lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z6CdniZssuNPPqVu@hog>
Date: Mon, 3 Feb 2025 11:42:38 +0100
From: Sabrina Dubroca <sd@...asysnail.net>
To: Antonio Quartulli <antonio@...nvpn.net>
Cc: netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Donald Hunter <donald.hunter@...il.com>,
	Shuah Khan <shuah@...nel.org>, ryazanov.s.a@...il.com,
	Andrew Lunn <andrew+netdev@...n.ch>,
	Simon Horman <horms@...nel.org>, linux-kernel@...r.kernel.org,
	linux-kselftest@...r.kernel.org, Xiao Liang <shaw.leon@...il.com>
Subject: Re: [PATCH net-next v18 20/25] ovpn: implement peer
 add/get/dump/delete via netlink

2025-02-03, 10:46:19 +0100, Antonio Quartulli wrote:
> On 03/02/2025 00:07, Sabrina Dubroca wrote:
> > 2025-01-13, 10:31:39 +0100, Antonio Quartulli wrote:
> > > +		NL_SET_ERR_MSG_FMT_MOD(info->extack,
> > > +				       "unexpected remote IP address for non UDP socket");
> > > +		sockfd_put(sock);
> > > +		return -EINVAL;
> > > +	}
> > > +
> > > +	ovpn_sock = ovpn_socket_new(sock, peer);
> > > +	if (IS_ERR(ovpn_sock)) {
> > > +		NL_SET_ERR_MSG_FMT_MOD(info->extack,
> > > +				       "cannot encapsulate socket: %ld",
> > > +				       PTR_ERR(ovpn_sock));
> > > +		sockfd_put(sock);
> > > +		return -ENOTSOCK;
> > 
> > Maybe s/-ENOTSOCK/PTR_ERR(ovpn_sock)/ ?
> > Overwriting ovpn_socket_new's -EBUSY etc with -ENOTSOCK is a bit
> > misleading to the caller.
> 
> This is the error code that userspace will see.
> Returning -EBUSY/-EALREADY for a socket error from the PEER_NEW call would
> be too vague IMHO (the user wouldn't know this is coming from the socket
> processing subroutine).
> 
> Hence the decision to explicitly return -ENOSOCK (something's wrong with the
> socket you passed) and then send the underling error in the ERR_MSG (which
> the user can inspect if he wants to learn more about what exactly went
> wrong).
> Doesn't it make sense?

Right, it doesn't matter that much as long as the user can see the
message in the extack. Error codes will always be imprecise. I find
"Not a socket" a bit inappropriate in this case ("what do you mean
it's not a socket, of course it is"), but I can live with it. In the
end the problem is what data ends up in bug reports from users
(whatever the userspace program prints), and what help developers get
from the kernel (the extack).

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ