lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <af59ddd7-97cf-c91f-5d46-31675bd586ae@katalix.com>
Date: Thu, 15 Aug 2024 09:21:59 +0100
From: James Chapman <jchapman@...alix.com>
To: Cong Wang <xiyou.wangcong@...il.com>
Cc: netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, dsahern@...nel.org, tparkin@...alix.com,
 horms@...nel.org
Subject: Re: [PATCH v2 net-next 6/9] l2tp: use get_next APIs for management
 requests and procfs/debugfs

On 14/08/2024 19:05, Cong Wang wrote:
> On Mon, Aug 12, 2024 at 09:14:42AM +0100, James Chapman wrote:
>> On 11/08/2024 19:36, Cong Wang wrote:
>>> On Wed, Aug 07, 2024 at 07:54:49AM +0100, James Chapman wrote:
>>>> diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
>>>> index cc464982a7d9..0fabacffc3f3 100644
>>>> --- a/net/l2tp/l2tp_core.h
>>>> +++ b/net/l2tp/l2tp_core.h
>>>> @@ -219,14 +219,12 @@ void l2tp_session_dec_refcount(struct l2tp_session *session);
>>>>     * the caller must ensure that the reference is dropped appropriately.
>>>>     */
>>>>    struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id);
>>>> -struct l2tp_tunnel *l2tp_tunnel_get_nth(const struct net *net, int nth);
>>>>    struct l2tp_tunnel *l2tp_tunnel_get_next(const struct net *net, unsigned long *key);
>>>>    struct l2tp_session *l2tp_v3_session_get(const struct net *net, struct sock *sk, u32 session_id);
>>>>    struct l2tp_session *l2tp_v2_session_get(const struct net *net, u16 tunnel_id, u16 session_id);
>>>>    struct l2tp_session *l2tp_session_get(const struct net *net, struct sock *sk, int pver,
>>>>    				      u32 tunnel_id, u32 session_id);
>>>> -struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth);
>>>>    struct l2tp_session *l2tp_session_get_next(const struct net *net, struct sock *sk, int pver,
>>>>    					   u32 tunnel_id, unsigned long *key);
>>>>    struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
>>>> diff --git a/net/l2tp/l2tp_debugfs.c b/net/l2tp/l2tp_debugfs.c
>>>> index 8755ae521154..b2134b57ed18 100644
>>>> --- a/net/l2tp/l2tp_debugfs.c
>>>> +++ b/net/l2tp/l2tp_debugfs.c
>>>> @@ -34,8 +34,8 @@ static struct dentry *rootdir;
>>>>    struct l2tp_dfs_seq_data {
>>>>    	struct net	*net;
>>>>    	netns_tracker	ns_tracker;
>>>> -	int tunnel_idx;			/* current tunnel */
>>>> -	int session_idx;		/* index of session within current tunnel */
>>>> +	unsigned long tkey;		/* lookup key of current tunnel */
>>>> +	unsigned long skey;		/* lookup key of current session */
>>>
>>> Any reason to change the type from int to unsigned long?
>>>
>>> Asking because tunnel ID remains to be 32bit unsigned int as a part of
>>> UAPI.
>>>
>>> Thanks.
>>
>> It's used as the key in and potentially modified by idr_get_next_ul calls.
> 
> idr_get_next() takes an `int` ID. So the reason is not this API, it must be
> something else.
> 

l2tp doesn't use idr_get_next; it uses idr_get_next_ul which takes an 
unsigned long. An int isn't big enough for a u32 tunnel ID value in 
32-bit architectures without potentially going negative.

The previous code used an int tunnel_idx as input for 
l2tp_tunnel_get_nth. This is replaced by l2tp_tunnel_get_next which gets 
the next item from an entry given by a key where key is a tunnel ID. The 
next item is a tunnel with the next highest tunnel ID, hence going 
negative would cause problems.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ