Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753366Ab2KGRQ0 (ORCPT ); Wed, 7 Nov 2012 12:16:26 -0500 Received: from mx1.redhat.com ([209.132.183.28]:34517 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751346Ab2KGRQY (ORCPT ); Wed, 7 Nov 2012 12:16:24 -0500 Date: Wed, 7 Nov 2012 12:15:41 -0500 From: Dave Jones To: Eric Dumazet Cc: Julius Werner , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Patrick McHardy , Hideaki YOSHIFUJI , James Morris , Alexey Kuznetsov , "David S. Miller" , Sameer Nanda , Mandeep Singh Baines , Eric Dumazet Subject: Re: [PATCH] tcp: Replace infinite loop on recvmsg bug with proper crashusers Message-ID: <20121107171541.GA24482@redhat.com> Mail-Followup-To: Dave Jones , Eric Dumazet , Julius Werner , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Patrick McHardy , Hideaki YOSHIFUJI , James Morris , Alexey Kuznetsov , "David S. Miller" , Sameer Nanda , Mandeep Singh Baines , Eric Dumazet References: <1352247335-10396-1-git-send-email-jwerner@chromium.org> <20121107013907.GA31185@redhat.com> <20121107155434.GA17677@redhat.com> <1352305752.3140.4449.camel@edumazet-glaptop> <20121107164358.GA20495@redhat.com> <1352307902.3140.4588.camel@edumazet-glaptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1352307902.3140.4588.camel@edumazet-glaptop> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2205 Lines: 55 On Wed, Nov 07, 2012 at 09:05:02AM -0800, Eric Dumazet wrote: > On Wed, 2012-11-07 at 11:43 -0500, Dave Jones wrote: > > > dude, look at the bug reports I just pointed you at. > > People _are_ aware there are bugs there. > > > If I remember well, I helped to fix some of them. indeed, and I commend you for it. I want to help you fix more ;) > > > I understand a distro maintainer has its own choices, but for upstream > > > kernel we want to have early reports. > > > > I'm running out of ways to word this, but I'll try again. > > You won't get those early reports if you turn this into a BUG(). > > > > > This bug is fatal and a security issue. BUG() is appropriate. > > > > turning a bug into a remote DoS is also a security issue. > > Apparently in some cases we can loop and fill the syslog, or > else Julius wouldnt have sent a patch. > > So the proper fix is to emit this message only once, and to find > a way to alert the user security is compromised. > > So if BUG() isnt good, just use WARN_ON_ONCE() > > I feel that WARN_ON_ONCE() wont be clear enough to the user, especially > if we recover from this by closing the tcp session, exactly as if we > received a proper FIN. Judging by the mangled traces we've seen, further reports after the initial one aren't too useful anyway. Automated detectors like abrt should be able to pick up these traces from the logs on the next reboot. (Which would probably be better than it trying to file them immediately over the network when the tcp layer is so confused) sidenote: If the integrity of the tcp layer is in question, maybe some kind of localised version of BUG() that just shuts down that subsystem might be something worth persueing. > Really if you object a BUG() here, I cant understand you didnt shout to > other BUG() uses in the kernel. When I see them, I call them. But I am just one person, and usage of that macro is like a disease. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/