lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 09 Sep 2016 09:09:32 -0400
From:   Vivien Didelot <vivien.didelot@...oirfairelinux.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        kernel@...oirfairelinux.com,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH net-next] net: bridge: add helper to call /sbin/bridge-stp

Hi Stephen,

Stephen Hemminger <stephen@...workplumber.org> writes:

> On Thu,  8 Sep 2016 12:50:43 -0400
> Vivien Didelot <vivien.didelot@...oirfairelinux.com> wrote:
>
>> If /sbin/bridge-stp is available on the system, bridge tries to execute
>> it instead of the kernel implementation when starting/stopping STP.
>> 
>> If anything goes wrong with /sbin/bridge-stp, bridge silently falls back
>> to kernel STP, making hard to debug userspace STP.
>> 
>> This patch adds a br_stp_call_user helper to start/stop userspace STP
>> and debug errors from the program: abnormal exit status is stored in the
>> lower byte and normal exit status is stored in higher byte.
>> 
>> Below is a simple example on a kernel with dynamic debug enabled:
>> 
>>     # ln -s /bin/false /sbin/bridge-stp
>>     # brctl stp br0 on
>>     br0: failed to start userspace STP (256)
>>     # dmesg
>>     br0: /sbin/bridge-stp exited with code 1
>>     br0: failed to start userspace STP (256)
>>     br0: using kernel STP
>> 
>> Signed-off-by: Vivien Didelot <vivien.didelot@...oirfairelinux.com>
>
> I understand that debugging STP is hard. But this solution looks like it
> would break existing userspace because you changed an API.

My commit message might not be clear enough, sorry about that.

This patch does not bring any functional changes.

It factorizes the two calls to call_usermodehelper in a br_stp_call_user
function, which prints debug messages for userspace errors if the
program gets killed (e.g. ABRT) or exited with non-zero status.

br_err is used if userspace STP start/stop fails, which gives direct
diagnostic to the user.

I can provide more example scenarios if you wish to.

Thanks,

        Vivien

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ