lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 6 Dec 2019 00:08:35 +0100
From:   Valentin Vidić <vvidic@...entin-vidic.from.hr>
To:     Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc:     Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Boris Pismenny <borisp@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        "David S. Miller" <davem@...emloft.net>,
        Network Development <netdev@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] net/tls: Fix return values to avoid ENOTSUPP

On Thu, Dec 05, 2019 at 04:26:14PM -0500, Willem de Bruijn wrote:
> > I based these on the description from the sendmsg manpage, but you decide:
> >
> > EOPNOTSUPP
> >     Some bit in the flags argument is inappropriate for the socket type.
> 
> Interesting. That is a narrower interpretation than asm-generic/errno.h
> 
>   #define EOPNOTSUPP      95      /* Operation not supported on
> transport endpoint */
> 
> which is also the string that strerror() generates.

Found one interesting example where EINVAL seems to mean "this value will never work"
and EOPNOTSUPP means "this value will not work in the current state/type of socket":

        case TCP_FASTOPEN_CONNECT:
                if (val > 1 || val < 0) {
                        err = -EINVAL;
                } else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {
                        if (sk->sk_state == TCP_CLOSE)
                                tp->fastopen_connect = val;
                        else
                                err = -EINVAL;
                } else {
                        err = -EOPNOTSUPP;
                }
                break;

> I think there is a fundamental difference between, say, passing an
> argument of incorrect length (optlen < sizeof(..)) and asking for a
> possibly unsupported cipher mode. But consistency trumps that.
> 
> I don't mean to drag this out by bike-shedding.
> 
> Happy to defer to maintainers on whether the errno on published code
> can and should be changed, which is the more fundamental issue than
> the exact errno.
> 
> FWIW, I also did not see existing openssl and gnutls callers test the
> specific errno. The calls just fail on any setsockopt return value -1.

Right, I'm also fine with whatever the maintainer decides to take :)

-- 
Valentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ