lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 16 Apr 2024 13:19:00 +0200
From: Eelco Chaudron <echaudro@...hat.com>
To: "jun.gu" <jun.gu@...ystack.cn>
Cc: dev@...nvswitch.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
 pshelar@....org
Subject: Re: [PATCH v2] net: openvswitch: Check vport net device name



On 16 Apr 2024, at 11:20, jun.gu wrote:

> Check vport net device name to avoid the name that be used to query is
> inconsistent the retured name.
>
> Consider net device supports alias, the alias can be set to interface
> table in ovs userspace. Consider the following process:
> - set a net device alias to interface table.
> - ovs userspace run OVS_VPORT_CMD_NEW cmd to kernel, kernel will use net
> device alias to query net device by dev_get_by_name, but the net device
> name that return is inconsistent the name used to query.
> - the returned net device name is saved a hash table.
> - ovs userspace found that the name saved to interface table is
> inconsistent the name saved kernel hash table, it will run
> OVS_VPORT_CMD_DEL cmd to kernel and remove vport.
>
> ovs userspace will run OVS_VPORT_CMD_NEW and OVS_VPORT_CMD_DEL cmd
> repeatedly. So the patch will check vport net device name from
> dev_get_by_name to avoid the above issue.

Maybe the commit message needs a rewrite to be more clear (shorter)? I’ll leave this up to the maintainers to judge.

> Signed-off-by: Jun Gu <jun.gu@...ystack.cn>
> ---
>  net/openvswitch/vport-netdev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c
> index 903537a5da22..de8977d7f329 100644
> --- a/net/openvswitch/vport-netdev.c
> +++ b/net/openvswitch/vport-netdev.c
> @@ -78,7 +78,7 @@ struct vport *ovs_netdev_link(struct vport *vport, const char *name)
>  	int err;
>
>  	vport->dev = dev_get_by_name(ovs_dp_get_net(vport->dp), name);

I was eluding to a comment here, something like:

        /* Ensure that the device exists and that the provided
         * name is not one of its aliases.
         */

> -	if (!vport->dev) {
> +	if (!vport->dev) || strcmp(name, ovs_vport_name(vport)) {
>  		err = -ENODEV;
>  		goto error_free_vport;
>  	}
> -- 
> 2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ