lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <DM5PR21MB0476D3B9A9FF0DAA06256905A09D0@DM5PR21MB0476.namprd21.prod.outlook.com>
Date:   Thu, 31 Aug 2017 20:21:45 +0000
From:   KY Srinivasan <kys@...rosoft.com>
To:     Eduardo Otubo <otubo@...hat.com>
CC:     Haiyang Zhang <haiyangz@...rosoft.com>,
        Stephen Hemminger <stephen@...workplumber.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "devel@...uxdriverproject.org" <devel@...uxdriverproject.org>,
        Stephen Hemminger <sthemmin@...rosoft.com>,
        David Miller <davem@...emloft.net>
Subject: RE: [PATCHv2] hv_set_ifconfig.sh double check before setting ip



> -----Original Message-----
> From: Eduardo Otubo [mailto:otubo@...hat.com]
> Sent: Thursday, August 31, 2017 1:17 AM
> To: KY Srinivasan <kys@...rosoft.com>
> Cc: Haiyang Zhang <haiyangz@...rosoft.com>; Stephen Hemminger
> <stephen@...workplumber.org>; linux-kernel@...r.kernel.org;
> devel@...uxdriverproject.org; Stephen Hemminger
> <sthemmin@...rosoft.com>; David Miller <davem@...emloft.net>
> Subject: Re: [PATCHv2] hv_set_ifconfig.sh double check before setting ip
> 
> On Mon, Aug 28, 2017 at 04:48:32PM +0000, KY Srinivasan wrote:
> >
> >
> > > -----Original Message-----
> > > From: Haiyang Zhang
> > > Sent: Monday, August 28, 2017 8:57 AM
> > > To: Stephen Hemminger <stephen@...workplumber.org>; Eduardo
> Otubo
> > > <otubo@...hat.com>; KY Srinivasan <kys@...rosoft.com>
> > > Cc: linux-kernel@...r.kernel.org; devel@...uxdriverproject.org; Stephen
> > > Hemminger <sthemmin@...rosoft.com>; David Miller
> > > <davem@...emloft.net>
> > > Subject: RE: [PATCHv2] hv_set_ifconfig.sh double check before setting ip
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Stephen Hemminger [mailto:stephen@...workplumber.org]
> > > > Sent: Monday, August 28, 2017 11:16 AM
> > > > To: Eduardo Otubo <otubo@...hat.com>
> > > > Cc: linux-kernel@...r.kernel.org; devel@...uxdriverproject.org;
> Haiyang
> > > > Zhang <haiyangz@...rosoft.com>; Stephen Hemminger
> > > > <sthemmin@...rosoft.com>; David Miller <davem@...emloft.net>
> > > > Subject: Re: [PATCHv2] hv_set_ifconfig.sh double check before setting
> ip
> > > >
> > > > On Mon, 28 Aug 2017 12:01:21 +0200
> > > > Eduardo Otubo <otubo@...hat.com> wrote:
> > > >
> > > > > v2: The script is now a little bit safer so it doesn't conflicts with
> > > > > network daemon trying to set configurations at the same time.
> > > > >
> > > > > This patch fixes the behavior of the hv_set_ifconfig script when
> > > > setting
> > > > > the interface ip. Sometimes the interface has already been
> configured
> > > > by
> > > > > network daemon, in this case hv_set_ifconfig causes "RTNETLINK: file
> > > > > exists error"; in order to avoid this error this patch makes sure
> > > > double
> > > > > checks the interface before trying anything.
> > > > >
> > > > > Signed-off-by: Eduardo Otubo <otubo@...hat.com>
> > > >
> > > > Adding new dependency on systemd is not going to make this script
> > > > even less useful.  I wonder why the script still exists at all? Most of
> > > > the
> > > > Linux distro's can already setup HV networking without it.
> > > >
> > >
> > > This script is used by a host to inject IP into guests. KY knows more
> > > details about it.
> >
> > I wrote this script initially to provide an example script for Distros to base
> their solution on.
> > KVP supports IP injection to enable VM migration. For this scenario, I think
> we recommend that NM be
> > disabled.
> >
> 
> So, what you're saying is that this should be fixed downstream,
> instead? This solution seems pretty safe for me and long term we can
> think about something else that could get rid of this script. So NM or
> whatever is in use can actually do the configuration.
> 
> Any chance to have this patch ACK'd as a form of a short term
> solution?

Given that this is just an example script to be customized on a per Distro basis, do
you still see value in making this change upstream. In any case, as Olaf noted the delay will
cause problems. One option would be to simply fail if network scripts are running. As you say, if you
are making sure that the KVP daemon is only run after the network script have executed, this restriction
(failing if the scripts are active) should not be an issue.

Regards,

K. Y 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ