lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <70df65eb-3ef6-20ca-be07-8d73e4e63bea@virtuozzo.com>
Date:   Mon, 18 Jun 2018 14:26:46 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     David Ahern <dsahern@...il.com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, daniel@...earbox.net,
        jakub.kicinski@...ronome.com, ast@...nel.org,
        linux@...musvillemoes.dk, john.fastabend@...il.com,
        brouer@...hat.com
Subject: Re: [PATCH] net: Fix device name resolving crash in
 default_device_exit()

On 18.06.2018 14:21, Kirill Tkhai wrote:
> On 17.06.2018 21:58, David Ahern wrote:
>> On 6/15/18 3:44 AM, Kirill Tkhai wrote:
>>> Hm, but is this a likely case, when real device is moved to net ns, so it
>>> requires moving to init_net back? It seems the most devices moved to !init_net
>>> are virtual and they just destroyed in default_device_exit_batch(). Or we have
>>> more devices to care here?
>>>
>>> I don't much want to insert here something like below:
>>>
>>> 	if (__dev_get_by_name(&init_net, dev->name))
>>> 		snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex);
>>> 	err = dev_change_net_namespace(dev, &init_net, "dev%d");
>>>
>>> because dev_change_net_namespace() is generic interface and it's used not only here,
>>> and this will crumble the code in corner cases.
>>>
>>> Maybe you have better ideas about this?
>>
>> There are a lot of use cases these days (e.g., switch NOS) with 1000's
>> (10's of 1000's) of netdevices. On top of that support for port netdevs
>> in a namespace to create virtual switches needs to happen (and I suspect
>> will happen in the next few years). That becomes one example where
>> netdevices representing physical ports can be pushed back to init_net.
> 
> Oh, then we really need to do something with rtnl_mutex. Otherwise
> this will stop working at all.
> 
>> That said, not many easy options at the moment for the bug you are fixing.
>>
>> Further, panic'ing a node because the move back to init_net fails is
>> just wrong.
> 
> So, let's fix it for now like in the patch to avoid the panic. Then we
> can rework this in generic way to make the generic fallback name for moved
> devices. Maybe, something like to give all moved device a fallback name
> like "__moved-<hash of jiffies>-<generated id>".

Just to clarify, I mean that this small fix will be easy to backport to stable.

Kirill

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ