| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Oct 2019 01:40:19 +0900
From: Taehee Yoo <ap420073@...il.com>
To: David Ahern <dsahern@...il.com>
Cc: David Miller <davem@...emloft.net>,
Netdev <netdev@...r.kernel.org>, linux-wireless@...r.kernel.org,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
Johannes Berg <johannes@...solutions.net>,
j.vosburgh@...il.com, vfalico@...il.com,
Andy Gospodarek <andy@...yhouse.net>,
Jiří Pírko <jiri@...nulli.us>,
Sabrina Dubroca <sd@...asysnail.net>,
Roopa Prabhu <roopa@...ulusnetworks.com>, saeedm@...lanox.com,
manishc@...vell.com, rahulv@...vell.com, kys@...rosoft.com,
haiyangz@...rosoft.com,
Stephen Hemminger <stephen@...workplumber.org>,
sashal@...nel.org, hare@...e.de, varun@...lsio.com,
ubraun@...ux.ibm.com, kgraul@...ux.ibm.com,
Jay Vosburgh <jay.vosburgh@...onical.com>,
Cody Schuffelen <schuffelen@...gle.com>, bjorn@...k.no
Subject: Re: [PATCH net v5 01/10] net: core: limit nested device depth
On Tue, 22 Oct 2019 at 09:51, David Ahern <dsahern@...il.com> wrote:
>
Hi David,
Thank you for the review!
> On 10/21/19 12:47 PM, Taehee Yoo wrote:
> > Current code doesn't limit the number of nested devices.
> > Nested devices would be handled recursively and this needs huge stack
> > memory. So, unlimited nested devices could make stack overflow.
> >
> > This patch adds upper_level and lower_level, they are common variables
> > and represent maximum lower/upper depth.
> > When upper/lower device is attached or dettached,
> > {lower/upper}_level are updated. and if maximum depth is bigger than 8,
> > attach routine fails and returns -EMLINK.
> >
> > In addition, this patch converts recursive routine of
> > netdev_walk_all_{lower/upper} to iterator routine.
>
> They were made recursive because of a particular setup. Did you verify
> your changes did not break it? See commits starting with
> 5bb61cb5fd115bed1814f6b97417e0f397da3c79
>
I didn't change the actual logic of walking APIs.
These walking iterator APIs work as DFS.
So it doesn't break existing codes.
> >
> > Test commands:
> > ip link add dummy0 type dummy
> > ip link add link dummy0 name vlan1 type vlan id 1
> > ip link set vlan1 up
> >
> > for i in {2..55}
> > do
> > let A=$i-1
> >
> > ip link add vlan$i link vlan$A type vlan id $i
> > done
> > ip link del dummy0
>
> 8 levels of nested vlan seems like complete nonsense. Why not just limit
> that stacking and not mess with the rest which can affect real use cases?
VLAN, BONDING, TEAM, MACSEC, MACVLAN, IPVLAN, VIRT_WIFI, and VXLAN
These interface types can be nested and these could be combined.
team6
|
vlan5
|
team4
|
macvlan3
|
bond2
|
vlan1
|
dummy0
There are so many similar cases even they are not real use cases.
So I think generic code is needed.
Thank you
Taehee Yoo
Powered by blists - more mailing lists