lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b591649f-ada5-42c1-984c-7e358c0337fa@blackwall.org>
Date: Mon, 19 Aug 2024 11:48:32 +0300
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Hangbin Liu <liuhangbin@...il.com>
Cc: netdev@...r.kernel.org, Jay Vosburgh <j.vosburgh@...il.com>,
 "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>,
 Tariq Toukan <tariqt@...dia.com>, Jianbo Liu <jianbol@...dia.com>,
 Sabrina Dubroca <sd@...asysnail.net>
Subject: Re: [PATCHv2 net-next 1/3] bonding: add common function to check
 ipsec device

On 19/08/2024 11:43, Hangbin Liu wrote:
> On Mon, Aug 19, 2024 at 11:02:14AM +0300, Nikolay Aleksandrov wrote:
>>> +static struct net_device bond_ipsec_dev(struct xfrm_state *xs)
>>> +{
>>> +	struct net_device *bond_dev = xs->xso.dev;
>>> +	struct net_device *real_dev;
>>> +	struct bonding *bond;
>>> +	struct slave *slave;
>>> +
>>> +	if (!bond_dev)
>>> +		return NULL;
>>> +
>>> +	bond = netdev_priv(bond_dev);
>>> +	slave = rcu_dereference(bond->curr_active_slave);
>>> +	real_dev = slave ? slave->dev : NULL;
>>> +
>>> +	if ((BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) ||
>>> +	    !slave || !real_dev || !xs->xso.real_dev)
>>> +		return NULL;
>>
>> No need to check !slave again here.  !real_dev implies !slave and
>> vice-versa, if it is set then we must have had a slave.
> 
> Ah yes, I missed this.
> 

This is exactly my point about it being easier to follow if it's not all
combined in this way.

>> I prefer the more obvious way - check slave after deref and
>> bail out, similar to my fix, I think it is easier to follow the
>> code and more obvious. Although I don't feel strong about that
>> it's just a preference. :)
> 
> I don't have a inclination, I just want to check all the error and fail out.
> If we check each one separately, do you think if I should do like
> 
> 	if (!bond_dev)
> 		return NULL;
> 
> 	bond = netdev_priv(bond_dev);
> 	if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
> 		return NULL;
> 
> 	slave = rcu_dereference(bond->curr_active_slave);
> 	if (!slave)
> 		return NULL;
> 

I like this, even though it's more verbose, it's also easier to follow.
The alternative I have to track all code above and then verify the
combined check below. Depending on how complex it is, might be ok.
As I said it's a preference, if you prefer the other way - I don't mind.

>>> +	WARN_ON(xs->xso.real_dev != slave->dev);
> 
> Here as you said, the WARN_ON would be triggered easily, do you think if I
> should change to pr_warn or salve_warn?
> 

I haven't verified it, but yeah. Given how these are synced, it should be something
that's limited (we're talking about packets here, we shouldn't flood the logs) and
not a WARN_ON(). We can see any mid-state while changing.

> Thanks
> Hangbin

Cheers,
 Nik


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ