lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f32237d0-69d4-4e09-ae25-11fa12d34ef2@I-love.SAKURA.ne.jp>
Date: Thu, 29 Jan 2026 19:32:11 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Leon Romanovsky <leon@...nel.org>
Cc: Sabrina Dubroca <sd@...asysnail.net>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
        Ilan Tayari <ilant@...lanox.com>, Guy Shapiro <guysh@...lanox.com>,
        Yossi Kuperman <yossiku@...lanox.com>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH net] xfrm: always flush state and policy upon
 NETDEV_DOWN/NETDEV_UNREGISTER events

On 2026/01/29 19:16, Tetsuo Handa wrote:
>> Do we have such in-tree devices? If the answer is no, you shouldn't be
>> worried about that case.
> 
> The "user" here is not "in-tree devices" but "Linux administrator" (such as Alice
> and Bob).
> 
> We can't guess whether Alice is using $dev which supports only "IPsec without offload"
> and is calling xfrm_dev_state_add(). If Alice is doing so, Alice might be expecting that
> "struct xfrm_state" with a reference to "struct net_device" held is not released upon
> NETDEV_DOWN event.

we can't guess whether Bob is using $dev which supports only "IPsec without offload".
Bob might be expecting that "struct xfrm_state" without a reference to "struct net_device"
held is not released upon NETDEV_DOWN event.

Therefore, if "[PATCH net] xfrm: always flush state and policy upon
NETDEV_DOWN/NETDEV_UNREGISTER events" is applied, Bob might be surprised...

That's why I consider re-introducing xfrm_dev_unregister() might be the better fix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ