lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <14172.1600987634@famine>
Date:   Thu, 24 Sep 2020 15:47:14 -0700
From:   Jay Vosburgh <jay.vosburgh@...onical.com>
To:     Jarod Wilson <jarod@...hat.com>
cc:     Stephen Hemminger <stephen@...workplumber.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Veaceslav Falico <vfalico@...il.com>,
        Andy Gospodarek <andy@...yhouse.net>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Thomas Davis <tadavis@....gov>, Netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next 4/5] bonding: make Kconfig toggle to disable legacy interfaces

Jarod Wilson <jarod@...hat.com> wrote:

>On Tue, Sep 22, 2020 at 8:01 PM Stephen Hemminger
><stephen@...workplumber.org> wrote:
>>
>> On Tue, 22 Sep 2020 16:47:07 -0700
>> Jay Vosburgh <jay.vosburgh@...onical.com> wrote:
>>
>> > Stephen Hemminger <stephen@...workplumber.org> wrote:
>> >
>> > >On Tue, 22 Sep 2020 09:37:30 -0400
>> > >Jarod Wilson <jarod@...hat.com> wrote:
>> > >
>> > >> By default, enable retaining all user-facing API that includes the use of
>> > >> master and slave, but add a Kconfig knob that allows those that wish to
>> > >> remove it entirely do so in one shot.
>> > >>
>> > >> Cc: Jay Vosburgh <j.vosburgh@...il.com>
>> > >> Cc: Veaceslav Falico <vfalico@...il.com>
>> > >> Cc: Andy Gospodarek <andy@...yhouse.net>
>> > >> Cc: "David S. Miller" <davem@...emloft.net>
>> > >> Cc: Jakub Kicinski <kuba@...nel.org>
>> > >> Cc: Thomas Davis <tadavis@....gov>
>> > >> Cc: netdev@...r.kernel.org
>> > >> Signed-off-by: Jarod Wilson <jarod@...hat.com>
>> > >
>> > >Why not just have a config option to remove all the /proc and sysfs options
>> > >in bonding (and bridging) and only use netlink? New tools should be only able
>> > >to use netlink only.
>> >
>> >       I agree that new tooling should be netlink, but what value is
>> > provided by such an option that distros are unlikely to enable, and
>> > enabling will break the UAPI?
>
>Do you mean the initial proposed option, or what Stephen is
>suggesting? I think Red Hat actually will consider the former, the
>latter is less likely in the immediate future, since so many people
>still rely on the output of /proc/net/bonding/* for an overall view of
>their bonds' health and status. I don't know how close we are to
>having something comparable that could be spit out with a single
>invocation of something like 'ip' that would only be using netlink.
>It's entirely possible there's something akin to 'ip link bondX
>overview' already that outputs something similar, and I'm just not
>aware of it, but something like that would definitely need to exist
>and be well-documented for Red Hat to remove the procfs bits, I think.

	At the present time, as much as the idea spurs the imagination,
removing the bonding /proc and sysfs stuff wholesale is not feasible.
As you explain, not everything in the proc file is available from other
sources.  I would rather freeze the /proc and sysfs bonding
functionality and move to a netlink / iproute API for all of it, and
then down the road remove the then-legacy APIs.

	Even though "down the road" may practically be "never" (because
the removal breaks backwards compatibility for user space), unifying all
of the configuration and reporting to one place would be worthwhile.

	For "initial proposed option," I'm not sure right off if that's
referring to CONFIG_BONDING_LEGACY_INTERFACES or "duplicate lines in
/proc/net/bonding."  I'm not sure it matters, since both have the same
problem, in that they create a Venn diagram of mutually incompatible
bonding UAPIs.  Portable user space code ends up having to handle all of
the permutations.

	-J

>> > >Then you might convince maintainers to update documentation as well.
>> > >Last I checked there were still references to ifenslave.
>> >
>> >       Distros still include ifenslave, but it's now a shell script
>> > that uses sysfs.  I see it used in scripts from time to time.
>>
>> Some bleeding edge distros have already dropped ifenslave and even ifconfig.
>> The Enterprise ones never will.
>>
>> The one motivation would be for the embedded folks which are always looking
>> to trim out the fat. Although not sure if the minimal versions of commands
>> in busybox are pure netlink yet.
>
>Yeah, the bonding documentation is still filled with references to
>ifenslave. I believe Red Hat still includes it, though it's
>"deprecated" in documentation in favor of using ip. Similar with
>ifconfig. I could see them both getting dropped in a future major
>release of Red Hat Enterprise Linux, but they're definitely still here
>for at least the life of RHEL8.

	As ifconfig is typically bundled in with the much-loved netstat
in the net-tools package, it will be difficult to remove.

	Having an /sbin/ifenslave program isn't really the issue so much
as its reliance on the bonding sysfs UAPI.  It's a shell script, and
could likely be reworked to use ip link.

	-J

---
	-Jay Vosburgh, jay.vosburgh@...onical.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ