lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 5 Apr 2020 16:31:51 +0900
From:   Taehee Yoo <ap420073@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, rafael@...nel.org,
        j.vosburgh@...il.com, vfalico@...il.com,
        Andy Gospodarek <andy@...yhouse.net>,
        Netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, mitch.a.williams@...el.com
Subject: Re: [PATCH net v2 3/3] net: core: avoid warning in dev_change_net_namespace()

On Sun, 5 Apr 2020 at 00:52, Greg KH <gregkh@...uxfoundation.org> wrote:
>

Hi Greg,
Thank you for your review!

> On Sat, Apr 04, 2020 at 02:19:22PM +0000, Taehee Yoo wrote:
> > When interface's namespace is being changed, dev_change_net_namespace()
> > is called. This removes and re-allocates many resources that include
> > sysfs files. The "/net/class/net/<interface name>" is one of them.
> > If the sysfs creation routine(device_rename()) found duplicate sysfs
> > file name, it warns about it and fails. But unfortunately, at that point,
> > dev_change_net_namespace() doesn't return fail because rollback cost
> > is too high.
> > So, the interface can't have a sysfs file.
>
> Why don't you check for a duplicate namespace before you do anything
> like mess with sysfs?  Wouldn't that be the correct thing instead of
> trying to paper over the issue by having sysfs be the thing to tell you
> not to do this or not?
>

Sorry, I don't understand about "check for a duplicate namespace".
Could you please explain it?

> > The approach of this patch is to find the duplicate sysfs file as
> > fast as possible. If it found that, dev_change_net_namespace() returns
> > fail immediately with zero rollback cost.
>
> Don't rely on sysfs to save you from this race condition, it's not the
> way to do it at all.

Okay, I will find another approach.

Thank you so much.
Taehee Yoo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ