lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <58ac6ec1-9255-0e51-981a-195c2b1ac380@mellanox.com>
Date:   Wed, 12 Jun 2019 10:42:34 +0000
From:   Maxim Mikityanskiy <maximmi@...lanox.com>
To:     Jonas Bonn <jonas@...rbonn.se>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "David S . Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH 1/1] Address regression in inet6_validate_link_af

On 2019-06-11 13:03, Jonas Bonn wrote:
> Patch 7dc2bccab0ee37ac28096b8fcdc390a679a15841 introduces a regression
> with systemd 241.  In that revision, systemd-networkd fails to pass the
> required flags early enough.  This appears to be addressed in later
> versions of systemd, but for users of version 241 where systemd-networkd
> nonetheless worked with earlier kernels, the strict check introduced by
> the patch causes a regression in behaviour.
> 
> This patch converts the failure to supply the required flags from an
> error into a warning.
The purpose of my patch was to prevent a partial configuration update on 
invalid input. -EINVAL was returned both before and after my patch, the 
difference is that before my patch there was a partial update and a warning.

Your patch basically makes mine pointless, because you revert the fix, 
and now we'll have the same partial update and two warnings.

One more thing is that after applying your patch on top of mine, the 
kernel won't return -EINVAL anymore on invalid input. Returning -EINVAL 
is what happened before my patch, and also after my patch.

Regarding the systemd issue, I don't think we should change the kernel 
to adapt to bugs in systemd. systemd didn't have this bug from day one, 
it was a regression introduced in [1]. The kernel has always returned 
-EINVAL here, but the behavior before my patch was basically a UB, and 
after the patch it's well-defined. If systemd saw EINVAL and relied on 
the UB that came with it, it can't be a reason enough to break the kernel.

Moreover, the bug looks fixed in systemd's master, so what you suggest 
is to insert a kernel-side workaround for an old version of software 
when there is a fixed one.

Please correct me if anything I say is wrong.

Thanks,
Max

[1]: 
https://github.com/systemd/systemd/commit/0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf

> With this, systemd-networkd version 241 once
> again is able to bring up the link, albeit not quite as intended and
> thereby with a warning in the kernel log.
> 
> CC: Maxim Mikityanskiy <maximmi@...lanox.com>
> CC: David S. Miller <davem@...emloft.net>
> CC: Alexey Kuznetsov <kuznet@....inr.ac.ru>
> CC: Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
> Signed-off-by: Jonas Bonn <jonas@...rbonn.se>
> ---
>   net/ipv6/addrconf.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 081bb517e40d..e2477bf92e12 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -5696,7 +5696,8 @@ static int inet6_validate_link_af(const struct net_device *dev,
>   		return err;
>   
>   	if (!tb[IFLA_INET6_TOKEN] && !tb[IFLA_INET6_ADDR_GEN_MODE])
> -		return -EINVAL;
> +		net_warn_ratelimited(
> +			"required link flag omitted: TOKEN/ADDR_GEN_MODE\n");
>   
>   	if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
>   		u8 mode = nla_get_u8(tb[IFLA_INET6_ADDR_GEN_MODE]);
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ