lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y/oIWNU5ryYmPPO1@corigine.com>
Date:   Sat, 25 Feb 2023 14:08:40 +0100
From:   Simon Horman <simon.horman@...igine.com>
To:     Pedro Tammela <pctammela@...atatu.com>
Cc:     netdev@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
        jiri@...nulli.us, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, amir@...ai.me,
        dcaratti@...hat.com, willemb@...gle.com,
        simon.horman@...ronome.com, john.hurley@...ronome.com,
        yotamg@...lanox.com, ozsh@...dia.com, paulb@...dia.com
Subject: Re: [PATCH net 1/3] net/sched: act_pedit: fix action bind logic

On Fri, Feb 24, 2023 at 12:00:56PM -0300, Pedro Tammela wrote:
> The TC architecture allows filters and actions to be created independently.
> In filters the user can reference action objects using:
> tc action add action pedit ... index 1
> tc filter add ... action pedit index 1
> 
> In the current code for act_pedit this is broken as it checks netlink
> attributes for create/update before actually checking if we are binding to an
> existing action.
> 
> tdc results:
> 1..69

...

Hi Pedro,

Thanks for running the tests :)

I think this patch looks good - though I am still digesting it.
But I do wonder if you considered adding a test for this condition.

Also, what is the failure mode?

If it is that user's can't bind actions to filters,  but the kernel behaves
correctly with configurations it accepts. If so, then perhaps this is more
of a feature than a fix. OTOH, perhaps it's a regression wrt the oldest of
the two patches references below.

I've haven't looked at the other patches in this series yet.
But I expect my comments apply to them too.

> Fixes: 71d0ed7079df ("net/act_pedit: Support using offset relative to the conventional network headers")
> Fixes: f67169fef8db ("net/sched: act_pedit: fix WARN() in the traffic path")
> Reviewed-by: Jamal Hadi Salim <jhs@...atatu.com>
> Signed-off-by: Pedro Tammela <pctammela@...atatu.com>

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ