From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: julien@arista.com, netdev@vger.kernel.org,
linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org,
nhorman@tuxdriver.com, vyasevich@gmail.com, lucien.xin@gmail.com
Subject: Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length
Date: Sun, 10 Feb 2019 12:46:16 +0000 [thread overview]
Message-ID: <20190210124616.GG13621@localhost.localdomain> (raw)
In-Reply-To: <20190209.151217.175627323493244750.davem@davemloft.net>
On Sat, Feb 09, 2019 at 03:12:17PM -0800, David Miller wrote:
> From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> Date: Wed, 6 Feb 2019 18:37:54 -0200
>
> > On Wed, Feb 06, 2019 at 12:14:30PM -0800, Julien Gomes wrote:
> >> Make sctp_setsockopt_events() able to accept sctp_event_subscribe
> >> structures longer than the current definitions.
> >>
> >> This should prevent unjustified setsockopt() failures due to struct
> >> sctp_event_subscribe extensions (as in 4.11 and 4.12) when using
> >> binaries that should be compatible, but were built with later kernel
> >> uapi headers.
> >
> > Not sure if we support backwards compatibility like this?
>
> What a complete mess we have here.
>
> Use new socket option numbers next time, do not change the size and/or
> layout of existing socket options.
What about reusing the same socket option, but defining a new struct?
Say, MYSOCKOPT supports struct mysockopt, struct mysockopt2, struct
mysockopt3...
That way we have a clear definition of the user's intent.
>
> This whole thread, if you read it, is basically "if we compatability
> this way, that breaks, and if we do compatability this other way oh
> shit this other thing doesn't work."
>
> I think we really need to specifically check for the difference sizes
> that existed one by one, clear out the part not given by the user, and
> backport this as far back as possible in a way that in the older kernels
> we see if the user is actually trying to use the new features and if so
> error out.
I'm afraid clearing out may not be enough, though seems it's the best
we can do so far. If the struct is allocated but not fully initialized
via a memset, but by setting its fields one by one, the remaining new
fields will be left uninitinialized.
>
> Which, btw, is terrible behavior. Newly compiled apps should work on
> older kernels if they don't try to use the new features, and if they
One use case here is: a given distro is using kernel X and app Foo is
built against it. Then upgrades to X+1, Foo is patched to fix an issue
and is rebuilt against X+1. The user upgrades Foo package but for
whatever reason, doesn't upgrade kernel or reboot the system. Here,
Foo doesn't work anymore until the new kernel is also running.
> can the ones that want to try to use the new features should be able
> to fall back when that feature isn't available in a non-ambiguous
> and precisely defined way.
>
> The fact that the use of the new feature is hidden in the new
> structure elements is really rotten.
>
> This patch, at best, needs some work and definitely a longer and more
> detailed commit message.
next prev parent reply other threads:[~2019-02-10 12:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-06 20:14 [PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length Julien Gomes
2019-02-06 20:37 ` Marcelo Ricardo Leitner
2019-02-06 20:48 ` Julien Gomes
2019-02-06 21:07 ` Marcelo Ricardo Leitner
2019-02-06 21:23 ` Neil Horman
2019-02-06 21:48 ` Julien Gomes
2019-02-07 14:44 ` Neil Horman
2019-02-06 21:26 ` Julien Gomes
2019-02-06 21:39 ` Neil Horman
2019-02-06 21:48 ` Julien Gomes
2019-02-06 21:53 ` Julien Gomes
2019-02-07 14:48 ` Neil Horman
2019-02-07 17:33 ` David Laight
2019-02-07 17:47 ` 'Marcelo Ricardo Leitner'
2019-02-08 9:53 ` David Laight
2019-02-08 12:36 ` Neil Horman
2019-02-06 21:08 ` Neil Horman
2019-02-06 21:18 ` Marcelo Ricardo Leitner
2019-02-09 23:12 ` David Miller
2019-02-10 12:46 ` Marcelo Ricardo Leitner [this message]
2019-02-10 20:15 ` Marcelo Ricardo Leitner
2019-02-13 16:17 ` David Laight
2019-02-13 17:23 ` 'Marcelo Ricardo Leitner'
2019-02-11 15:04 ` Neil Horman
2019-02-11 17:05 ` Marcelo Ricardo Leitner
2019-02-06 20:49 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190210124616.GG13621@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=davem@davemloft.net \
--cc=julien@arista.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.