From patchwork Mon Nov 23 22:23:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Neuman X-Patchwork-Id: 1405170 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=nutanix.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nutanix.com header.i=@nutanix.com header.a=rsa-sha256 header.s=proofpoint20171006 header.b=wlXc4miX; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cg1rs4Q8Vz9sSf for ; Tue, 24 Nov 2020 09:23:41 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 92B3C85CA3; Mon, 23 Nov 2020 22:23:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-l9YQgkehlc; Mon, 23 Nov 2020 22:23:36 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id DB2D3855BE; Mon, 23 Nov 2020 22:23:36 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id AD3EFC163C; Mon, 23 Nov 2020 22:23:36 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 6EB00C0052 for ; Mon, 23 Nov 2020 22:23:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 31C1A20517 for ; Mon, 23 Nov 2020 22:23:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BD5wXzjnOksD for ; Mon, 23 Nov 2020 22:23:32 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx0b-002c1b01.pphosted.com (mx0b-002c1b01.pphosted.com [148.163.155.12]) by silver.osuosl.org (Postfix) with ESMTPS id 60E08204F0 for ; Mon, 23 Nov 2020 22:23:32 +0000 (UTC) Received: from pps.filterd (m0127844.ppops.net [127.0.0.1]) by mx0b-002c1b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0ANMLsxt022620 for ; Mon, 23 Nov 2020 14:23:31 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com; h=to : from : subject : message-id : date : content-type : mime-version; s=proofpoint20171006; bh=2dP6oxN0uoW2wH+rTuBbZOhmr9m0+qbJaPnLSEYMP4M=; b=wlXc4miXu51fSuMCA7eM6z6m84B8MZBja4LOvyxifTDLTtdQ3luGr68l97y18QtS+wqe LKxK0i+GfjSy6oMv/rG/yx6EEnnfOLh0KhMYoXWYnL4d/g3N7tFnAKavQPT1XrKZGvGM l/8PyP8rt7tJf6gV4+M/RvRpGmBHe09bJ9p/bMy+hcfOeUHaPqkKDTXQCeoLAemRXl18 zSd2f2RR8270+RhXpOA0Z3+HDIMQs/2okaEd43FC+zeMQ5WOZEmW04Tn9oWfHxiEo/kM cgfnFW/D71Cmyer10mNzBuVPJTeBbdmFQc/qitpRFwot5V9JkVInCnVri2TxDHzTi5rd +A== Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2175.outbound.protection.outlook.com [104.47.56.175]) by mx0b-002c1b01.pphosted.com with ESMTP id 34y3a54fq2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Nov 2020 14:23:31 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oNhGaURRad2X/VC4MIduhDXqH4cf/m4ypykHrnca6zj8kAjcadj7Xi7QVm9TrwxoeQ1POqzzzIn8Wh6+4XgMdlBLAVcg2WpCXECPvw6vPWKMYTK5SdBCsnKUdVbtQqtGpjCh1lxVdiPSWhhMWRqhefF/95bQWc+S8KXf8eNqP/cgIczy+WC2pB5ttDw+FU6KnbKCWXNYjAgELylQOnBsgbOYEmqtqEC+KajZWVQaIu73W3e8z2615qo/xOFwQyL8H0kGSSlK89HqexYQr/02JDOvkE9sFnn38H7GPsYCyLtICkTXcd0+eHF4/6xU6EITfP3fNsSkYH59Ek5j4KVymQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2dP6oxN0uoW2wH+rTuBbZOhmr9m0+qbJaPnLSEYMP4M=; b=INg+yiOOFHgyLrEh4jm09YBx6XPahpdRB1jukXvws9291Cf59owgoqsdg5wMbC3fSuC2dj8yTqdreAWNsOWgZWms+yHfIBDHwNgIi2xSZf+YhC20atvFVLaTLC1QMk86JyPOViu71q7R0V8yX9WoCe1wuGVZukBmNBRFRM3qRYSKF1VHa+QwHgZwvnBCToO1pJtfWg66XksKowDz+4qPHsHD3FBGqMm10ICP7I7OuL0S0e3cFMuT5e73eU0jvFaxHOjG/6hyYwqNjxYgUUP4pQx7kls++iXlbP7RgRSXncVz0mQstqC9PqErW4BMb8dSVNyi7a2i6G/FPr/faun1mA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nutanix.com; dmarc=pass action=none header.from=nutanix.com; dkim=pass header.d=nutanix.com; arc=none Authentication-Results: openvswitch.org; dkim=none (message not signed) header.d=none;openvswitch.org; dmarc=none action=none header.from=nutanix.com; Received: from MWHPR02MB2432.namprd02.prod.outlook.com (2603:10b6:300:42::19) by MWHPR02MB2478.namprd02.prod.outlook.com (2603:10b6:300:41::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Mon, 23 Nov 2020 22:23:28 +0000 Received: from MWHPR02MB2432.namprd02.prod.outlook.com ([fe80::59c3:f6eb:e07e:3f7]) by MWHPR02MB2432.namprd02.prod.outlook.com ([fe80::59c3:f6eb:e07e:3f7%11]) with mapi id 15.20.3589.030; Mon, 23 Nov 2020 22:23:28 +0000 To: ovs-dev@openvswitch.org From: Thomas Neuman Message-ID: <310a47ca-7f78-b5d1-1d3f-7e52ea0f5dd8@nutanix.com> Date: Mon, 23 Nov 2020 14:23:25 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 Content-Language: en-US X-Originating-IP: [2601:600:9d80:dfa0:70db:6939:c724:3c5f] X-ClientProxiedBy: BY5PR17CA0046.namprd17.prod.outlook.com (2603:10b6:a03:167::23) To MWHPR02MB2432.namprd02.prod.outlook.com (2603:10b6:300:42::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [IPv6:2601:600:9d80:dfa0:70db:6939:c724:3c5f] (2601:600:9d80:dfa0:70db:6939:c724:3c5f) by BY5PR17CA0046.namprd17.prod.outlook.com (2603:10b6:a03:167::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.21 via Frontend Transport; Mon, 23 Nov 2020 22:23:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 07dd7f1d-c8a3-4173-44b3-08d88ffe66bf X-MS-TrafficTypeDiagnostic: MWHPR02MB2478: X-Microsoft-Antispam-PRVS: x-proofpoint-crosstenant: true X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hsfkN2mWfHdf7dGv34f21+s4MU2J236dk7TUe9IE243x5rqO0vyt/AbLKyJmZ3Cf5Tf+vMyo/Y9eM533P2dmqg/hfrQIXe1GiZD+K1LN2dIqsPtVtbcnMOoUageinRa0L5MxgKBLmHS3M218S1MsdyMgLL/wDYFtEzLWtYtaIsyak+2LShFAytHvKrLDA89rAOeLQa6rmXjOg3HZrm+zY85VHrZjZLbJzG7NgaPykJ54Z56kXMTPy5AN0ZZpX+wJ2YcBn0V1U5uA6XskU+wDNxThBVgH+ZDvswJazUl76EjuJo53D48KwRXUgNXzo0CVP/fBN7fj/TwZfZKegAcOi1en+8g/N29iW/zKgrLk0sejCjanclvknKLPI4O8hVSb X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR02MB2432.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(346002)(39860400002)(366004)(376002)(5660300002)(478600001)(86362001)(44832011)(8676002)(316002)(33964004)(31696002)(36756003)(53546011)(66556008)(8936002)(83380400001)(6486002)(6916009)(66946007)(186003)(31686004)(2906002)(2616005)(66476007)(16526019)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?L5zfl8qRj+APHbxdcxbOHl+L2hJJwR?= =?utf-8?q?YEGk76gW4U+EVA8qBAD6p4yPNK6LpDEaK99wW+Sn/n2vIcOzOWmuiZDYGPwys/XNV?= =?utf-8?q?z7Hk6MQEB1j8W0Eq8msrKA/9/B6Ew2qb4tcSo08OBQ+FlpIdxcgBpjythwHCK21Rx?= =?utf-8?q?NQ8jMWuXnt007f+t0XD8t8R5QUlNfxuqtTXpIyWDJH1NTdYWpuRVxCxv6vix736BP?= =?utf-8?q?pJV7yVT6f8McXUgFWMmxLyw/5NNtKbnz2Q3+wmW/rEAOB1BLp+uNus048bBnQ5GAe?= =?utf-8?q?4LaebN9bUjhK6ZJcWaLSbwiQzg1AaFFvJ3JG9YOX94qKhyta7d9IxPpbgPJ6nT9W3?= =?utf-8?q?Jcmo/2iKElGf1BtSz8rP2UhZ+LnV2lku+plLg01KHsE3tQEuqXErZ2mSOCAm7hfBp?= =?utf-8?q?hSvFgPfmh10WWgLo1Gany+IK2eHMcUEh1UgAVXb9nagpZLw04/GO8HNWEhGb20Agx?= =?utf-8?q?cywzIvdL40KOwV59UkQYuh2hJHYhIHvkbd687nx0DHk7DXKGB0UmN0jPH3NAYG3Co?= =?utf-8?q?z2X8muMoB1QKsOJNXZaDkntfCiZMVThAlnOnqwH2wgt0CQNP5PUxLYY4EFFpEoiDv?= =?utf-8?q?78ot3LkXNVVPP1Sr0fdsHlZvpLE/mqRnuUMV0dpdwB2h7Vpasi2dV9Sh81EWqKrh2?= =?utf-8?q?P8dewV4AY3Vixa3dIVevcXmWDzddffODjmXsbrVOAyYivzr6UnSOMyhQ2JF4f7Coj?= =?utf-8?q?yVRGswM1tTs67xFvYqOWrqf0GWdUvZAysOAHaW2slHT+Y1Di3v9nwgCEwc3dIsKfk?= =?utf-8?q?0UORYyZDF3blz9kBU+pLH0xDcVGd4DlQa+WHGwsnO/Jvf023t2eyTR+XDVV6QVEsS?= =?utf-8?q?a0VN+/Mcp772mNU8BBzpKLyGfNkimwsm+DM2TseTuyKZdnHEx0RDkJ2qumYQXJA2S?= =?utf-8?q?OQDzwo3qmQGLSeqXGjs7gWBT65sz6edOpZq/3igWsA=3D=3D?= X-OriginatorOrg: nutanix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 07dd7f1d-c8a3-4173-44b3-08d88ffe66bf X-MS-Exchange-CrossTenant-AuthSource: MWHPR02MB2432.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Nov 2020 22:23:28.2430 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gClTdATJpZwu6+eSPB5MD46b9tnQBFjjDIH9aAFPMusVfbGA32fqEcnOrTj+0Y/4XBuDDfLSizsb6HnnQkMyWFKljaUe53dV00lmrtC9FSs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR02MB2478 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-23_19:2020-11-23, 2020-11-23 signatures=0 X-Proofpoint-Spam-Reason: safe X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [ovs-dev] [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From 417ed338179d9856334e9b738abd71952581785a Mon Sep 17 00:00:00 2001 From: Thomas Neuman Date: Mon, 23 Nov 2020 21:02:08 +0000 Subject: [PATCH branch-2.11] stream-ssl: Make 'stream_ssl_set_key_and_cert' atomic When attempting to set the SSL key and cert via this function, first we check whether both the private key and certificate have been changed, via a pair of calls to 'update_ssl_config'. However, these calls modify the config which are being checked for changes. In order for updates to be recognized atomically with respect to the two files, we need to revert any changes made during the check. Signed-off-by: Thomas Neuman --- lib/stream-ssl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) -- 2.22.3 diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 343dced58..7bcc37864 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1161,10 +1161,15 @@ void stream_ssl_set_key_and_cert(const char *private_key_file, const char *certificate_file) { - if (update_ssl_config(&private_key, private_key_file) - && update_ssl_config(&certificate, certificate_file)) { - stream_ssl_set_certificate_file__(certificate_file); - stream_ssl_set_private_key_file__(private_key_file); + struct timespec orig_mtime = private_key.mtime; + if (update_ssl_config(&private_key, private_key_file)) { + if (update_ssl_config(&certificate, certificate_file)) { + stream_ssl_set_certificate_file__(certificate_file); + stream_ssl_set_private_key_file__(private_key_file); + } else { + // Revert the change performed by 'update_ssl_config'. + private_key.mtime = orig_mtime; + } } }