lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c2ab891c-1043-3eca-5102-b795ef7d85ec@virtuozzo.com>
Date:   Mon, 18 Jun 2018 14:21:14 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     David Ahern <dsahern@...il.com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, daniel@...earbox.net,
        jakub.kicinski@...ronome.com, ast@...nel.org,
        linux@...musvillemoes.dk, john.fastabend@...il.com,
        brouer@...hat.com
Subject: Re: [PATCH] net: Fix device name resolving crash in
 default_device_exit()

On 17.06.2018 21:58, David Ahern wrote:
> On 6/15/18 3:44 AM, Kirill Tkhai wrote:
>> Hm, but is this a likely case, when real device is moved to net ns, so it
>> requires moving to init_net back? It seems the most devices moved to !init_net
>> are virtual and they just destroyed in default_device_exit_batch(). Or we have
>> more devices to care here?
>>
>> I don't much want to insert here something like below:
>>
>> 	if (__dev_get_by_name(&init_net, dev->name))
>> 		snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex);
>> 	err = dev_change_net_namespace(dev, &init_net, "dev%d");
>>
>> because dev_change_net_namespace() is generic interface and it's used not only here,
>> and this will crumble the code in corner cases.
>>
>> Maybe you have better ideas about this?
> 
> There are a lot of use cases these days (e.g., switch NOS) with 1000's
> (10's of 1000's) of netdevices. On top of that support for port netdevs
> in a namespace to create virtual switches needs to happen (and I suspect
> will happen in the next few years). That becomes one example where
> netdevices representing physical ports can be pushed back to init_net.

Oh, then we really need to do something with rtnl_mutex. Otherwise
this will stop working at all.

> That said, not many easy options at the moment for the bug you are fixing.
> 
> Further, panic'ing a node because the move back to init_net fails is
> just wrong.

So, let's fix it for now like in the patch to avoid the panic. Then we
can rework this in generic way to make the generic fallback name for moved
devices. Maybe, something like to give all moved device a fallback name
like "__moved-<hash of jiffies>-<generated id>".

Kirill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ