| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84cff1ae-94f8-dfbe-fbea-3bd9cbc8663a@gmail.com> Date: Fri, 16 Jun 2017 19:32:53 +0300 From: Serhey Popovych <serhe.popovych@...il.com> To: Stephen Hemminger <stephen@...workplumber.org> Cc: netdev@...r.kernel.org Subject: Re: [PATCH 2/3] dev: Avoid infinite loop on network device index exhaustion > On Fri, 16 Jun 2017 17:23:52 +0300 > Serhey Popovych <serhe.popovych@...il.com> wrote: > >> If network device indexes exhaust in namespace dev_new_index() >> can loop indefinitely since there is no condition to exit >> except case where free index is found. >> >> Since all it's caller hold RTNL mutex this may completely >> lock down network subsystem configuration operations. >> >> Instead of retrying with ifindex == 1 (LOOPBACK_IFINDEX) >> in dev_new_index() we should fail and return invalid >> index value (0). >> >> Adjust callers to correctly handle error case of dev_new_index(). >> >> Signed-off-by: Serhey Popovych <serhe.popovych@...il.com> > > This breaks existing semantics. > > Today on Linux the ifindex allocator intentionally wraps around back to 1. > This is to handle the case of long running system with things like VPN's > that create and destroy lots of devices. > Ok, got it. Maybe we can change allocation mechanism? That what actually I did. What do you think? I will show POC patch doing this. -- Thanks, Serhey
Powered by blists - more mailing lists