Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1871649imj;
        Sun, 10 Feb 2019 12:17:47 -0800 (PST)
X-Google-Smtp-Source: AHgI3IbKKn5Wikd0SsVfvvw5wDik5aarg/etNVWrGV7yGMGxIP+sG1pPKx/6QMLpysp6k960QU9R
X-Received: by 2002:a62:5c41:: with SMTP id q62mr33984673pfb.171.1549829867455;
        Sun, 10 Feb 2019 12:17:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549829867; cv=none;
        d=google.com; s=arc-20160816;
        b=soNiYJzC2w9kyAh/Xm9lrVfJPiRHnJ6ZvCXYxSSh/E4KNCfw8Lvgn+yVDjBR7f1wZb
         CqyIqZMw72GI9IsKxol8IG31yiDahGfj08oDv0WTG1JS93JTk/x6xp91/vCJZXQVLM8p
         sdCrtelEmd42871K1jxOSFleTEXiiIIxxn+VSuL9tDL9jtNz+IXucDG/29ztTXn2NCal
         ivwgGaKgewGNX/MhM7OH36kheBSdqh7Is0Gk6kxfSP1Q7Jo3/nwlYiiNe/w8L69HxRvP
         zstmIYCBwzt5jCvG3HIiRl537g4ZO+KgkvGozv5xj9E9rtWqZcZNqtSJdXHqx0RvuvuZ
         34tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=/xvioiBxcdnk7/NHUmyNNfdD6d+rkC/X2K5XviK/+JA=;
        b=cQDQO30V5K+QbccMC+g0T0mx/Juk6vNs2xczrwrxV+8+LfxqmBv41IbDmlyGiU0urP
         8ssi5iP6XnbgZasHFgBCGVKmmQFRV4IVxWwSrL9WOSnIwbSOQvofSvHXUBuy2yGUFw3W
         mSVHci1CQaM6NMUZl4NqBRlNxSzZtX+Cjs4vRPVxjniwlYCJR7x3Y9GN1fbGHlu6mNgo
         fqpqRYxcO8ldC5+JG1uCKvFc7emj2tWNzRkbo0onIClc1aA3kcQJR+vaUVzdGguFVMZv
         FFKz55eAVryxhssscqVwqIEG6itYo9HoO1UjD/YLlVzbpk3FAZYBomWmtAmIz6oxOIOY
         N/kA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=iBFEf1Iw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z185si7821473pgb.222.2019.02.10.12.17.31;
        Sun, 10 Feb 2019 12:17:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=iBFEf1Iw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726699AbfBJUQF (ORCPT <rfc822;zhangckid@gmail.com> + 99 others);
        Sun, 10 Feb 2019 15:16:05 -0500
Received: from mail-qt1-f193.google.com ([209.85.160.193]:34774 "EHLO
        mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725958AbfBJUQE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 10 Feb 2019 15:16:04 -0500
Received: by mail-qt1-f193.google.com with SMTP id w4so1231771qtc.1;
        Sun, 10 Feb 2019 12:16:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=/xvioiBxcdnk7/NHUmyNNfdD6d+rkC/X2K5XviK/+JA=;
        b=iBFEf1Iwxc2jta8r0plq4EcC9V2V1kO+q4uBzFHYQOv9fruR8MMeYzh+uJlP0xtlDq
         9jyt+92W751eXMwiAZoxoowhAL5FZ5K1GYskdFY2L7JgdjCwV2CLk01TjGwom0BT80sk
         Hf38c7VDSHspVXouqfvmFx0TupGJwQGnd9NQa+EHZ0W2zpB6oMhJWheXYXbhoYJde0+x
         w4Mi2/Y0F1YfzieIjIP6zzN9n8sCj8kEOnen51x/kT8yC1ePDJNgijVHpwVqfffFZFe+
         Td0RS3zcGyVnSE/DnL+G4vWmvRNmrkOiRN8vo4cQ7k3OPClZJzwDOlPVqv6GiVt5pcpY
         KmRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=/xvioiBxcdnk7/NHUmyNNfdD6d+rkC/X2K5XviK/+JA=;
        b=aI8Uc0Wr2pIowx60aZ/ATNvKCtM+mcTH9G5IvPoX+d5xyMIwnEUPSCGvfUmlS4vzD6
         39Zcl05CmgeSHEj3RkAQgBBFqWHIBTFrKwsPkJHKtjBvwYAgt/0L5jQLJf4shVAjY5tV
         FE3LSAiaViHPdProwhbkWeF7pIWTE/pCgoQx5MwOuyKuHJ2TFyKMfPbuyKVC4Lu7SNJ4
         /HEOUB0d7DslVLM5dZUlrpeYrAWoTxtlgvkGF2nyo+5Ir8oo9eiIuDp+sT/t3lnWDx8z
         mqw7jIuW8qaIDHidnbv75ycH419AgZz3iCf6jiUTPL9c6cV7xLabP8/IMu1ZmxYpcmSo
         pZVQ==
X-Gm-Message-State: AHQUAubjLNKzmsLn0f0Qw+CeXdtSC/6/63zGjcE2wCU664KapCQLIP13
        vOIEPLYn4rrKVySCBEO8AgU=
X-Received: by 2002:ac8:3273:: with SMTP id y48mr6093465qta.67.1549829762976;
        Sun, 10 Feb 2019 12:16:02 -0800 (PST)
Received: from localhost.localdomain ([2001:1284:f019:c4a1:e98a:edae:d055:8fc6])
        by smtp.gmail.com with ESMTPSA id j129sm8464655qkd.18.2019.02.10.12.16.01
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 10 Feb 2019 12:16:01 -0800 (PST)
Received: by localhost.localdomain (Postfix, from userid 1000)
        id 34176180B5B; Sun, 10 Feb 2019 18:15:59 -0200 (-02)
Date:   Sun, 10 Feb 2019 18:15:59 -0200
From:   Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To:     David Miller <davem@davemloft.net>
Cc:     julien@arista.com, netdev@vger.kernel.org,
        linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org,
        nhorman@tuxdriver.com, vyasevich@gmail.com, lucien.xin@gmail.com
Subject: Re: [PATCH net] sctp: make sctp_setsockopt_events() less strict
 about the option length
Message-ID: <20190210201559.GE10665@localhost.localdomain>
References: <20190206201430.18830-1-julien@arista.com>
 <20190206203754.GC13621@localhost.localdomain>
 <20190209.151217.175627323493244750.davem@davemloft.net>
 <20190210124616.GG13621@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190210124616.GG13621@localhost.localdomain>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Feb 10, 2019 at 10:46:16AM -0200, Marcelo Ricardo Leitner wrote:
> On Sat, Feb 09, 2019 at 03:12:17PM -0800, David Miller wrote:
> > From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> > Date: Wed, 6 Feb 2019 18:37:54 -0200
> > 
> > > On Wed, Feb 06, 2019 at 12:14:30PM -0800, Julien Gomes wrote:
> > >> Make sctp_setsockopt_events() able to accept sctp_event_subscribe
> > >> structures longer than the current definitions.
> > >> 
> > >> This should prevent unjustified setsockopt() failures due to struct
> > >> sctp_event_subscribe extensions (as in 4.11 and 4.12) when using
> > >> binaries that should be compatible, but were built with later kernel
> > >> uapi headers.
> > > 
> > > Not sure if we support backwards compatibility like this?
> > 
> > What a complete mess we have here.
> > 
> > Use new socket option numbers next time, do not change the size and/or
> > layout of existing socket options.
> 
> What about reusing the same socket option, but defining a new struct?
> Say, MYSOCKOPT supports struct mysockopt, struct mysockopt2, struct
> mysockopt3...
> 
> That way we have a clear definition of the user's intent.
> 
> > 
> > This whole thread, if you read it, is basically "if we compatability
> > this way, that breaks, and if we do compatability this other way oh
> > shit this other thing doesn't work."
> > 
> > I think we really need to specifically check for the difference sizes
> > that existed one by one, clear out the part not given by the user, and
> > backport this as far back as possible in a way that in the older kernels
> > we see if the user is actually trying to use the new features and if so
> > error out.
> 
> I'm afraid clearing out may not be enough, though seems it's the best
> we can do so far. If the struct is allocated but not fully initialized
> via a memset, but by setting its fields one by one, the remaining new
> fields will be left uninitinialized.

Need to clarify the "clearing out", I think it was meant differently.
It was more about on how to ensure that the 16-bytes long of the v3
supplied to a v1-only kernel is compatible with the 12-bytes long v1.
The kernel would have to check the trailing 4 bytes after v1-size and
make sure they are all zeroed in order for the old kernel to accept it
as a v1. But, as I said above, there are situations that this will not
be enough.

> 
> > 
> > Which, btw, is terrible behavior.  Newly compiled apps should work on
> > older kernels if they don't try to use the new features, and if they
> 
> One use case here is: a given distro is using kernel X and app Foo is
> built against it. Then upgrades to X+1, Foo is patched to fix an issue
> and is rebuilt against X+1. The user upgrades Foo package but for
> whatever reason, doesn't upgrade kernel or reboot the system. Here,
> Foo doesn't work anymore until the new kernel is also running.
> 
> > can the ones that want to try to use the new features should be able
> > to fall back when that feature isn't available in a non-ambiguous
> > and precisely defined way.
> > 
> > The fact that the use of the new feature is hidden in the new
> > structure elements is really rotten.
> > 
> > This patch, at best, needs some work and definitely a longer and more
> > detailed commit message.
> 

We have issues on read path too. 52ccb8e90c0a ("[SCTP]: Update
SCTP_PEER_ADDR_PARAMS socket option to the latest api draft.")
extended struct sctp_paddrparams and its getsockopt goes with:

sctp_getsockopt_peer_addr_params()
...
        if (len < sizeof(struct sctp_paddrparams))
                return -EINVAL;
        len = sizeof(struct sctp_paddrparams);

By then, we didn't have the /uapi/ folder yet. There may other cases.