lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y9NfkgRbWAbrxQ1G@unreal>
Date:   Fri, 27 Jan 2023 07:22:26 +0200
From:   Leon Romanovsky <leon@...nel.org>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
        bridge@...ts.linux-foundation.org,
        Eric Dumazet <edumazet@...gle.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        netdev@...r.kernel.org, Nikolay Aleksandrov <razor@...ckwall.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Roopa Prabhu <roopa@...dia.com>
Subject: Re: [PATCH net-next] netlink: provide an ability to set default
 extack message

On Fri, Jan 27, 2023 at 12:32:13AM +0200, Vladimir Oltean wrote:
> On Thu, Jan 26, 2023 at 09:15:03PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@...dia.com>
> > 
> > In netdev common pattern, xxtack pointer is forwarded to the drivers
>                             ~~~~~~
>                             extack
> 
> > to be filled with error message. However, the caller can easily
> > overwrite the filled message.
> > 
> > Instead of adding multiple "if (!extack->_msg)" checks before any
> > NL_SET_ERR_MSG() call, which appears after call to the driver, let's
> > add this check to common code.
> > 
> > [1] https://lore.kernel.org/all/Y9Irgrgf3uxOjwUm@unreal
> > Signed-off-by: Leon Romanovsky <leonro@...dia.com>
> > ---
> 
> I would somewhat prefer not doing this, and instead introducing a new
> NL_SET_ERR_MSG_WEAK() of sorts.

It means changing ALL error unwind places where extack was forwarded
before to subfunctions.

Places like this:
 ret = func(..., extack)
 if (ret) {
   NL_SET_ERR_MSG_MOD...
   return ret;
 }

will need to be changed to something like this:
 ret = func(..., extack)
 if (ret) {
   NL_SET_ERR_MSG_WEAK...
   return ret;
 }

> 
> The reason has to do with the fact that an extack is sometimes also
> used to convey warnings rather than hard errors, for example right here
> in net/dsa/slave.c:
> 
> 	if (err == -EOPNOTSUPP) {
> 		if (extack && !extack->_msg)
> 			NL_SET_ERR_MSG_MOD(extack,
> 					   "Offloading not supported");
> 		NL_SET_ERR_MSG_MOD(extack,
> 				   "Offloading not supported");
> 		err = 0;
> 	}
> 
> Imagine (not the case here) that below such a "warning extack" lies
> something like this:
> 
> 	if (arg > range) {
> 		NL_SET_ERR_MSG_MOD(extack, "Argument outside expected range");
> 		return -ERANGE;
> 	}
> 
> What you'll get is:
> 
> Error: Offloading not supported (error code -ERANGE).
> 
> whereas before, we relied on any NL_SET_ERR_MSG_MOD() call to overwrite
> the "warning" extack, and that to only be shown on error code 0.

Can we please discuss current code and not over-engineered case which
doesn't exist in the reality?

Even for your case, I would like to see NL_SET_ERR_MSG_FORCE() to
explicitly say that message will be overwritten.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ