lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1445596803.3268.31.camel@redhat.com>
Date:	Fri, 23 Oct 2015 12:40:03 +0200
From:	Thomas Haller <thaller@...hat.com>
To:	Thomas Graf <tgraf@...g.ch>,
	Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc:	Jiri Benc <jbenc@...hat.com>,
	Nicolas Dichtel <nicolas.dichtel@...nd.com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH net] net: try harder to not reuse ifindex when moving
 interfaces

On Thu, 2015-10-22 at 20:56 +0200, Thomas Graf wrote:
> On 10/22/15 at 07:21pm, Hannes Frederic Sowa wrote:
> > Hi Thomas,
> > 
> > On Thu, Oct 22, 2015, at 18:45, Thomas Graf wrote:
> > > I understand the race but when does it occur? Whoever creates
> > > the original interface owns it and is responsible for its
> > > lifecycle. *Iff* for some reason multiple entities manipulate
> > > the interface, then it's probably a lot safer to just use flock
> > > or something similar to serialize access entirely in user space.
> > 
> > This only works if all networking configuration programs would
> > standardize on the same flock. Also, under memory pressure we lose
> > netlink monitor messages, so we need to deal with timeouts and
> > retries
> > and manual sync up on the networking configuration, which makes
> > this
> > scheme a lot harder. For normal socket io, where we specify e.g.
> > ifindex
> > in sin6_addr, this is not really usable at all.
> 
> Again, what is the scenario where this happens? Is this being
> hit or are we talking theoretical races? I'd like to understand
> the background of this.

  ip netns add N1
  ip netns add N2

  ip netns exec N1 ip link add type dummy
  ip netns exec N2 ip link add type dummy

  ip netns exec N1 ip monitor &

  ip netns exec N1 ip link delete dummy0
  ip netns exec N2 ip link set dummy0 netns N1


Honestly, I didn't experience a concrete bug due to this.

But it's common to treat the ifindex as unique identifier.
By reusing the ifindex immediately as in the example above, it
could happen to mix up interfaces.


Thomas
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ