From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: David Laight <David.Laight@ACULAB.COM>,
David Miller <davem@davemloft.net>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"vyasevich@gmail.com" <vyasevich@gmail.com>,
"nhorman@tuxdriver.com" <nhorman@tuxdriver.com>,
"linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>
Subject: Re: [PATCH net] sctp: fix race on protocol/netns initialization
Date: Thu, 10 Sep 2015 11:36:13 -0300 [thread overview]
Message-ID: <55F1955D.8010302@gmail.com> (raw)
In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6D1CB9194F@AcuExch.aculab.com>
Em 10-09-2015 10:02, David Laight escreveu:
> From: Marcelo Ricardo Leitner
>> Sent: 10 September 2015 13:54
>> Em 09-09-2015 21:16, David Miller escreveu:
>>> From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
>>> Date: Wed, 9 Sep 2015 17:03:01 -0300
>>>
>>>> So the fix then is to invert the initialization order inside
>>>> register_pernet_subsys() so that the control socket is created by last
>>>> and also block socket creation if netns initialization wasn't yet
>>>> performed.
>>>
>>> If we really need to we could make ->create() fail with -EAFNOSUPPORT
>>> if kern==1 until the protocol is fully setup.
>>>
>>> Or, instead of failing, we could make such ->create() calls block
>>> until the control sock init is complete or fails.
>>
>> I guess I should have written that paragraph in another order, perhaps like:
>> So the fix then is to deny any sctp socket creation until netns
>> initialization is sufficiently done. And due to that, we have to
>> initialize the control socket as last step in netns initialization, as
>> now it can't be created earlier anymore.
>>
>> Is it clearer on the intention?
>>
>> And my emphasis on userspace sockets was to highlight that a random user
>> could trigger it, but yes both users are affected by the issue.
>>
>> Strictly speaking, we would have to block ->create() not until the
>> control socket init is done but until the protocol is fully loaded. Such
>> condition, with this patch, is after net->sctp.auto_asconf_splist is
>> initialized. But for blocking until instead of just denying, we would
>> need some other mechanism.
>>
>> It would be better from the (sctp) user point of view but then such
>> solution may better belong to another layer instead and protect all
>> protocols at once. (I checked and couldn't find other protocols at risk
>> like sctp)
>
> Given that the first ->create() blocks while the protocol code loads
> it really wouldn't be right to error a subsequent ->create() because
> the load hasn't completed.
Can't say I don't agree with you, but at the same time, there are other
temporary errors that can happen and that the user should just retry.
This would be just another condition in a trade off for avoiding complexity.
> I hold a semaphore across sock_create_kern() because of issues with sctp.
> (Current kernels are nowhere near as bad as really old ones though.)
Oh, that's not good to hear. I'll experiment with that later, try to
catch some bugs. :)
Marcelo
next prev parent reply other threads:[~2015-09-10 14:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-09 20:03 [PATCH net] sctp: fix race on protocol/netns initialization Marcelo Ricardo Leitner
2015-09-09 20:30 ` Vlad Yasevich
2015-09-09 21:06 ` Marcelo Ricardo Leitner
2015-09-10 13:24 ` Vlad Yasevich
2015-09-10 14:22 ` Marcelo Ricardo Leitner
2015-09-10 15:50 ` Vlad Yasevich
2015-09-10 16:24 ` Marcelo Ricardo Leitner
2015-09-10 18:35 ` Marcelo Ricardo Leitner
2015-09-10 18:47 ` Marcelo Ricardo Leitner
2015-09-10 19:14 ` Vlad Yasevich
2015-09-10 19:42 ` Marcelo Ricardo Leitner
2015-09-10 20:31 ` [PATCH net v2] " Marcelo Ricardo Leitner
2015-09-11 22:00 ` David Miller
2015-09-10 0:16 ` [PATCH net] " David Miller
2015-09-10 12:54 ` Marcelo Ricardo Leitner
2015-09-10 13:02 ` David Laight
2015-09-10 14:36 ` Marcelo Ricardo Leitner [this message]
2015-09-10 15:03 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55F1955D.8010302@gmail.com \
--to=marcelo.leitner@gmail.com \
--cc=David.Laight@ACULAB.COM \
--cc=davem@davemloft.net \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).