lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200525100322.sjlfxhz2ztrfjia7@lion.mk-sys.cz>
Date:   Mon, 25 May 2020 12:03:22 +0200
From:   Michal Kubecek <mkubecek@...e.cz>
To:     netdev@...r.kernel.org
Cc:     Horatiu Vultur <horatiu.vultur@...rochip.com>,
        nikolay@...ulusnetworks.com, roopa@...ulusnetworks.com,
        davem@...emloft.net, kuba@...nel.org, andrew@...n.ch,
        UNGLinuxDriver@...rochip.com, bridge@...ts.linux-foundation.org,
        linux-kernel@...r.kernel.org
Subject: Re: MRP netlink interface

On Mon, May 25, 2020 at 11:28:27AM +0000, Horatiu Vultur wrote:
[...]
> My first approach was to extend the 'struct br_mrp_instance' with a field that
> contains the priority of the node. But this breaks the backwards compatibility,
> and then every time when I need to change something, I will break the backwards
> compatibility. Is this a way to go forward?

No, I would rather say it's an example showing why passing data
structures as binary data via netlink is a bad idea. I definitely
wouldn't advice this approach for any new interface. One of the
strengths of netlink is the ability to use structured and extensible
messages.

> Another approach is to restructure MRP netlink interface. What I was thinking to
> keep the current attributes (IFLA_BRIDGE_MRP_INSTANCE,
> IFLA_BRIDGE_MRP_PORT_STATE,...) but they will be nested attributes and each of
> this attribute to contain the fields of the structures they represents.
> For example:
> [IFLA_AF_SPEC] = {
>     [IFLA_BRIDGE_FLAGS]
>     [IFLA_BRIDGE_MRP]
>         [IFLA_BRIDGE_MRP_INSTANCE]
>             [IFLA_BRIDGE_MRP_INSTANCE_RING_ID]
>             [IFLA_BRIDGE_MRP_INSTANCE_P_IFINDEX]
>             [IFLA_BRIDGE_MRP_INSTANCE_S_IFINDEX]
>         [IFLA_BRIDGE_MRP_RING_ROLE]
>             [IFLA_BRIDGE_MRP_RING_ROLE_RING_ID]
>             [IFLA_BRIDGE_MRP_RING_ROLE_ROLE]
>         ...
> }
> And then I can parse each field separately and then fill up the structure
> (br_mrp_instance, br_mrp_port_role, ...) which will be used forward.
> Then when this needs to be extended with the priority it would have the
> following format:
> [IFLA_AF_SPEC] = {
>     [IFLA_BRIDGE_FLAGS]
>     [IFLA_BRIDGE_MRP]
>         [IFLA_BRIDGE_MRP_INSTANCE]
>             [IFLA_BRIDGE_MRP_INSTANCE_RING_ID]
>             [IFLA_BRIDGE_MRP_INSTANCE_P_IFINDEX]
>             [IFLA_BRIDGE_MRP_INSTANCE_S_IFINDEX]
>             [IFLA_BRIDGE_MRP_INSTANCE_PRIO]
>         [IFLA_BRIDGE_MRP_RING_ROLE]
>             [IFLA_BRIDGE_MRP_RING_ROLE_RING_ID]
>             [IFLA_BRIDGE_MRP_RING_ROLE_ROLE]
>         ...
> }
> And also the br_mrp_instance will have a field called prio.
> So now, if the userspace is not updated to have support for setting the prio
> then the kernel will use a default value. Then if the userspace contains a field
> that the kernel doesn't know about, then it would just ignore it.
> So in this way every time when the netlink interface will be extended it would
> be backwards compatible.

Silently ignoring unrecognized attributes in userspace requests is what
most kernel netlink based interfaces have been doing traditionally but
it's not really a good idea. Essentially it ties your hands so that you
can only add new attributes which can be silently ignored without doing
any harm, otherwise you risk that kernel will do something different
than userspace asked and userspace does not even have a way to find out
if the feature is supported or not. (IIRC there are even some places
where ignoring an attribute changes the nature of the request but it is
still ignored by older kernels.)

That's why there have been an effort, mostly by Johannes Berg, to
introduce and promote strict checking for new netlink interfaces and new
attributes in existing netlink attributes. If you don't have strict
checking for unknown attributes enabled yet, there isn't much that can
be done for already released kernels but I would suggest to enable it as
soon as possible.

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ