netdev - Re: [PATCH bpf-next v2 1/7] netkit, bpf: Add bpf programmable net device

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite for Android: free password hash cracker in your pocket

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <f57df221-0790-3a93-c7e2-d85136fb07c8@iogearbox.net>
Date: Sat, 21 Oct 2023 00:38:30 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Andrew Lunn <andrew@...n.ch>
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, martin.lau@...ux.dev,
 razor@...ckwall.org, ast@...nel.org, andrii@...nel.org,
 john.fastabend@...il.com, sdf@...gle.com, toke@...nel.org
Subject: Re: [PATCH bpf-next v2 1/7] netkit, bpf: Add bpf programmable net
 device

On 10/21/23 12:18 AM, Andrew Lunn wrote:
>> +static void netkit_get_drvinfo(struct net_device *dev,
>> +			       struct ethtool_drvinfo *info)
>> +{
>> +	strscpy(info->driver, DRV_NAME, sizeof(info->driver));
>> +	strscpy(info->version, "n/a", sizeof(info->version));
> 
> If you don't put anything in version, the core will put in the git
> hash of the kernel. Its more useful than "n/a".

Thanks, I wasn't aware of this! Agree that this is better!

>> +	ether_setup(dev);
>> +	dev->min_mtu = ETH_MIN_MTU;
> 
> ether_setup() sets min_mtu to ETH_MIN_MTU.

Will fix.

>> +static int netkit_new_link(struct net *src_net, struct net_device *dev,
>> +			   struct nlattr *tb[], struct nlattr *data[],
>> +			   struct netlink_ext_ack *extack)
>> +{
> 
> ...
> 
>> +	err = register_netdevice(peer);
>> +	put_net(net);
>> +	if (err < 0)
>> +		goto err_register_peer;
>> +
>> +	netif_carrier_off(peer);
>> +
>> +	err = rtnl_configure_link(peer, ifmp, 0, NULL);
>> +	if (err < 0)
>> +		goto err_configure_peer;
> 
> Seeing code after calling register_netdevice() often means bugs. The
> interface is live, and in use before the function even returns. The
> kernel can try to get an IP address, mount an NFS root etc. This might
> be safe, because you have two linked interfaces here, and the other
> one is not yet registered. Maybe some comment about this would be
> good, or can the rtnl_configure_link() be done earlier?

I'll check if it's possible to reorder resp. add a comment if not.

>> +
>> +	if (mode == NETKIT_L2)
>> +		eth_hw_addr_random(dev);
>> +	if (tb[IFLA_IFNAME])
>> +		nla_strscpy(dev->name, tb[IFLA_IFNAME], IFNAMSIZ);
>> +	else
>> +		snprintf(dev->name, IFNAMSIZ, "m%%d");
>> +
>> +	err = register_netdevice(dev);
>> +	if (err < 0)
>> +		goto err_configure_peer;
> 
> We have the same here, but now we have both peers registers, the
> kernel could of configured both up in order to find its NFS root etc.
> Is it safe to have packets flowing at this point? Before the remaining
> configuration happens?

They would be dropped in xmit if the peer is linked yet.

>> +	netif_carrier_off(dev);
>> +
>> +	nk = netdev_priv(dev);
>> +	nk->primary = true;
>> +	nk->policy = default_prim;
>> +	nk->mode = mode;
>> +	if (nk->mode == NETKIT_L2)
>> +		dev_change_flags(dev, dev->flags & ~IFF_NOARP, NULL);
>> +	bpf_mprog_bundle_init(&nk->bundle);
>> +	RCU_INIT_POINTER(nk->active, NULL);
>> +	rcu_assign_pointer(nk->peer, peer);
>> +
>> +	nk = netdev_priv(peer);
>> +	nk->primary = false;
>> +	nk->policy = default_peer;
>> +	nk->mode = mode;
>> +	if (nk->mode == NETKIT_L2)
>> +		dev_change_flags(peer, peer->flags & ~IFF_NOARP, NULL);
>> +	bpf_mprog_bundle_init(&nk->bundle);
>> +	RCU_INIT_POINTER(nk->active, NULL);
>> +	rcu_assign_pointer(nk->peer, dev);
>> +	return 0;
>> +err_configure_peer:
>> +	unregister_netdevice(peer);
>> +	return err;
>> +err_register_peer:
>> +	free_netdev(peer);
>> +	return err;
>> +}

Thanks,
Daniel