lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 17 Jan 2019 14:56:07 -0800 (PST)
From:   David Miller <davem@...emloft.net>
To:     dh.herrmann@...il.com
Cc:     netdev@...r.kernel.org, dsahern@...il.com,
        roopa@...ulusnetworks.com, teg@...m.no
Subject: Re: [PATCH v2 1/3] net: introduce SO_BINDTOIFINDEX sockopt

From: David Herrmann <dh.herrmann@...il.com>
Date: Tue, 15 Jan 2019 14:42:14 +0100

> This introduces a new generic SOL_SOCKET-level socket option called
> SO_BINDTOIFINDEX. It behaves similar to SO_BINDTODEVICE, but takes a
> network interface index as argument, rather than the network interface
> name.
> 
> User-space often refers to network-interfaces via their index, but has
> to temporarily resolve it to a name for a call into SO_BINDTODEVICE.
> This might pose problems when the network-device is renamed
> asynchronously by other parts of the system. When this happens, the
> SO_BINDTODEVICE might either fail, or worse, it might bind to the wrong
> device.
> 
> In most cases user-space only ever operates on devices which they
> either manage themselves, or otherwise have a guarantee that the device
> name will not change (e.g., devices that are UP cannot be renamed).
> However, particularly in libraries this guarantee is non-obvious and it
> would be nice if that race-condition would simply not exist. It would
> make it easier for those libraries to operate even in situations where
> the device-name might change under the hood.
> 
> A real use-case that we recently hit is trying to start the network
> stack early in the initrd but make it survive into the real system.
> Existing distributions rename network-interfaces during the transition
> from initrd into the real system. This, obviously, cannot affect
> devices that are up and running (unless you also consider moving them
> between network-namespaces). However, the network manager now has to
> make sure its management engine for dormant devices will not run in
> parallel to these renames. Particularly, when you offload operations
> like DHCP into separate processes, these might setup their sockets
> early, and thus have to resolve the device-name possibly running into
> this race-condition.
> 
> By avoiding a call to resolve the device-name, we no longer depend on
> the name and can run network setup of dormant devices in parallel to
> the transition off the initrd. The SO_BINDTOIFINDEX ioctl plugs this
> race.
> 
> Reviewed-by: Tom Gundersen <teg@...m.no>
> Signed-off-by: David Herrmann <dh.herrmann@...il.com>
> ---
> v2:
>  - Rename to SO_BINDTOIFINDEX from SO_BINDTOIF
>  - skip 0x0040 SO-value on sparc, as it is already used

Applied.

Powered by blists - more mailing lists