From: Stephen Hemminger <stephen@networkplumber.org>
To: Serhey Popovych <serhe.popovych@gmail.com>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH 1/3] dev: Prevent creating network devices with negative ifindex
Date: Fri, 16 Jun 2017 10:25:42 -0700 [thread overview]
Message-ID: <20170616102542.691385b9@xeon-e3> (raw)
In-Reply-To: <02a31165-ad2f-fcdf-e7c5-f66a35712d4e@gmail.com>
On Fri, 16 Jun 2017 19:44:45 +0300
Serhey Popovych <serhe.popovych@gmail.com> wrote:
> > On Fri, 16 Jun 2017 17:23:51 +0300
> > Serhey Popovych <serhe.popovych@gmail.com> wrote:
> >
> >> Interface index is signed integer, we can pass ifm->ifi_index
> >> from userspace via netlink and create network device with
> >> negative ifindex value.
> >>
> >> Fixes: 9c7dafbfab15 ("net: Allow to create links with given ifindex")
> >> Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
> >> ---
> >> net/core/dev.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/net/core/dev.c b/net/core/dev.c
> >> index 8658074..dae8010 100644
> >> --- a/net/core/dev.c
> >> +++ b/net/core/dev.c
> >> @@ -7491,7 +7491,7 @@ int register_netdevice(struct net_device *dev)
> >> }
> >>
> >> ret = -EBUSY;
> >> - if (!dev->ifindex)
> >> + if (dev->ifindex <= 0)
> >> dev->ifindex = dev_new_index(net);
> >> else if (__dev_get_by_index(net, dev->ifindex))
> >> goto err_uninit;
> >
> > You should fix this by adding error check in the netlink portion
> > that allows creating devices with given ifindex. Passing < 0
> > should be an error.But should this break some setups if I add such check to netlink
> portion? In my opinion it is better to choose silently different
> ifindex rather than reporting failure. That's why I prefer doing
> this in register_netdevice().
>
> Also there is similar problem for drivers/net/veth.c, it might
> happen that other places will be added later that setup
> dev->ifindex and then call register_netdevice().
>
> What do you think?
Passing -1 is an error, it doesn't make sense to try and be
helpful to buggy userland.
next prev parent reply other threads:[~2017-06-16 17:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-16 14:23 [PATCH 0/3] dev: Fix network device ifindex allocation Serhey Popovych
2017-06-16 14:23 ` [PATCH 1/3] dev: Prevent creating network devices with negative ifindex Serhey Popovych
2017-06-16 16:18 ` Stephen Hemminger
2017-06-16 16:44 ` Serhey Popovych
2017-06-16 17:25 ` Stephen Hemminger [this message]
2017-06-16 18:14 ` Serhey Popovych
2017-06-16 14:23 ` [PATCH 2/3] dev: Avoid infinite loop on network device index exhaustion Serhey Popovych
2017-06-16 16:16 ` Stephen Hemminger
2017-06-16 16:32 ` Serhey Popovych
2017-06-16 16:39 ` dev: Reclaim network device indexes Serhey Popovych
2017-06-20 16:42 ` David Miller
2017-06-16 14:23 ` [PATCH 3/3] veth: Set ifindex only if given and not negative Serhey Popovych
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170616102542.691385b9@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=netdev@vger.kernel.org \
--cc=serhe.popovych@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.