netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Harald Welte <laforge@gnumonks.org>
To: Xin Long <lucien.xin@gmail.com>
Cc: network dev <netdev@vger.kernel.org>,
	linux-sctp@vger.kernel.org,
	Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	Neil Horman <nhorman@tuxdriver.com>,
	davem@davemloft.net, Julien Gomes <julien@arista.com>
Subject: ABI breakage in sctp_event_subscribe (was [PATCH net-next 0/4] sctp: add some missing events from rfc5061)
Date: Sun, 19 Apr 2020 12:25:36 +0200	[thread overview]
Message-ID: <20200419102536.GA4127396@nataraja> (raw)
In-Reply-To: <cover.1570534014.git.lucien.xin@gmail.com>

Dear Linux SCTP developers,

this patchset (merged back in Q4/2019) has broken ABI compatibility, more
or less exactly as it was discussed/predicted in Message-Id
<20190206201430.18830-1-julien@arista.com>
"[PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
on this very list in February 2019.

The process to reproduce this is quite simple:
* upgrade your kernel / uapi headers to a later version (happens
  automatically on most distributions as linux-libc-dev is upgraded)
* rebuild any application using SCTP_EVENTS which was working perfectly
  fine before
* fail to execute on any older kernels

This can be a severe issue in production systems where you may not
upgrade the kernel until/unless a severe security issue actually makes
you do so.

Those steps above can very well happen on different machines, i.e. your
build server having a more recent linux-libc-dev package (and hence
linux/sctp.h) than some of the users in the field are running kernels.

I think this is a severe problem that affects portability of binaries
between differnt Linux versions and hence the kind of ABI breakage that
the kernel exactly doesn't want to have.

The point here is that there is no check if any of those newly-added
events at the end are actually used.  I can accept that programs using
those new options will not run on older kernels - obviously.  But old
programs that have no interest in new events being added should run just
fine, even if rebuilt against modern headers.

In the kernel setsockopt handling coee: Why not simply check if any of
the newly-added events are actually set to non-zero?  If those are all
zero, we can assume that the code doesn't use them.

Yes, for all the existing kernels out there it's too late as they simply
only have the size based check.  But I'm worried history will repeat
itself...

Thanks for your consideration.

-- 
- Harald Welte <laforge@gnumonks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

  parent reply	other threads:[~2020-04-19 10:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-08 11:27 [PATCH net-next 0/4] sctp: add some missing events from rfc5061 Xin Long
2019-10-08 11:27 ` [PATCH net-next 1/4] sctp: add SCTP_ADDR_ADDED event Xin Long
2019-10-08 11:27   ` [PATCH net-next 2/4] sctp: add SCTP_ADDR_REMOVED event Xin Long
2019-10-08 11:27     ` [PATCH net-next 3/4] sctp: add SCTP_ADDR_MADE_PRIM event Xin Long
2019-10-08 11:27       ` [PATCH net-next 4/4] sctp: add SCTP_SEND_FAILED_EVENT event Xin Long
2019-10-09 18:13 ` [PATCH net-next 0/4] sctp: add some missing events from rfc5061 Neil Horman
2019-10-10  0:13 ` Jakub Kicinski
2020-04-19 10:25 ` Harald Welte [this message]
2020-05-01 13:16   ` ABI breakage in sctp_event_subscribe (was [PATCH net-next 0/4] sctp: add some missing events from rfc5061) Harald Welte
2020-05-01 14:20     ` Marcelo Ricardo Leitner
2020-06-01 10:46       ` Harald Welte
2020-06-01 12:14   ` Neil Horman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200419102536.GA4127396@nataraja \
    --to=laforge@gnumonks.org \
    --cc=davem@davemloft.net \
    --cc=julien@arista.com \
    --cc=linux-sctp@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=marcelo.leitner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).