lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161206230853.ukyg75cyxugdwg4a@alphalink.fr>
Date:   Wed, 7 Dec 2016 00:08:53 +0100
From:   Guillaume Nault <g.nault@...halink.fr>
To:     Brad Campbell <lists2009@...rfbargle.com>
Cc:     netdev <netdev@...r.kernel.org>, Thomas Graf <tgraf@...g.ch>,
        David Miller <davem@...emloft.net>
Subject: Re: commit : ppp: add rtnetlink device creation support - breaks
 netcf on my machine.

(Cc Thomas and David)

On Tue, Dec 06, 2016 at 03:47:20PM +0800, Brad Campbell wrote:
> On 06/12/16 01:53, Guillaume Nault wrote:
> > > 
> > Probably not a mistake on your side. I've started looking at netcf'
> > source code, but haven't found anything that could explain your issue.
> > It'd really help if you could provide steps to reproduce the bug.
> 
> Further to my message this morning, I started with a clean linux.git
> 4.9.0-rc7-00198-g0cb65c8 and did two runs. One untouched and one with the
> identified patch reverted. I logged both of these with NLCB=debug, then
> split out the ppp section and diffed them.
> 
> It appears the only difference of note is the new ATTR 18. I did a diff of
> the entire dump for both and nothing else popped out.
> 
Thanks for the detailed report. Things are getting clear now.

> 
> brad@...t:~$ diff -u ppp-ok ppp-fail
> --- ppp-ok	2016-12-06 13:32:04.358393578 +0800
> +++ ppp-fail	2016-12-06 13:32:18.577864406 +0800
> @@ -1,10 +1,10 @@
>  --------------------------   BEGIN NETLINK MESSAGE
> ---------------------------
>    [HEADER] 16 octets
> -    .nlmsg_len = 628
> +    .nlmsg_len = 644
>      .nlmsg_type = 16 <route/link::new>
>      .nlmsg_flags = 2 <MULTI>
> -    .nlmsg_seq = 1481001940
> -    .nlmsg_pid = 7462
> +    .nlmsg_seq = 1481002252
> +    .nlmsg_pid = 7376
>    [PAYLOAD] 16 octets
>      00 00 00 02 0a 00 00 00 d1 10 01 00 00 00 00 00       ................
>    [ATTR 03] 5 octets
> @@ -71,6 +71,8 @@
>      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..................
>      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ..................
>      00 00 00 00 00 00                                     ......
> +  [ATTR 18] 12 octets
> +    08 00 01 00 70 70 70 00 04 00 02 00                   ....ppp.....
>    [ATTR 26] 132 octets
>      84 00 02 00 80 00 01 00 01 00 00 00 00 00 00 00 00 00
> ..................
>      00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00
> ..................
> @@ -81,3 +83,4 @@
>      00 00 00 00 10 27 00 00 e8 03 00 00 00 00 00 00 00 00
> .....'............
>      00 00 00 00 00 00                                     ......
>  ---------------------------  END NETLINK MESSAGE
> ---------------------------
> 
'ATTR 18' is the IFLA_LINKINFO attribute. It contains two sub-attributes:
  * IFLA_INFO_KIND ('08 00 01 00 70 70 70 00'), containing the "ppp"
    string,
  * and IFLA_INFO_DATA ('04 00 02 00') which has no payload because,
    currently, ppp has no device specific data to return.

> Running with NLDBG=4 seems to generate this :
> DBG<2>: While picking up for 0x26d2e00 <route/link>, recvmsgs() returned
> -34:  (errno = Numerical result out of range)DBG<1>: Clearing cache
> 0x26d2e00 <route/link>...
> 
libnl1 rejects the IFLA_INFO_DATA attribute because it expects it to
contain a sub-attribute. Since the payload size is zero it doesn't
match the policy and parsing fails.

There's no problem with libnl3 because its policy accepts empty
payloads for NLA_NESTED attributes (see libnl3 commit 4be02ace4826 "Be
liberal when receiving an empty nested attribute").

I think empty nested attributes make perfect sense. At least we accept
them from user space since commit ea5693ccc553 ("netlink: allow empty
nested attributes"), so it should be fine to generate some from the
kernel.
OTOH, since some user space programs broke because of this, it might be
better to always add attributes in the .fill_info() callbacks, to work
around libnl1's policy. David, Thomas, do you have any opinion on this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ