lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 23 Jun 2022 11:31:34 -0600
From:   David Ahern <dsahern@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Ismael Luceno <iluceno@...e.de>,
        "David S. Miller" <davem@...emloft.net>,
        Paolo Abeni <pabeni@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: Netlink NLM_F_DUMP_INTR flag lost

On 6/23/22 10:36 AM, Jakub Kicinski wrote:
> On Thu, 23 Jun 2022 10:17:17 -0600 David Ahern wrote:
>>> Yup, the question for me is what's the risk / benefit of sending 
>>> the empty message vs putting the _DUMP_INTR on the next family.
>>> I'm leaning towards putting it on the next family and treating 
>>> the entire dump as interrupted, do you reckon that's suboptimal?  
>>
>> I think it is going to be misleading; the INTR flag needs to be set on
>> the dump that is affected.
> 
> Right, it's a bit of a philosophical discussion but dump is delineated
> but NLMSG_DONE. PF_UNSPEC dump is a single dump, not a group of multiple
> independent per-family dumps. If we think of a nlmsg as a representation
> of an object having an empty one is awkward. What if someone does a dump
> to just count objects? Too speculative?
> 
> I guess one can argue either way, no empty messages is a weaker promise
> and hopefully lower risk, hence my preference. Do you feel strongly for
> the message? Do we flip a coin? :)

I do not; history suggests it is a toss up.

> 
>> All of the dumps should be checking the consistency at the end of the
>> dump - regardless of any remaining entries on a particular round (e.g.,
>> I mentioned this what the nexthop dump does). Worst case then is DONE
>> and INTR are set on the same message with no data, but it tells
>> explicitly the set of data affected.
> 
> Okay, perhaps we should put a WARN_ON_ONCE(seq && seq != prev_seq)
> in rtnl_dump_all() then, to catch those who get it wrong.

with '!(nlh->msg_flags & INTR)' to catch seq numbers not matching and
the message was not flagged?

Powered by blists - more mailing lists