From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: David Laight <David.Laight@ACULAB.COM>,
David Miller <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"vyasevich@gmail.com" <vyasevich@gmail.com>,
"nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
"linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>
Subject: Re: [PATCH net] sctp: fix race on protocol/netns initialization
Date: Thu, 10 Sep 2015 14:36:13 +0000 [thread overview]
Message-ID: <55F1955D.8010302@gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CB9194F@AcuExch.aculab.com>
Em 10-09-2015 10:02, David Laight escreveu:
> From: Marcelo Ricardo Leitner
>> Sent: 10 September 2015 13:54
>> Em 09-09-2015 21:16, David Miller escreveu:
>>> From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
>>> Date: Wed, 9 Sep 2015 17:03:01 -0300
>>>
>>>> So the fix then is to invert the initialization order inside
>>>> register_pernet_subsys() so that the control socket is created by last
>>>> and also block socket creation if netns initialization wasn't yet
>>>> performed.
>>>
>>> If we really need to we could make ->create() fail with -EAFNOSUPPORT
>>> if kern=1 until the protocol is fully setup.
>>>
>>> Or, instead of failing, we could make such ->create() calls block
>>> until the control sock init is complete or fails.
>>
>> I guess I should have written that paragraph in another order, perhaps like:
>> So the fix then is to deny any sctp socket creation until netns
>> initialization is sufficiently done. And due to that, we have to
>> initialize the control socket as last step in netns initialization, as
>> now it can't be created earlier anymore.
>>
>> Is it clearer on the intention?
>>
>> And my emphasis on userspace sockets was to highlight that a random user
>> could trigger it, but yes both users are affected by the issue.
>>
>> Strictly speaking, we would have to block ->create() not until the
>> control socket init is done but until the protocol is fully loaded. Such
>> condition, with this patch, is after net->sctp.auto_asconf_splist is
>> initialized. But for blocking until instead of just denying, we would
>> need some other mechanism.
>>
>> It would be better from the (sctp) user point of view but then such
>> solution may better belong to another layer instead and protect all
>> protocols at once. (I checked and couldn't find other protocols at risk
>> like sctp)
>
> Given that the first ->create() blocks while the protocol code loads
> it really wouldn't be right to error a subsequent ->create() because
> the load hasn't completed.
Can't say I don't agree with you, but at the same time, there are other
temporary errors that can happen and that the user should just retry.
This would be just another condition in a trade off for avoiding complexity.
> I hold a semaphore across sock_create_kern() because of issues with sctp.
> (Current kernels are nowhere near as bad as really old ones though.)
Oh, that's not good to hear. I'll experiment with that later, try to
catch some bugs. :)
Marcelo
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: David Laight <David.Laight@ACULAB.COM>,
David Miller <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"vyasevich@gmail.com" <vyasevich@gmail.com>,
"nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
"linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>
Subject: Re: [PATCH net] sctp: fix race on protocol/netns initialization
Date: Thu, 10 Sep 2015 11:36:13 -0300 [thread overview]
Message-ID: <55F1955D.8010302@gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CB9194F@AcuExch.aculab.com>
Em 10-09-2015 10:02, David Laight escreveu:
> From: Marcelo Ricardo Leitner
>> Sent: 10 September 2015 13:54
>> Em 09-09-2015 21:16, David Miller escreveu:
>>> From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
>>> Date: Wed, 9 Sep 2015 17:03:01 -0300
>>>
>>>> So the fix then is to invert the initialization order inside
>>>> register_pernet_subsys() so that the control socket is created by last
>>>> and also block socket creation if netns initialization wasn't yet
>>>> performed.
>>>
>>> If we really need to we could make ->create() fail with -EAFNOSUPPORT
>>> if kern==1 until the protocol is fully setup.
>>>
>>> Or, instead of failing, we could make such ->create() calls block
>>> until the control sock init is complete or fails.
>>
>> I guess I should have written that paragraph in another order, perhaps like:
>> So the fix then is to deny any sctp socket creation until netns
>> initialization is sufficiently done. And due to that, we have to
>> initialize the control socket as last step in netns initialization, as
>> now it can't be created earlier anymore.
>>
>> Is it clearer on the intention?
>>
>> And my emphasis on userspace sockets was to highlight that a random user
>> could trigger it, but yes both users are affected by the issue.
>>
>> Strictly speaking, we would have to block ->create() not until the
>> control socket init is done but until the protocol is fully loaded. Such
>> condition, with this patch, is after net->sctp.auto_asconf_splist is
>> initialized. But for blocking until instead of just denying, we would
>> need some other mechanism.
>>
>> It would be better from the (sctp) user point of view but then such
>> solution may better belong to another layer instead and protect all
>> protocols at once. (I checked and couldn't find other protocols at risk
>> like sctp)
>
> Given that the first ->create() blocks while the protocol code loads
> it really wouldn't be right to error a subsequent ->create() because
> the load hasn't completed.
Can't say I don't agree with you, but at the same time, there are other
temporary errors that can happen and that the user should just retry.
This would be just another condition in a trade off for avoiding complexity.
> I hold a semaphore across sock_create_kern() because of issues with sctp.
> (Current kernels are nowhere near as bad as really old ones though.)
Oh, that's not good to hear. I'll experiment with that later, try to
catch some bugs. :)
Marcelo
next prev parent reply other threads:[~2015-09-10 14:36 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-09 20:03 [PATCH net] sctp: fix race on protocol/netns initialization Marcelo Ricardo Leitner
2015-09-09 20:03 ` Marcelo Ricardo Leitner
2015-09-09 20:30 ` Vlad Yasevich
2015-09-09 20:30 ` Vlad Yasevich
2015-09-09 21:06 ` Marcelo Ricardo Leitner
2015-09-09 21:06 ` Marcelo Ricardo Leitner
2015-09-10 13:24 ` Vlad Yasevich
2015-09-10 13:24 ` Vlad Yasevich
2015-09-10 14:22 ` Marcelo Ricardo Leitner
2015-09-10 14:22 ` Marcelo Ricardo Leitner
2015-09-10 15:50 ` Vlad Yasevich
2015-09-10 15:50 ` Vlad Yasevich
2015-09-10 16:24 ` Marcelo Ricardo Leitner
2015-09-10 16:24 ` Marcelo Ricardo Leitner
2015-09-10 18:35 ` Marcelo Ricardo Leitner
2015-09-10 18:35 ` Marcelo Ricardo Leitner
2015-09-10 18:47 ` Marcelo Ricardo Leitner
2015-09-10 18:47 ` Marcelo Ricardo Leitner
2015-09-10 19:14 ` Vlad Yasevich
2015-09-10 19:14 ` Vlad Yasevich
2015-09-10 19:42 ` Marcelo Ricardo Leitner
2015-09-10 19:42 ` Marcelo Ricardo Leitner
2015-09-10 20:31 ` [PATCH net v2] " Marcelo Ricardo Leitner
2015-09-10 20:31 ` Marcelo Ricardo Leitner
2015-09-11 22:00 ` David Miller
2015-09-11 22:00 ` David Miller
2015-09-10 0:16 ` [PATCH net] " David Miller
2015-09-10 0:16 ` David Miller
2015-09-10 12:54 ` Marcelo Ricardo Leitner
2015-09-10 12:54 ` Marcelo Ricardo Leitner
2015-09-10 13:02 ` David Laight
2015-09-10 13:02 ` David Laight
2015-09-10 14:36 ` Marcelo Ricardo Leitner [this message]
2015-09-10 14:36 ` Marcelo Ricardo Leitner
2015-09-10 15:03 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F1955D.8010302@gmail.com \
--to=marcelo.leitner@gmail.com \
--cc=David.Laight@ACULAB.COM \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.