From: David Miller <davem@davemloft.net>
To: jhs@mojatatu.com
Cc: eric.dumazet@gmail.com, jiri@resnulli.us, netdev@vger.kernel.org,
xiyou.wangcong@gmail.com
Subject: Re: [PATCH net-next v4 1/2] net sched actions: dump more than TCA_ACT_MAX_PRIO actions per batch
Date: Fri, 21 Apr 2017 11:38:00 -0400 (EDT) [thread overview]
Message-ID: <20170421.113800.1367091481085913667.davem@davemloft.net> (raw)
In-Reply-To: <82a6c32b-d58e-aeed-bfb5-546f328eaf35@mojatatu.com>
From: Jamal Hadi Salim <jhs@mojatatu.com>
Date: Fri, 21 Apr 2017 11:29:19 -0400
> On 17-04-21 10:51 AM, David Miller wrote:
>> From: Jamal Hadi Salim <jhs@mojatatu.com>
>> Date: Fri, 21 Apr 2017 06:36:19 -0400
>>
>>> On 17-04-20 01:58 PM, David Miller wrote:
>>>> From: Jamal Hadi Salim <jhs@mojatatu.com>
>>>> Date: Thu, 20 Apr 2017 13:38:14 -0400
>>>>
>>>
>
>>
>> Which means we can never use them for anything else reliably,
>> there could be random crap in there.
>>
>
> Today: User space set them to zero.
You don't know this because the kernel has never verified it.
Jamal, you cannot walk past this important point, nothing can
be argued further because of it.
> Old kernels ignore them. New kernels look at the new ones.
> We'll be in a lot of trouble if this was not the case
> for things today;-> People add bits all the time in TLVs
> and in netlink headers that are labeled as flags.
And when we do things that way it's broken, and why we have such
crappy behavior.
We made a very bad decision a long time ago to ignore unrecognized
things in netlink and it was a grave error which we must start
correcting now.
If a user says "enable X" and it just gets simply ignored by older
kernels, that can't work properly. What if "enable X" is something
like "turn on encryption"? Are you OK with the user getting no
feedback that their stuff is not going to be encrypted?
Even something as benign as "give melarger action dumps" _must_ still
have the same behavior because the user has no alternative action plan
possible if it cannot tell if the kernel supports the facility or not.
> Dave, I dont think you are suggesting we should use a TLV for every
> bit
> we want to send to the kernel (as Jiri is), are you?
Jiri is not suggesting this, he is instead saying if you want to
support more bits in the future then you must check that the unused
bits are zero _now_ so that we can prove that userland clears them
properly.
And if you don't have any direct plans for more bits in the future,
use just a single attribute with the smallest integer type possible.
> I think you as suggesting we should from now on enforce a rule that
> in the kernel we start checking that bits in a bitmap received for
> things we are not interested in. So if a bit i dont understand shows
> up in the kernel what should i do?
Reject it.
> Rejecting the transaction because i received something i dont
> understand is not conducive to forward compatibility.
Not rejecting it breaks everything and gives the user no feedback
or way whatsoever to know whether the kernel supports something or
not.
I'm not letting us continue to do things so stupidly any more.
I want future applications to know if they are running on an older
kernel and that a specific netlink feature is not supported.
Ignoring not-understood bits prevents that and is the single most
fundamental mistake we've made in netlink.
next prev parent reply other threads:[~2017-04-21 18:22 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 11:57 [PATCH net-next v4 1/2] net sched actions: dump more than TCA_ACT_MAX_PRIO actions per batch Jamal Hadi Salim
2017-04-19 11:57 ` [PATCH net-next v4 2/2] net sched actions: add time filter for action dumping Jamal Hadi Salim
2017-04-19 12:53 ` Jiri Pirko
2017-04-19 13:11 ` Jamal Hadi Salim
2017-04-19 14:14 ` Jiri Pirko
2017-04-19 15:47 ` Jamal Hadi Salim
2017-04-19 15:55 ` Jiri Pirko
2017-04-19 12:36 ` [PATCH net-next v4 1/2] net sched actions: dump more than TCA_ACT_MAX_PRIO actions per batch Jiri Pirko
2017-04-19 12:55 ` Roman Mashak
2017-04-19 13:05 ` Jiri Pirko
2017-04-19 13:03 ` Jamal Hadi Salim
2017-04-19 13:13 ` Jiri Pirko
2017-04-19 15:37 ` Jamal Hadi Salim
2017-04-19 15:54 ` Jiri Pirko
2017-04-19 16:07 ` Jamal Hadi Salim
2017-04-19 16:17 ` Jiri Pirko
2017-04-20 10:42 ` Jamal Hadi Salim
2017-04-20 11:35 ` Jiri Pirko
2017-04-20 14:03 ` Jamal Hadi Salim
2017-04-20 12:18 ` Eric Dumazet
2017-04-20 13:27 ` Jamal Hadi Salim
2017-04-20 15:50 ` David Miller
2017-04-20 17:38 ` Jamal Hadi Salim
2017-04-20 17:58 ` David Miller
2017-04-21 10:36 ` Jamal Hadi Salim
2017-04-21 14:51 ` David Miller
2017-04-21 15:29 ` Jamal Hadi Salim
2017-04-21 15:38 ` David Miller [this message]
2017-04-21 15:55 ` Jamal Hadi Salim
2017-04-21 16:01 ` Jamal Hadi Salim
2017-04-21 16:12 ` David Miller
2017-04-21 18:11 ` Jamal Hadi Salim
2017-04-22 11:30 ` Jamal Hadi Salim
2017-04-24 9:27 ` Simon Horman
2017-04-24 12:54 ` Jamal Hadi Salim
2017-04-21 16:11 ` David Miller
2017-04-20 15:23 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170421.113800.1367091481085913667.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).