> using NLA_PUT.  If the older tool doesn't ask for the info then that's
> fine so far as I can tell.
> >
> > The only issue I've seen is using the new ip tool on older kernels that
> don't supply the data.  You'll get a segmentation fault and core dump.
> However, I was under the impression that the general rule was to use a
> release of the ip tool only on the kernel it was released for or on newer
> kernels.
> >
> > - Greg
> 
> The tools need to run on older kernels. Think of Debian and other
> distributions which want to
> ship newer ip tools but run on old kernel.  In this case, what is expected
> is:
> # ip li some new option
> RTNETLINK: Invalid ...

That is what happens when you set the option on older kernels that don't support it.  In the do_setvfinfo() function in ../net/core/rtnetlink.c the default return value is EINVAL.  If the case for IFLA_VF_SPOOFCHK doesn't exist then it falls through and returns with the error value.

It's when you do the ip link show <dev> command on an older kernel that doesn't report the spoof check value that you get the segmentation fault in the ip tool.  I'll look at that and see what I can do to fix that up and respin the patch.

- Greg

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ