[1/2] rtnetlink: Warn when interface's information won't fit in our packet

Without IFLA_EXT_MASK specified, the information reported for a single
interface in response to RTM_GETLINK is expected to fit within a netlink
packet of NLMSG_GOODSIZE.

If it doesn't, however, things will go badly wrong,  When listing all
interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
message in a packet as the end of the listing and omit information for
that interface and all subsequent ones.  This can cause getifaddrs(3) to
enter an infinite loop.

This patch won't fix the problem, but it will WARN_ON() making it easier to
track down what's going wrong.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 net/core/rtnetlink.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

Wed, Apr 23, 2014 at 09:21:04AM CEST, david@gibson.dropbear.id.au wrote:
>Without IFLA_EXT_MASK specified, the information reported for a single
>interface in response to RTM_GETLINK is expected to fit within a netlink
>packet of NLMSG_GOODSIZE.
>
>If it doesn't, however, things will go badly wrong,  When listing all
>interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
>message in a packet as the end of the listing and omit information for
>that interface and all subsequent ones.  This can cause getifaddrs(3) to
>enter an infinite loop.
>
>This patch won't fix the problem, but it will WARN_ON() making it easier to
>track down what's going wrong.
>
>Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>---
> net/core/rtnetlink.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
>diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
>index d4ff417..5331db2 100644
>--- a/net/core/rtnetlink.c
>+++ b/net/core/rtnetlink.c
>@@ -1198,6 +1198,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> 	struct hlist_head *head;
> 	struct nlattr *tb[IFLA_MAX+1];
> 	u32 ext_filter_mask = 0;
>+	int err;
> 
> 	s_h = cb->args[0];
> 	s_idx = cb->args[1];
>@@ -1218,11 +1219,16 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> 		hlist_for_each_entry_rcu(dev, head, index_hlist) {
> 			if (idx < s_idx)
> 				goto cont;
>-			if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
>-					     NETLINK_CB(cb->skb).portid,
>-					     cb->nlh->nlmsg_seq, 0,
>-					     NLM_F_MULTI,
>-					     ext_filter_mask) <= 0)
>+			err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
>+					       NETLINK_CB(cb->skb).portid,
>+					       cb->nlh->nlmsg_seq, 0,
>+					       NLM_F_MULTI,
>+					       ext_filter_mask);
>+			/* If we ran out of room on the first message,
>+			 * we're in trouble */
>+			WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
>+
>+			if (err <= 0)
			if (err)

> 				goto out;
> 
> 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
>-- 
>1.9.0
>
>--
>To unsubscribe from this list: send the line "unsubscribe netdev" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Wed, Apr 23, 2014 at 11:09:05AM +0200, Jiri Pirko wrote:
> Wed, Apr 23, 2014 at 09:21:04AM CEST, david@gibson.dropbear.id.au wrote:
> >Without IFLA_EXT_MASK specified, the information reported for a single
> >interface in response to RTM_GETLINK is expected to fit within a netlink
> >packet of NLMSG_GOODSIZE.
> >
> >If it doesn't, however, things will go badly wrong,  When listing all
> >interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
> >message in a packet as the end of the listing and omit information for
> >that interface and all subsequent ones.  This can cause getifaddrs(3) to
> >enter an infinite loop.
> >
> >This patch won't fix the problem, but it will WARN_ON() making it easier to
> >track down what's going wrong.
> >
> >Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> >---
> > net/core/rtnetlink.c | 16 +++++++++++-----
> > 1 file changed, 11 insertions(+), 5 deletions(-)
> >
> >diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> >index d4ff417..5331db2 100644
> >--- a/net/core/rtnetlink.c
> >+++ b/net/core/rtnetlink.c
> >@@ -1198,6 +1198,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> > 	struct hlist_head *head;
> > 	struct nlattr *tb[IFLA_MAX+1];
> > 	u32 ext_filter_mask = 0;
> >+	int err;
> > 
> > 	s_h = cb->args[0];
> > 	s_idx = cb->args[1];
> >@@ -1218,11 +1219,16 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> > 		hlist_for_each_entry_rcu(dev, head, index_hlist) {
> > 			if (idx < s_idx)
> > 				goto cont;
> >-			if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> >-					     NETLINK_CB(cb->skb).portid,
> >-					     cb->nlh->nlmsg_seq, 0,
> >-					     NLM_F_MULTI,
> >-					     ext_filter_mask) <= 0)
> >+			err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> >+					       NETLINK_CB(cb->skb).portid,
> >+					       cb->nlh->nlmsg_seq, 0,
> >+					       NLM_F_MULTI,
> >+					       ext_filter_mask);
> >+			/* If we ran out of room on the first message,
> >+			 * we're in trouble */
> >+			WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
> >+
> >+			if (err <= 0)
> 			if (err)

<= 0 was what the original version had.  Why do you think it should be
changed to != 0?

Wed, Apr 23, 2014 at 01:41:20PM CEST, david@gibson.dropbear.id.au wrote:
>On Wed, Apr 23, 2014 at 11:09:05AM +0200, Jiri Pirko wrote:
>> Wed, Apr 23, 2014 at 09:21:04AM CEST, david@gibson.dropbear.id.au wrote:
>> >Without IFLA_EXT_MASK specified, the information reported for a single
>> >interface in response to RTM_GETLINK is expected to fit within a netlink
>> >packet of NLMSG_GOODSIZE.
>> >
>> >If it doesn't, however, things will go badly wrong,  When listing all
>> >interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
>> >message in a packet as the end of the listing and omit information for
>> >that interface and all subsequent ones.  This can cause getifaddrs(3) to
>> >enter an infinite loop.
>> >
>> >This patch won't fix the problem, but it will WARN_ON() making it easier to
>> >track down what's going wrong.
>> >
>> >Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>> >---
>> > net/core/rtnetlink.c | 16 +++++++++++-----
>> > 1 file changed, 11 insertions(+), 5 deletions(-)
>> >
>> >diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
>> >index d4ff417..5331db2 100644
>> >--- a/net/core/rtnetlink.c
>> >+++ b/net/core/rtnetlink.c
>> >@@ -1198,6 +1198,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
>> > 	struct hlist_head *head;
>> > 	struct nlattr *tb[IFLA_MAX+1];
>> > 	u32 ext_filter_mask = 0;
>> >+	int err;
>> > 
>> > 	s_h = cb->args[0];
>> > 	s_idx = cb->args[1];
>> >@@ -1218,11 +1219,16 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
>> > 		hlist_for_each_entry_rcu(dev, head, index_hlist) {
>> > 			if (idx < s_idx)
>> > 				goto cont;
>> >-			if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
>> >-					     NETLINK_CB(cb->skb).portid,
>> >-					     cb->nlh->nlmsg_seq, 0,
>> >-					     NLM_F_MULTI,
>> >-					     ext_filter_mask) <= 0)
>> >+			err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
>> >+					       NETLINK_CB(cb->skb).portid,
>> >+					       cb->nlh->nlmsg_seq, 0,
>> >+					       NLM_F_MULTI,
>> >+					       ext_filter_mask);
>> >+			/* If we ran out of room on the first message,
>> >+			 * we're in trouble */
>> >+			WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
>> >+
>> >+			if (err <= 0)
>> 			if (err)
>
><= 0 was what the original version had.  Why do you think it should be
>changed to != 0?

You are right. I misread rtnl_fill_ifinfo.

>
>-- 
>David Gibson			| I'll have my music baroque, and my code
>david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
>				| _way_ _around_!
>http://www.ozlabs.org/~dgibson


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hello.

On 23-04-2014 11:21, David Gibson wrote:

> Without IFLA_EXT_MASK specified, the information reported for a single
> interface in response to RTM_GETLINK is expected to fit within a netlink
> packet of NLMSG_GOODSIZE.

> If it doesn't, however, things will go badly wrong,  When listing all
> interfaces, netlink_dump() will incorrectly treat -EMSGSIZE on the first
> message in a packet as the end of the listing and omit information for
> that interface and all subsequent ones.  This can cause getifaddrs(3) to
> enter an infinite loop.

> This patch won't fix the problem, but it will WARN_ON() making it easier to
> track down what's going wrong.

> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
>   net/core/rtnetlink.c | 16 +++++++++++-----
>   1 file changed, 11 insertions(+), 5 deletions(-)

> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index d4ff417..5331db2 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
[...]
> @@ -1218,11 +1219,16 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
>   		hlist_for_each_entry_rcu(dev, head, index_hlist) {
>   			if (idx < s_idx)
>   				goto cont;
> -			if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> -					     NETLINK_CB(cb->skb).portid,
> -					     cb->nlh->nlmsg_seq, 0,
> -					     NLM_F_MULTI,
> -					     ext_filter_mask) <= 0)
> +			err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
> +					       NETLINK_CB(cb->skb).portid,
> +					       cb->nlh->nlmsg_seq, 0,
> +					       NLM_F_MULTI,
> +					       ext_filter_mask);
> +			/* If we ran out of room on the first message,
> +			 * we're in trouble */

    Hm, comment style... multi-line comments in the networking code should 
look like this:

/* bla
  * bla
  */

> +			WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
> +
> +			if (err <= 0)

WBR, Sergei

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html