lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <m13awld27l.fsf@ebiederm.dsl.xmission.com>
Date:	Mon, 08 Oct 2007 10:02:22 -0600
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	"Denis V. Lunev" <den@...ru>
Cc:	David Miller <davem@...emloft.net>, herbert@...dor.apana.org.au,
	jeff@...zik.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org,
	Pavel Emelyanov <xemul@...nvz.org>
Subject: Re: [NET] IPv6 oops bisected

"Denis V. Lunev" <den@...ru> writes:

> David Miller wrote:
>> From: "Denis V. Lunev" <den@...ru>
>> Date: Mon, 08 Oct 2007 10:34:23 +0400
>> 
>>> OK. I am installing Fedora 7 right now...
>> 
>> You don't need to install Fedora, just read the code! :-)
>> 
>> The bug is obvious and it's been explained thoroughly in this
>> thread.
>> 
>> When 'dev' is NULL in ip6_route_add() we need to figure out what
>> namespace and/or loopback device you want to use.
>> 
>> There is no reason to do an entire dist install to work on fixing this
>> bug, yikes!
>
> I do understand the conditions when the bug happens. Its completely
> clear :) Though I do not understand how to trigger it from command line
> to test that the problem is resolved. Jeff was not kind enough to give
> exact command line :(
>
> The unfortunate thing with this place is that original Eric's code is
> also broken here. I was too optimistic working on the original patchset.
> In other way, but broken :(
>
> So, I must stop and think...

Denis. My original patch was fine.  That patch trivially replaced
loopback_dev with init_net.loopback_dev.   That only works for the
initial network namespace.  But until you allow multiple instances of
the network namespace into the ipv6 code the network namespace must
be init_net.

I agree hard coded the init_net.loopback_dev is not where we want to
end up but it does make a good intermediate step.  To allow simple and
stupid intermediate steps is why my original patchset very carefully
filtered every code path into the other layers of the network stack.

At a quick skim through that portion of the code. When we fully convert
it we want to add a network namespace parameter to struct fib6_config,
populate struct fib6_config from the socket that user space is using
to communicate with us.  Then in rt6_route_add and it's friends we
will have the information we need.

Further for the lower layers like ip6_fib.c struct flowi and struct
nl_info will also contain a network namespace parameter.  Which I
think is sufficient to get the network namespace information where
we need it for ipv6 routing.

So Denis do you think you could retry your original patch very
carefully one subsystem at a time instead of all across the entire
tree?

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ