lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87v7y3g9no.fsf@email.froward.int.ebiederm.org>
Date: Mon, 07 Oct 2024 11:28:11 -0500
From: "Eric W. Biederman" <ebiederm@...ssion.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: <davem@...emloft.net>,  <edumazet@...gle.com>,  <kuba@...nel.org>,
  <kuni1840@...il.com>,  <netdev@...r.kernel.org>,  <pabeni@...hat.com>
Subject: Re: [PATCH v3 net 5/6] mpls: Handle error of rtnl_register_module().

Kuniyuki Iwashima <kuniyu@...zon.com> writes:

> From: "Eric W. Biederman" <ebiederm@...ssion.com>
> Date: Mon, 07 Oct 2024 09:56:44 -0500
>> Kuniyuki Iwashima <kuniyu@...zon.com> writes:
>> 
>> > Since introduced, mpls_init() has been ignoring the returned
>> > value of rtnl_register_module(), which could fail.
>> 
>> As I recall that was deliberate.  The module continues to work if the
>> rtnetlink handlers don't operate, just some functionality is lost.
>
> It's ok if it wasn't a module.  rtnl_register() logs an error message
> in syslog, but rtnl_register_module() doesn't.  That's why this series
> only changes some rtnl_register_module() calls.

You talk about the series.  Is there an introductory letter I should
lookup on netdev that explains things in more detail?

I have only seen the patch that is sent directly to me.

>> I don't strongly care either way, but I want to point out that bailing
>> out due to a memory allocation failure actually makes the module
>> initialization more brittle.
>> 
>> > Let's handle the errors by rtnl_register_many().
>> 
>> Can you describe what the benefit is from completely giving up in the
>> face of a memory allocation failure versus having as much of the module
>> function as possible?
>
> What if the memory pressure happend to be relaxed soon after the module
> was loaded incompletely ?

Huh?  The module will load completely.  It will just won't have full
functionality.  The rtnetlink functionality simply won't work.

> Silent failure is much worse to me.

My point is from the point of view of the MPLS functionality it isn't
a __failure__.

> rtnl_get_link() will return NULL and users will see -EOPNOTSUPP even
> though the module was loaded "successfully".

Yes.  EOPNOTSUPP makes it clear that the rtnetlink functionality
working.  In most cases modules are autoloaded these days, so the end
user experience is likely to be EOPNOTSUPP in either case.

If you log a message, some time later someone will see that there is
a message in the log that the kernel was very low on memory and could
could not allocate enough memory for rtnetlink.

Short of rebooting or retrying to load the module I don't expect
there is much someone can do in either case.  So this does not look
to me like a case of silent failure or a broken module.

Has anyone actually had this happen and reported this as a problem?
Otherwise we are all just arguing theoretical possibilities.

My only real point is that change is *not* a *fix*.
This change is a *cleanup* to make mpls like other modules.

I am fine with a cleanup, but I really don't think we should describe
this as something it is not.

The flip side is I tried very hard to minimize the amount of code in
af_mpls, to make maintenance simpler, and to reduce the chance of bugs.
You are busy introducing what appears to me to be an untested error
handling path which may result in something worse that not logging a
message.  Especially when someone comes along and makes another change.

It is all such a corner case and I really don't care, but I just don't
want this to be seen as a change that is obviously the right way to go
and that has no downside.

Eric



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ