lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 11 May 2022 20:43:28 -0300
From:   Jason Gunthorpe <>
To:     Jakub Kicinski <>
Subject: Re: [RFC net-next] net: add ndo_alloc_and_init and ndo_release to
 replace priv_destructor

On Wed, May 11, 2022 at 12:12:18PM -0700, Jakub Kicinski wrote:
> Old API
> -------
> Our current API includes .ndo_init, .ndo_uninit and .priv_destructor.
> First two are part of netdev_ops the last one is a member of netdevice
> and can be overwritten at will by the drivers.

ipoib runs into this trouble, it would be nice to see it improved, but
I'm not seeing how this helps..

> BTW as far as I can tell there is no strong reason for .ndo_init
> to exist. It gets called early during registration after
> netdev's name gets filled in, and none of the users I checked
> care about the name. They could have as well run the code
> they have in .ndo_init before calling register_netdevice().

Well, exactly. This is sort of where ipoib ends up - and it is
complicated enough that moving everything into ndo_init isn't
something obviously doable - there are several ndo_inits and several
different driver flows involved here.

So, the proposal here seems to be to rename ndo_init but otherwise
keep the lifecycle model the same - and with a now const ops it is
basically hopeless to do anything that needs to be undone before

I would be happier if netdev was more like everything else and allowed
a clean alloc/free vs register/unregister pairing. The usual lifecycle
model cast to netdev terms would have the release function set around
alloc_netdev and always called once at free_netdev.

The caller should set the ops and release function after it has
completed initializing whatever its release will undo, similare to how
device_initialize()/put_device works.

IIRC priv_destructor is really only needed when needs_free_netdev is
used, and the real point is to reliably inject code before

> A common workaround is to set .priv_destructor after
> register_netdevice() succeeds. This works fine in practice but
> is not always correct. Theoretically something may nack the

ipoib does this, but I don't think it has a problem because it does
the priv_destructor action manually on the error path after
register_netdev fails and then leaves priv_destructor NULL'd so that
the later queued unregister doesn't double call it.

> We want an intuitive API, which I think should mean symmetric
> ndo callbacks only. There is no point in having two steps at
> init time so this patch renames .ndo_init as .ndo_alloc_and_init.

What does it alloc? It doesn't alloc the priv, that was done
earlier. It seems like a more confusing name than ndo_init to me.


Powered by blists - more mailing lists