lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Nov 2017 11:26:09 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Chris Leech' <cleech@...hat.com>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "containers@...ts.linux-foundation.org" 
        <containers@...ts.linux-foundation.org>
Subject: RE: [PATCH 0/9] use network namespace for iSCSI control interfaces

From: Chris Leech
> Sent: 15 November 2017 00:25
> To: David Laight
> Cc: netdev@...r.kernel.org; containers@...ts.linux-foundation.org
> Subject: Re: [PATCH 0/9] use network namespace for iSCSI control interfaces
> 
> On Wed, Nov 08, 2017 at 10:31:04AM +0000, David Laight wrote:
> > From: Chris Leech
> > > Sent: 07 November 2017 22:45
> > >
> > > I've posted these changes to allow iSCSI management within a container
> > > using a network namespace to the SCSI and Open-iSCSI lists, but seeing
> > > as it's not really SCSI/block related I'm casting a wider net looking
> > > for reviews.
> >
> > I didn't spot you acquiring and releasing references to the namespace.
> > (I might have missed it, the relevant patch is difficult to read).
> >
> > If the sockets are created in the context of the process whose namespace
> > you are using you don't need it, but given the hooks and callbacks
> > I'm not at all sure that is obviously true.
> 
> Thanks David,
> 
> Looking at it again, you're right and I think I need to hold a reference
> for the iSCSI host and handle namespace deletion.  Even for iscsi_tcp
> the socket gets handed off from the creating process to the transport
> and can outlive iscsid.

It isn't that simple....
IIRC:

The namespace delete callback isn't made until the reference count is zero.
Sockets created with sock_create_kern() don't hold a reference to the
namespace

This is all fine for sockets used for admin purposes, but rather hopeless
if you really need the namespace to continue to exist while the connections
are open - if only for long enough to close the connection.

To make matters even more annoying the functions for holding and
releasing a namespace are GPL_ONLY :-(

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ