lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <084E7217-6290-46D2-A47A-14ACB60EBBCA@redhat.com>
Date: Tue, 16 Apr 2024 10:04:29 +0200
From: Eelco Chaudron <echaudro@...hat.com>
To: Jun Gu <jun.gu@...ystack.cn>
Cc: pshelar@....org, dev@...nvswitch.org, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [ovs-dev] [PATCH] net: openvswitch: Check vport name



On 16 Apr 2024, at 9:57, Jun Gu wrote:

> Hi Chaudron, thanks for your reply. Considerthe following scenario:
>
> - set a net device alias name (such as *enpxx*) into ovs.
>
> - |OVS_VPORT_CMD_NEW -> ||dev_get_by_name can query the net device using *enpxx* name, but the dev->name that return is *ensxx* name. the |net_device|struct including: ``` |struct net_device {
>     char			name[IFNAMSIZ];
>     RH_KABI_REPLACE(struct hlist_node name_hlist,
>     		struct netdev_name_node *name_node)
> ...
> |``` name_hlist include enpxx and ensxx name and both of them point to the same net_device, the net_device's name is ensxx. So when using *enpxx* name to query net device, the ||net device's name that return is *ensxx* name.|
> Then, openvswitch.ko will save the net device that name is*ensxx*  to a hash table. So this will cause the below process:
> - ovs can'tobtain the enpxx net device by |OVS_VPORT_CMD_GET.|
> -|dpif_netlink_port_poll will get a |notification after |OVS_VPORT_CMD_NEW|, but the vport's name is ensxx. ovs will query the ensxx net device from interface table, but nothing. So ovs will run the port_del operation.
> - this will cause|OVS_VPORT_CMD_NEW|  and OVS_VPORT_CMD_DEL operation to run repeatedly.
> So the above issue can be avoided by the patch.

Thanks for the clarification, I forgot about the alias case. And you are right, OVS userspace does not support using interface aliases.

Maybe you can update the commit message, and add a code comment to clarify this in your next revision?

Cheers,

Eelco


> 在 4/15/24 18:04, Eelco Chaudron 写道:
>>
>> On 13 Apr 2024, at 10:48, jun.gu wrote:
>>
>>> Check vport name from dev_get_by_name, this can avoid to add and remove
>>> NIC repeatedly when NIC rename failed at system startup.
>>>
>>> Signed-off-by: Jun Gu<jun.gu@...ystack.cn>
>>> ---
>>>   net/openvswitch/vport-netdev.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c
>>> index 903537a5da22..de8977d7f329 100644
>>> --- a/net/openvswitch/vport-netdev.c
>>> +++ b/net/openvswitch/vport-netdev.c
>>> @@ -78,7 +78,7 @@ struct vport *ovs_netdev_link(struct vport *vport, const char *name)
>>>   	int err;
>>>
>>>   	vport->dev = dev_get_by_name(ovs_dp_get_net(vport->dp), name);
>>> -	if (!vport->dev) {
>>> +	if (!vport->dev) || strcmp(name, ovs_vport_name(vport)) {
>> Hi Jun, not sure if I get the point here, as ovs_vport_name() translates into vport->dev->name.
>>
>> So are we trying to catch the interface rename between the dev_get_by_name(), and the code below? This rename could happen at any other place, so this check does not guarantee anything. Or am I missing something?
>>
>>>   		err = -ENODEV;
>>>   		goto error_free_vport;
>>>   	}
>>> -- 
>>> 2.25.1
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev@...nvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ