lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20081105095428.GA4584@x200.localdomain>
Date:	Wed, 5 Nov 2008 12:54:28 +0300
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: [PATCH] Fix ESP SA loading (by default)

On Wed, Nov 05, 2008 at 01:31:48AM -0800, David Miller wrote:
> From: Herbert Xu <herbert@...dor.apana.org.au>
> Date: Mon, 3 Nov 2008 09:04:31 +0800
> 
> > On Mon, Nov 03, 2008 at 03:16:43AM +0300, Alexey Dobriyan wrote:
> > >
> > > Keep in mind that the only error message is "line N: returned (null)"
> > > from setkey(8) or something like that and no SA created.
> > > 
> > > It took me full printk session to realize what's going on.
> > 
> > As our error passing really sucks, I'm happy to accept a patch
> > to crypto_alloc_tfm which prints out a message if it fails.
> 
> As we've discussed several times it's not "passing" errors
> that sucks, it's the fact that we use the same traditional
> UNIX error codes for a thousand different errors. :-)
> 
> I really think we should explore the idea where the current
> process can get tagged with a string when an error is going
> to be returned.  Something like:
> 
> 	const char *error_desc;
> 
> in the task_struct.
> 
> So when you return an error, you also can mark the task with
> some descriptive text that describes what is wrong.

rmmod in between and error_desc points to garbage. But that's for
somebody who is going to implement this. :-)

> A task is guarenteed that when an error returns from a system
> call and the very next system call they make is "sys_get_error"
> or whatever we'll call it, they will the correct value of
> current->error_desc
> 
> This way you don't just get "-EINVAL" returned from a
> complicated IPSEC configuration operation request.

It was ENOENT from crypto_alg_mod_lookup(), actually.

I think liberal printk additions are the way to go.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ