lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5d568006-eed3-48ab-a49d-3752096cc39e@ovn.org>
Date: Fri, 12 Apr 2024 19:38:53 +0200
From: Ilya Maximets <i.maximets@....org>
To: Stefano Brivio <sbrivio@...hat.com>, Jakub Kicinski <kuba@...nel.org>
Cc: i.maximets@....org, David Ahern <dsahern@...nel.org>,
 davem@...emloft.net, netdev@...r.kernel.org, edumazet@...gle.com,
 pabeni@...hat.com, donald.hunter@...il.com
Subject: Re: [PATCH net] inet: bring NLM_DONE out to a separate recv() again

On 4/12/24 19:22, Stefano Brivio wrote:
> On Thu, 11 Apr 2024 14:01:54 -0700
> Jakub Kicinski <kuba@...nel.org> wrote:
> 
>> On Thu, 11 Apr 2024 13:45:42 -0600 David Ahern wrote:
>>>> +	/* Don't let NLM_DONE coalesce into a message, even if it could.
>>>> +	 * Some user space expects NLM_DONE in a separate recv().    
>>>
>>> that's unfortunate  
>>
>> Do you have an opinion on the sysfs/opt-in question?
>> Feels to me like there shouldn't be that much user space doing raw
>> netlink, without a library. Old crufty code usually does ioctls, right?
> 
> I think so too -- if there were more (maintained) applications with
> this issue, we would have noticed by now.

It depends on how you define "maintained".  Most application devs
do not test with unreleased kernels.

> 
>> So maybe we can periodically reintroduce this bug to shake out all 
>> the bad apps? :D
> 
> Actually, I had half a mind of proposing something on these lines: add
> a TODO comment here and revisit in, say, two years.
> 
> I guess it's definitely more painful for libreswan, but for passt, I
> think it's quite unlikely that distribution users could get the
> "breaking" kernel change without a fixed version of the application: we
> made a new release relatively close to the NLM_DONE change.
> 
> There might be substantial value in keeping this type of short netlink
> exchanges fast, for example for container engines that need to be able
> to spawn a bazillion containers per second.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ