lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Oct 2016 09:52:53 +0300
From:   Cyrill Gorcunov <gorcunov@...il.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org, Eric Dumazet <eric.dumazet@...il.com>,
        David Ahern <dsa@...ulusnetworks.com>,
        Andrey Vagin <avagin@...nvz.org>
Subject: Re: [RFC net-next iproute2 1/2] libnetlink: Add test for error code
 returned from netlink reply

On Wed, Oct 26, 2016 at 08:52:56PM -0700, Stephen Hemminger wrote:
> On Wed, 26 Oct 2016 22:30:07 +0300
> Cyrill Gorcunov <gorcunov@...il.com> wrote:
> 
> >  
> >  				if (h->nlmsg_type == NLMSG_DONE) {
> > +					int len;
> > +
> > +					/*
> > +					 * The kernel reports if there is
> > +					 * no inet-diag module present in
> > +					 * the system via negative length
> > +					 * as error code.
> > +					 */
> > +					if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
> > +						fprintf(stderr, "Truncated length reply\n");
> > +						return -1;
> > +					}
> > +					len = *(int *)NLMSG_DATA(h);
> > +					if (len < 0) {
> > +						errno = -len;
> > +						if (errno == ENOENT ||
> > +						    errno == EOPNOTSUPP)
> > +							return -1;
> > +						perror("RTNETLINK answers");
> > +						return len;
> > +					}
> >  					found_done = 1;
> >  					break; /* process next filter */
> >  				
> 
> This looks like a mistake in how you implemented the functionality in the kernel.
> Despite what it looks like, all netlink request/reply functionality reports
> errors in current implementation by returning error to the sendmsg request.
> 
> What you added implies that the new kernel api is wrong, or many other usages
> are wrong.  Please fix the kernel.

No. This is not my code. This code has been in kernel for the really long time.
I don't know why you've not been doing such test in libnetlink before.

Actually I've hit this problem accidentaly -- I made a patch 2 from this
set and run it on the machine where kernel was unpatched, ie without
raw-diag module, and I found that we can't figure out if kernel notified
us that some diag module simply not present in the system. And here is
the only way to find it out.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ