diff mbox

[v2] sctp: Change defaults on cookie hmac selection

Message ID 1355534521-32719-1-git-send-email-nhorman@tuxdriver.com
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Neil Horman Dec. 15, 2012, 1:22 a.m. UTC 
Recently I posted commit 3c68198e75 which made selection of the cookie hmac
algorithm selectable.  This is all well and good, but Linus noted that it
changes the default config:
http://marc.info/?l=linux-netdev&m=135536629004808&w=2

I've modified the sctp Kconfig file to reflect the recommended way of making
this choice, using the thermal driver example specified, and brought the
defaults back into line with the way they were prior to my origional patch

Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
algorithm, so we don't needlessly bloat the kernel by forcing a non-none
default.  This also led me to note that we won't honor the default none
condition properly because of how sctp_net_init is encoded.  Fix that up as
well.

Tested by myself (allbeit fairly quickly).  All configuration combinations seems
to work soundly.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: David Miller <davem@davemloft.net>
CC: Linus Torvalds <torvalds@linux-foundation.org>
CC: Vlad Yasevich <vyasevich@gmail.com>
CC: linux-sctp@vger.kernel.org
---
 net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
 net/sctp/protocol.c |  4 ++--
 2 files changed, 27 insertions(+), 4 deletions(-)

Comments

David Miller Dec. 16, 2012, 1:16 a.m. UTC | #1 
From: Neil Horman <nhorman@tuxdriver.com>
Date: Fri, 14 Dec 2012 20:22:01 -0500

> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> algorithm selectable.  This is all well and good, but Linus noted that it
> changes the default config:
> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
> 
> I've modified the sctp Kconfig file to reflect the recommended way of making
> this choice, using the thermal driver example specified, and brought the
> defaults back into line with the way they were prior to my origional patch
> 
> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> default.  This also led me to note that we won't honor the default none
> condition properly because of how sctp_net_init is encoded.  Fix that up as
> well.
> 
> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> to work soundly.
> 
> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Fainelli Jan. 7, 2013, 1:25 p.m. UTC | #2 
Hello Neil,

Le 12/15/12 02:22, Neil Horman a écrit :
> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> algorithm selectable.  This is all well and good, but Linus noted that it
> changes the default config:
> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
>
> I've modified the sctp Kconfig file to reflect the recommended way of making
> this choice, using the thermal driver example specified, and brought the
> defaults back into line with the way they were prior to my origional patch
>
> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> default.  This also led me to note that we won't honor the default none
> condition properly because of how sctp_net_init is encoded.  Fix that up as
> well.
>
> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> to work soundly.
>
> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> CC: David Miller <davem@davemloft.net>
> CC: Linus Torvalds <torvalds@linux-foundation.org>
> CC: Vlad Yasevich <vyasevich@gmail.com>
> CC: linux-sctp@vger.kernel.org
> ---
>   net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
>   net/sctp/protocol.c |  4 ++--
>   2 files changed, 27 insertions(+), 4 deletions(-)
>
> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
> index a9edd2e..c262106 100644
> --- a/net/sctp/Kconfig
> +++ b/net/sctp/Kconfig
> @@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
>   	  'cat /proc/net/sctp/sctp_dbg_objcnt'
>
>   	  If unsure, say N
> +choice
> +	prompt "Default SCTP cookie HMAC encoding"
> +	default SCTP_COOKIE_HMAC_MD5

Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to update 
to 3.8-rc2, and I usually build my kernel-headers with:

yes '' | ARCH=foo make oldconfig

and this just kept asking me for this config symbol because none could 
be provided.
--
Florian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Neil Horman Jan. 7, 2013, 2:49 p.m. UTC | #3 
On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
> Hello Neil,
> 
> Le 12/15/12 02:22, Neil Horman a écrit :
> >Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> >algorithm selectable.  This is all well and good, but Linus noted that it
> >changes the default config:
> >http://marc.info/?l=linux-netdev&m=135536629004808&w=2
> >
> >I've modified the sctp Kconfig file to reflect the recommended way of making
> >this choice, using the thermal driver example specified, and brought the
> >defaults back into line with the way they were prior to my origional patch
> >
> >Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> >algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> >default.  This also led me to note that we won't honor the default none
> >condition properly because of how sctp_net_init is encoded.  Fix that up as
> >well.
> >
> >Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> >to work soundly.
> >
> >Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> >CC: David Miller <davem@davemloft.net>
> >CC: Linus Torvalds <torvalds@linux-foundation.org>
> >CC: Vlad Yasevich <vyasevich@gmail.com>
> >CC: linux-sctp@vger.kernel.org
> >---
> >  net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
> >  net/sctp/protocol.c |  4 ++--
> >  2 files changed, 27 insertions(+), 4 deletions(-)
> >
> >diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
> >index a9edd2e..c262106 100644
> >--- a/net/sctp/Kconfig
> >+++ b/net/sctp/Kconfig
> >@@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
> >  	  'cat /proc/net/sctp/sctp_dbg_objcnt'
> >
> >  	  If unsure, say N
> >+choice
> >+	prompt "Default SCTP cookie HMAC encoding"
> >+	default SCTP_COOKIE_HMAC_MD5
> 
> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
> update to 3.8-rc2, and I usually build my kernel-headers with:
> 
> yes '' | ARCH=foo make oldconfig
> 
> and this just kept asking me for this config symbol because none
> could be provided.
> --
> Florian
> 

No, the config mechanism is setup to offer the user the ability to choose a
default cookie hmac, alg, then optionally select any other hmac algs you would
like to be made available (in the event you want to change the default at run
time).  When you select the default, it eables (via the select directive), the
corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
then prompts for the remaining values.

Neil

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Fainelli Jan. 7, 2013, 3:15 p.m. UTC | #4 
Le 01/07/13 15:49, Neil Horman a écrit :
> On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
>> Hello Neil,
>>
>> Le 12/15/12 02:22, Neil Horman a écrit :
>>> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
>>> algorithm selectable.  This is all well and good, but Linus noted that it
>>> changes the default config:
>>> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
>>>
>>> I've modified the sctp Kconfig file to reflect the recommended way of making
>>> this choice, using the thermal driver example specified, and brought the
>>> defaults back into line with the way they were prior to my origional patch
>>>
>>> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
>>> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
>>> default.  This also led me to note that we won't honor the default none
>>> condition properly because of how sctp_net_init is encoded.  Fix that up as
>>> well.
>>>
>>> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
>>> to work soundly.
>>>
>>> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
>>> CC: David Miller <davem@davemloft.net>
>>> CC: Linus Torvalds <torvalds@linux-foundation.org>
>>> CC: Vlad Yasevich <vyasevich@gmail.com>
>>> CC: linux-sctp@vger.kernel.org
>>> ---
>>>   net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
>>>   net/sctp/protocol.c |  4 ++--
>>>   2 files changed, 27 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>>> index a9edd2e..c262106 100644
>>> --- a/net/sctp/Kconfig
>>> +++ b/net/sctp/Kconfig
>>> @@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
>>>   	  'cat /proc/net/sctp/sctp_dbg_objcnt'
>>>
>>>   	  If unsure, say N
>>> +choice
>>> +	prompt "Default SCTP cookie HMAC encoding"
>>> +	default SCTP_COOKIE_HMAC_MD5
>> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
>> update to 3.8-rc2, and I usually build my kernel-headers with:
>>
>> yes '' | ARCH=foo make oldconfig
>>
>> and this just kept asking me for this config symbol because none
>> could be provided.
>> --
>> Florian
>>
> No, the config mechanism is setup to offer the user the ability to choose a
> default cookie hmac, alg, then optionally select any other hmac algs you would
> like to be made available (in the event you want to change the default at run
> time).  When you select the default, it eables (via the select directive), the
> corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
> then prompts for the remaining values.

Ok for the explanation, but this still breaks an oldconfig because we do 
not actually propose the user with a default choice:

     choice[1-3?]:     Default SCTP cookie HMAC encoding
       1. Enable optional MD5 hmac cookie generation 
(SCTP_DEFAULT_COOKIE_HMAC_MD5) (NEW)
       2. Enable optional SHA1 hmac cookie generation 
(SCTP_DEFAULT_COOKIE_HMAC_SHA1) (NEW)
       3. Use no hmac alg in SCTP cookie generation 
(SCTP_DEFAULT_COOKIE_HMAC_NONE) (NEW)

I do not see any difference in what I am proposed if the default config 
symbol is SCTP_DEFAULT_COOKIE_HMAC_MD5, I can still optionally choose 
SHA1 to be supported, and I do have a valid default config for this 
choice. While if I keep SCTP_COOKIE_HMAC_MD5 as the default I have to 
manually enter which option I want.
--
Florian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Vladislav Yasevich Jan. 7, 2013, 3:32 p.m. UTC | #5 
On 01/07/2013 09:49 AM, Neil Horman wrote:
> On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
>> Hello Neil,
>>
>> Le 12/15/12 02:22, Neil Horman a écrit :
>>> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
>>> algorithm selectable.  This is all well and good, but Linus noted that it
>>> changes the default config:
>>> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
>>>
>>> I've modified the sctp Kconfig file to reflect the recommended way of making
>>> this choice, using the thermal driver example specified, and brought the
>>> defaults back into line with the way they were prior to my origional patch
>>>
>>> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
>>> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
>>> default.  This also led me to note that we won't honor the default none
>>> condition properly because of how sctp_net_init is encoded.  Fix that up as
>>> well.
>>>
>>> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
>>> to work soundly.
>>>
>>> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
>>> CC: David Miller <davem@davemloft.net>
>>> CC: Linus Torvalds <torvalds@linux-foundation.org>
>>> CC: Vlad Yasevich <vyasevich@gmail.com>
>>> CC: linux-sctp@vger.kernel.org
>>> ---
>>>   net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
>>>   net/sctp/protocol.c |  4 ++--
>>>   2 files changed, 27 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>>> index a9edd2e..c262106 100644
>>> --- a/net/sctp/Kconfig
>>> +++ b/net/sctp/Kconfig
>>> @@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
>>>   	  'cat /proc/net/sctp/sctp_dbg_objcnt'
>>>
>>>   	  If unsure, say N
>>> +choice
>>> +	prompt "Default SCTP cookie HMAC encoding"
>>> +	default SCTP_COOKIE_HMAC_MD5
>>
>> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
>> update to 3.8-rc2, and I usually build my kernel-headers with:
>>
>> yes '' | ARCH=foo make oldconfig
>>
>> and this just kept asking me for this config symbol because none
>> could be provided.
>> --
>> Florian
>>
>
> No, the config mechanism is setup to offer the user the ability to choose a
> default cookie hmac, alg, then optionally select any other hmac algs you would
> like to be made available (in the event you want to change the default at run
> time).  When you select the default, it eables (via the select directive), the
> corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
> then prompts for the remaining values.
>

Neil

Actually, I think it should be as Florian suggests.  The default value 
of the choice should be one of the values defined as part of the choice 
(the SCTP_DEFAULT_COOKIE_*).  Turning on appropriate default would turn 
on appropriate cookie config (SCTP_COOKIE_HMAC_*).

Would that save all the config trouble?

-vlad

> Neil
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Neil Horman Jan. 7, 2013, 3:38 p.m. UTC | #6 
On Mon, Jan 07, 2013 at 04:15:24PM +0100, Florian Fainelli wrote:
> Le 01/07/13 15:49, Neil Horman a écrit :
> >On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
> >>Hello Neil,
> >>
> >>Le 12/15/12 02:22, Neil Horman a écrit :
> >>>Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> >>>algorithm selectable.  This is all well and good, but Linus noted that it
> >>>changes the default config:
> >>>http://marc.info/?l=linux-netdev&m=135536629004808&w=2
> >>>
> >>>I've modified the sctp Kconfig file to reflect the recommended way of making
> >>>this choice, using the thermal driver example specified, and brought the
> >>>defaults back into line with the way they were prior to my origional patch
> >>>
> >>>Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> >>>algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> >>>default.  This also led me to note that we won't honor the default none
> >>>condition properly because of how sctp_net_init is encoded.  Fix that up as
> >>>well.
> >>>
> >>>Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> >>>to work soundly.
> >>>
> >>>Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> >>>CC: David Miller <davem@davemloft.net>
> >>>CC: Linus Torvalds <torvalds@linux-foundation.org>
> >>>CC: Vlad Yasevich <vyasevich@gmail.com>
> >>>CC: linux-sctp@vger.kernel.org
> >>>---
> >>>  net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
> >>>  net/sctp/protocol.c |  4 ++--
> >>>  2 files changed, 27 insertions(+), 4 deletions(-)
> >>>
> >>>diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
> >>>index a9edd2e..c262106 100644
> >>>--- a/net/sctp/Kconfig
> >>>+++ b/net/sctp/Kconfig
> >>>@@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
> >>>  	  'cat /proc/net/sctp/sctp_dbg_objcnt'
> >>>
> >>>  	  If unsure, say N
> >>>+choice
> >>>+	prompt "Default SCTP cookie HMAC encoding"
> >>>+	default SCTP_COOKIE_HMAC_MD5
> >>Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
> >>update to 3.8-rc2, and I usually build my kernel-headers with:
> >>
> >>yes '' | ARCH=foo make oldconfig
> >>
> >>and this just kept asking me for this config symbol because none
> >>could be provided.
> >>--
> >>Florian
> >>
> >No, the config mechanism is setup to offer the user the ability to choose a
> >default cookie hmac, alg, then optionally select any other hmac algs you would
> >like to be made available (in the event you want to change the default at run
> >time).  When you select the default, it eables (via the select directive), the
> >corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
> >then prompts for the remaining values.
> 
> Ok for the explanation, but this still breaks an oldconfig because
> we do not actually propose the user with a default choice:
> 
>     choice[1-3?]:     Default SCTP cookie HMAC encoding
>       1. Enable optional MD5 hmac cookie generation
> (SCTP_DEFAULT_COOKIE_HMAC_MD5) (NEW)
>       2. Enable optional SHA1 hmac cookie generation
> (SCTP_DEFAULT_COOKIE_HMAC_SHA1) (NEW)
>       3. Use no hmac alg in SCTP cookie generation
> (SCTP_DEFAULT_COOKIE_HMAC_NONE) (NEW)
> 
> I do not see any difference in what I am proposed if the default
> config symbol is SCTP_DEFAULT_COOKIE_HMAC_MD5, I can still
> optionally choose SHA1 to be supported, and I do have a valid
> default config for this choice. While if I keep SCTP_COOKIE_HMAC_MD5
No, thats the problem, your old config is no longer valid with this new Kconfig
file.  Your config is telling the config utility that you want your default
Cookie hmac to be MD5, but you've explicitly told it (via your yes "" | make
oldconfig command), that you want SCTP_COOKIE_HMAC_MD5 to be disabled, so the
config utility is left with no choice to prompt you again for a default hmac,
which your command answers again by saying SCTP_DEFAULT_COOKIE_HMAC_MD5 (the
default choice of 1).  Thats your loop, you keep telling the config utility that
you both want the default hmac to be md5, and that you don't want to allow md5
to be an available hmac alg.  

Thats not a bug.  I'm sorry if your old configuration needs manual updating, but
there are no guarantees that old configurations will 'just work' in perpituity.

Neil

> as the default I have to manually enter which option I want.
> --
> Florian
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Neil Horman Jan. 7, 2013, 3:46 p.m. UTC | #7 
On Mon, Jan 07, 2013 at 10:32:01AM -0500, Vlad Yasevich wrote:
> On 01/07/2013 09:49 AM, Neil Horman wrote:
> >On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
> >>Hello Neil,
> >>
> >>Le 12/15/12 02:22, Neil Horman a écrit :
> >>>Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> >>>algorithm selectable.  This is all well and good, but Linus noted that it
> >>>changes the default config:
> >>>http://marc.info/?l=linux-netdev&m=135536629004808&w=2
> >>>
> >>>I've modified the sctp Kconfig file to reflect the recommended way of making
> >>>this choice, using the thermal driver example specified, and brought the
> >>>defaults back into line with the way they were prior to my origional patch
> >>>
> >>>Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> >>>algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> >>>default.  This also led me to note that we won't honor the default none
> >>>condition properly because of how sctp_net_init is encoded.  Fix that up as
> >>>well.
> >>>
> >>>Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> >>>to work soundly.
> >>>
> >>>Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
> >>>CC: David Miller <davem@davemloft.net>
> >>>CC: Linus Torvalds <torvalds@linux-foundation.org>
> >>>CC: Vlad Yasevich <vyasevich@gmail.com>
> >>>CC: linux-sctp@vger.kernel.org
> >>>---
> >>>  net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
> >>>  net/sctp/protocol.c |  4 ++--
> >>>  2 files changed, 27 insertions(+), 4 deletions(-)
> >>>
> >>>diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
> >>>index a9edd2e..c262106 100644
> >>>--- a/net/sctp/Kconfig
> >>>+++ b/net/sctp/Kconfig
> >>>@@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
> >>>  	  'cat /proc/net/sctp/sctp_dbg_objcnt'
> >>>
> >>>  	  If unsure, say N
> >>>+choice
> >>>+	prompt "Default SCTP cookie HMAC encoding"
> >>>+	default SCTP_COOKIE_HMAC_MD5
> >>
> >>Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
> >>update to 3.8-rc2, and I usually build my kernel-headers with:
> >>
> >>yes '' | ARCH=foo make oldconfig
> >>
> >>and this just kept asking me for this config symbol because none
> >>could be provided.
> >>--
> >>Florian
> >>
> >
> >No, the config mechanism is setup to offer the user the ability to choose a
> >default cookie hmac, alg, then optionally select any other hmac algs you would
> >like to be made available (in the event you want to change the default at run
> >time).  When you select the default, it eables (via the select directive), the
> >corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
> >then prompts for the remaining values.
> >
> 
> Neil
> 
> Actually, I think it should be as Florian suggests.  The default
> value of the choice should be one of the values defined as part of
> the choice (the SCTP_DEFAULT_COOKIE_*).  Turning on appropriate
> default would turn on appropriate cookie config
> (SCTP_COOKIE_HMAC_*).
> 
I absolutely disagree.

> Would that save all the config trouble?
> 
Yes, it would fix it as Florian has noted, but at the cost of silently modifying
what the default hmac config vaule is.  If you've expressly disabled
SCTP_COOKIE_HMAC_MD5, and then blindly take the default choice in the
SCTP_DEFAULT_COOKIE selection option (the default default as it were), using the
approach your suggesting, then that will silently enable SCTP_COOKIE_HMAC_MD5
again, which may not be expected by users.  If you expressly have a config
option disabled in an old configuration, we should leave it there.

We're doing the right thing now, IMO.  When presented with a conflictly set
of configuration options, the config utilty is (repeatedly) prompting us to
resolve them.  That seems like a much more reasonable approach to this, than
silently changing pre-existing options so people can do the equivalent of just
blindly pressing enter through the config process (which is all yes "" | make
oldconfig is).

This is a momentary hiccup, corrected by taking 30 seconds to make a manual
config change (or by taking a second to understand what the config utility is
tell us by prompting for a default choice repeatedly).  Theres nothing to fix
here.

Neil

> -vlad
> 
> >Neil
> >
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Vladislav Yasevich Jan. 7, 2013, 3:48 p.m. UTC | #8 
On 01/07/2013 10:38 AM, Neil Horman wrote:
> On Mon, Jan 07, 2013 at 04:15:24PM +0100, Florian Fainelli wrote:
>> Le 01/07/13 15:49, Neil Horman a écrit :
>>> On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
>>>> Hello Neil,
>>>>
>>>> Le 12/15/12 02:22, Neil Horman a écrit :
>>>>> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
>>>>> algorithm selectable.  This is all well and good, but Linus noted that it
>>>>> changes the default config:
>>>>> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
>>>>>
>>>>> I've modified the sctp Kconfig file to reflect the recommended way of making
>>>>> this choice, using the thermal driver example specified, and brought the
>>>>> defaults back into line with the way they were prior to my origional patch
>>>>>
>>>>> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
>>>>> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
>>>>> default.  This also led me to note that we won't honor the default none
>>>>> condition properly because of how sctp_net_init is encoded.  Fix that up as
>>>>> well.
>>>>>
>>>>> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
>>>>> to work soundly.
>>>>>
>>>>> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
>>>>> CC: David Miller <davem@davemloft.net>
>>>>> CC: Linus Torvalds <torvalds@linux-foundation.org>
>>>>> CC: Vlad Yasevich <vyasevich@gmail.com>
>>>>> CC: linux-sctp@vger.kernel.org
>>>>> ---
>>>>>   net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
>>>>>   net/sctp/protocol.c |  4 ++--
>>>>>   2 files changed, 27 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>>>>> index a9edd2e..c262106 100644
>>>>> --- a/net/sctp/Kconfig
>>>>> +++ b/net/sctp/Kconfig
>>>>> @@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
>>>>>   	  'cat /proc/net/sctp/sctp_dbg_objcnt'
>>>>>
>>>>>   	  If unsure, say N
>>>>> +choice
>>>>> +	prompt "Default SCTP cookie HMAC encoding"
>>>>> +	default SCTP_COOKIE_HMAC_MD5
>>>> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
>>>> update to 3.8-rc2, and I usually build my kernel-headers with:
>>>>
>>>> yes '' | ARCH=foo make oldconfig
>>>>
>>>> and this just kept asking me for this config symbol because none
>>>> could be provided.
>>>> --
>>>> Florian
>>>>
>>> No, the config mechanism is setup to offer the user the ability to choose a
>>> default cookie hmac, alg, then optionally select any other hmac algs you would
>>> like to be made available (in the event you want to change the default at run
>>> time).  When you select the default, it eables (via the select directive), the
>>> corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
>>> then prompts for the remaining values.
>>
>> Ok for the explanation, but this still breaks an oldconfig because
>> we do not actually propose the user with a default choice:
>>
>>      choice[1-3?]:     Default SCTP cookie HMAC encoding
>>        1. Enable optional MD5 hmac cookie generation
>> (SCTP_DEFAULT_COOKIE_HMAC_MD5) (NEW)
>>        2. Enable optional SHA1 hmac cookie generation
>> (SCTP_DEFAULT_COOKIE_HMAC_SHA1) (NEW)
>>        3. Use no hmac alg in SCTP cookie generation
>> (SCTP_DEFAULT_COOKIE_HMAC_NONE) (NEW)
>>
>> I do not see any difference in what I am proposed if the default
>> config symbol is SCTP_DEFAULT_COOKIE_HMAC_MD5, I can still
>> optionally choose SHA1 to be supported, and I do have a valid
>> default config for this choice. While if I keep SCTP_COOKIE_HMAC_MD5
> No, thats the problem, your old config is no longer valid with this new Kconfig
> file.  Your config is telling the config utility that you want your default
> Cookie hmac to be MD5, but you've explicitly told it (via your yes "" | make
> oldconfig command), that you want SCTP_COOKIE_HMAC_MD5 to be disabled, so the
> config utility is left with no choice to prompt you again for a default hmac,
> which your command answers again by saying SCTP_DEFAULT_COOKIE_HMAC_MD5 (the
> default choice of 1).  Thats your loop, you keep telling the config utility that
> you both want the default hmac to be md5, and that you don't want to allow md5
> to be an available hmac alg.
>
> Thats not a bug.  I'm sorry if your old configuration needs manual updating, but
> there are no guarantees that old configurations will 'just work' in perpituity.
>

Neil

Actually, I think we have a bug in the config.  Look at the thermal 
driver config again.  It has:

choice
         prompt "Default Thermal governor"
         default THERMAL_DEFAULT_GOV_STEP_WISE

config THERMAL_DEFAULT_GOV_STEP_WISE
	...
config THERMAL_DEFAULT_GOV_FAIR_SHARE
	...
config THERMAL_DEFAULT_GOV_USER_SPACE
	...
endchoice


SCTP has:

choice
         prompt "Default SCTP cookie HMAC encoding"
         default SCTP_COOKIE_HMAC_MD5

config SCTP_DEFAULT_COOKIE_HMAC_MD5
	...
config SCTP_DEFAULT_COOKIE_HMAC_SHA1
	...
config SCTP_DEFAULT_COOKIE_HMAC_NONE
	...
endchoice

See the difference?  The default value of the choice statement needs to
be one of the available choices.

-vlad



> Neil
>
>> as the default I have to manually enter which option I want.
>> --
>> Florian
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Vladislav Yasevich Jan. 7, 2013, 4:39 p.m. UTC | #9 
On 01/07/2013 10:46 AM, Neil Horman wrote:
> On Mon, Jan 07, 2013 at 10:32:01AM -0500, Vlad Yasevich wrote:
>> On 01/07/2013 09:49 AM, Neil Horman wrote:
>>> On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
>>>> Hello Neil,
>>>>
>>>> Le 12/15/12 02:22, Neil Horman a écrit :
>>>>> Recently I posted commit 3c68198e75 which made selection of the cookie hmac
>>>>> algorithm selectable.  This is all well and good, but Linus noted that it
>>>>> changes the default config:
>>>>> http://marc.info/?l=linux-netdev&m=135536629004808&w=2
>>>>>
>>>>> I've modified the sctp Kconfig file to reflect the recommended way of making
>>>>> this choice, using the thermal driver example specified, and brought the
>>>>> defaults back into line with the way they were prior to my origional patch
>>>>>
>>>>> Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
>>>>> algorithm, so we don't needlessly bloat the kernel by forcing a non-none
>>>>> default.  This also led me to note that we won't honor the default none
>>>>> condition properly because of how sctp_net_init is encoded.  Fix that up as
>>>>> well.
>>>>>
>>>>> Tested by myself (allbeit fairly quickly).  All configuration combinations seems
>>>>> to work soundly.
>>>>>
>>>>> Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
>>>>> CC: David Miller <davem@davemloft.net>
>>>>> CC: Linus Torvalds <torvalds@linux-foundation.org>
>>>>> CC: Vlad Yasevich <vyasevich@gmail.com>
>>>>> CC: linux-sctp@vger.kernel.org
>>>>> ---
>>>>>   net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
>>>>>   net/sctp/protocol.c |  4 ++--
>>>>>   2 files changed, 27 insertions(+), 4 deletions(-)
>>>>>
>>>>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>>>>> index a9edd2e..c262106 100644
>>>>> --- a/net/sctp/Kconfig
>>>>> +++ b/net/sctp/Kconfig
>>>>> @@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
>>>>>   	  'cat /proc/net/sctp/sctp_dbg_objcnt'
>>>>>
>>>>>   	  If unsure, say N
>>>>> +choice
>>>>> +	prompt "Default SCTP cookie HMAC encoding"
>>>>> +	default SCTP_COOKIE_HMAC_MD5
>>>>
>>>> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
>>>> update to 3.8-rc2, and I usually build my kernel-headers with:
>>>>
>>>> yes '' | ARCH=foo make oldconfig
>>>>
>>>> and this just kept asking me for this config symbol because none
>>>> could be provided.
>>>> --
>>>> Florian
>>>>
>>>
>>> No, the config mechanism is setup to offer the user the ability to choose a
>>> default cookie hmac, alg, then optionally select any other hmac algs you would
>>> like to be made available (in the event you want to change the default at run
>>> time).  When you select the default, it eables (via the select directive), the
>>> corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
>>> then prompts for the remaining values.
>>>
>>
>> Neil
>>
>> Actually, I think it should be as Florian suggests.  The default
>> value of the choice should be one of the values defined as part of
>> the choice (the SCTP_DEFAULT_COOKIE_*).  Turning on appropriate
>> default would turn on appropriate cookie config
>> (SCTP_COOKIE_HMAC_*).
>>
> I absolutely disagree.
>
>> Would that save all the config trouble?
>>
> Yes, it would fix it as Florian has noted, but at the cost of silently modifying
> what the default hmac config vaule is.  If you've expressly disabled
> SCTP_COOKIE_HMAC_MD5, and then blindly take the default choice in the
> SCTP_DEFAULT_COOKIE selection option (the default default as it were), using the
> approach your suggesting, then that will silently enable SCTP_COOKIE_HMAC_MD5
> again, which may not be expected by users.  If you expressly have a config
> option disabled in an old configuration, we should leave it there.

GACK.  Just reproduced this and I really don't like this infinite loop 
of choice prompts.  That's a horrible bug and we need to fix this.

I don't think overriding the value is that big of a deal, especially 
considering that this is exactly what 'make menuconfig' and other 
graphical configs will do.
If I start with:
	CONFIG_IP_SCTP=m
	CONFIG_NET_SCTPPROBE=m
	# CONFIG_SCTP_DBG_MSG is not set
	# CONFIG_SCTP_DBG_OBJCNT is not set
	# CONFIG_SCTP_HMAC_NONE is not set
	CONFIG_SCTP_HMAC_SHA1=y
	# CONFIG_SCTP_HMAC_MD5 is not set

then run:
	yes "" | make oldconfig

I get an infinite loop.

If I run "make menuconfig", I get:
	CONFIG_IP_SCTP=m
	CONFIG_NET_SCTPPROBE=m
	# CONFIG_SCTP_DBG_MSG is not set
	# CONFIG_SCTP_DBG_OBJCNT is not set
	CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
	# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set
	# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
	CONFIG_SCTP_COOKIE_HMAC_MD5=y
	# CONFIG_SCTP_COOKIE_HMAC_SHA1 is not set

Note, that SHA1 is now overridden with MD5.

If I change the value of the default choice in Kconfig, the behavior 
between oldconfig and menuconfig is the same.

-vlad







>
> We're doing the right thing now, IMO.  When presented with a conflictly set
> of configuration options, the config utilty is (repeatedly) prompting us to
> resolve them.  That seems like a much more reasonable approach to this, than
> silently changing pre-existing options so people can do the equivalent of just
> blindly pressing enter through the config process (which is all yes "" | make
> oldconfig is).
>
> This is a momentary hiccup, corrected by taking 30 seconds to make a manual
> config change (or by taking a second to understand what the config utility is
> tell us by prompting for a default choice repeatedly).  Theres nothing to fix
> here.
>
> Neil
>
>> -vlad
>>
>>> Neil
>>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Fainelli Jan. 8, 2013, 5:36 p.m. UTC | #10 
Le 01/07/13 16:48, Vlad Yasevich a écrit :
> No, thats the problem, your old config is no longer valid with this 
> new Kconfig
>> file.  Your config is telling the config utility that you want your 
>> default
>> Cookie hmac to be MD5, but you've explicitly told it (via your yes "" 
>> | make
>> oldconfig command), that you want SCTP_COOKIE_HMAC_MD5 to be 
>> disabled, so the
>> config utility is left with no choice to prompt you again for a 
>> default hmac,
>> which your command answers again by saying 
>> SCTP_DEFAULT_COOKIE_HMAC_MD5 (the
>> default choice of 1).  Thats your loop, you keep telling the config 
>> utility that
>> you both want the default hmac to be md5, and that you don't want to 
>> allow md5
>> to be an available hmac alg.
>>
>> Thats not a bug.  I'm sorry if your old configuration needs manual 
>> updating, but
>> there are no guarantees that old configurations will 'just work' in 
>> perpituity.
>>
>
> Neil
>
> Actually, I think we have a bug in the config.  Look at the thermal 
> driver config again.  It has:
>
> choice
>         prompt "Default Thermal governor"
>         default THERMAL_DEFAULT_GOV_STEP_WISE
>
> config THERMAL_DEFAULT_GOV_STEP_WISE
>     ...
> config THERMAL_DEFAULT_GOV_FAIR_SHARE
>     ...
> config THERMAL_DEFAULT_GOV_USER_SPACE
>     ...
> endchoice
>
>
> SCTP has:
>
> choice
>         prompt "Default SCTP cookie HMAC encoding"
>         default SCTP_COOKIE_HMAC_MD5
>
> config SCTP_DEFAULT_COOKIE_HMAC_MD5
>     ...
> config SCTP_DEFAULT_COOKIE_HMAC_SHA1
>     ...
> config SCTP_DEFAULT_COOKIE_HMAC_NONE
>     ...
> endchoice
>
> See the difference?  The default value of the choice statement needs to
> be one of the available choices.

Right, since none of the config symbols actually exist when migrating 
from and oldconfig we are still being prompted, which is just fine 
actually. Having the config symbol being the default a member of the 
choice/endchoice section is what should be expected.
--
Florian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
index a9edd2e..c262106 100644
--- a/net/sctp/Kconfig
+++ b/net/sctp/Kconfig
@@ -66,12 +66,36 @@  config SCTP_DBG_OBJCNT
 	  'cat /proc/net/sctp/sctp_dbg_objcnt'
 
 	  If unsure, say N
+choice
+	prompt "Default SCTP cookie HMAC encoding"
+	default SCTP_COOKIE_HMAC_MD5
+	help
+	  This option sets the default sctp cookie hmac algorithm
+	  when in doubt select 'md5'
+
+config SCTP_DEFAULT_COOKIE_HMAC_MD5
+	bool "Enable optional MD5 hmac cookie generation"
+	help
+	  Enable optional MD5 hmac based SCTP cookie generation
+	select SCTP_COOKIE_HMAC_MD5
+
+config SCTP_DEFAULT_COOKIE_HMAC_SHA1
+	bool "Enable optional SHA1 hmac cookie generation"
+	help
+	  Enable optional SHA1 hmac based SCTP cookie generation
+	select SCTP_COOKIE_HMAC_SHA1
+
+config SCTP_DEFAULT_COOKIE_HMAC_NONE
+	bool "Use no hmac alg in SCTP cookie generation"
+	help
+	  Use no hmac algorithm in SCTP cookie generation
+
+endchoice
 
 config SCTP_COOKIE_HMAC_MD5
 	bool "Enable optional MD5 hmac cookie generation"
 	help
 	  Enable optional MD5 hmac based SCTP cookie generation
-	default y
 	select CRYPTO_HMAC if SCTP_COOKIE_HMAC_MD5
 	select CRYPTO_MD5 if SCTP_COOKIE_HMAC_MD5
 
@@ -79,7 +103,6 @@  config SCTP_COOKIE_HMAC_SHA1
 	bool "Enable optional SHA1 hmac cookie generation"
 	help
 	  Enable optional SHA1 hmac based SCTP cookie generation
-	default y
 	select CRYPTO_HMAC if SCTP_COOKIE_HMAC_SHA1
 	select CRYPTO_SHA1 if SCTP_COOKIE_HMAC_SHA1
 
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 2c7785b..f898b1c 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1191,9 +1191,9 @@  static int __net_init sctp_net_init(struct net *net)
 	net->sctp.cookie_preserve_enable 	= 1;
 
 	/* Default sctp sockets to use md5 as their hmac alg */
-#if defined (CONFIG_CRYPTO_MD5)
+#if defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5)
 	net->sctp.sctp_hmac_alg			= "md5";
-#elif defined (CONFIG_CRYPTO_SHA1)
+#elif defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1)
 	net->sctp.sctp_hmac_alg			= "sha1";
 #else
 	net->sctp.sctp_hmac_alg			= NULL;