Re: [PATCH 0/2] Add support for setting netlink backend string

To: Wouter Verhelst <w@uter.be>
Cc: nbd@other.debian.org, stefanha@redhat.com
Subject: Re: [PATCH 0/2] Add support for setting netlink backend string
From: Eric Blake <eblake@redhat.com>
Date: Sat, 21 Dec 2024 12:59:59 -0600
Message-id: <[🔎] ynw7fbsiuwuzl7ghuixdmkbezq4huch7yhuhi457f2iwmlirmz@fp7bavolyuda>
In-reply-to: <[🔎] Z2VMn__hjblWkLx-@pc220518.home.grep.be>
References: <20241119233057.2248038-1-eblake@redhat.com> <[🔎] eurcm2jfmaynf4ycx3qqpmiojrtaewzog3znjwnhderza7txrt@4u7mh2gt7cuh> <[🔎] Z2VMn__hjblWkLx-@pc220518.home.grep.be>

On Fri, Dec 20, 2024 at 12:53:19PM +0200, Wouter Verhelst wrote:
> Hi Eric,
> 
> Sorry for the late reply; I was travelling a lot in the last two or so
> months and had little time to look at things in my time off.

No problem.  Hope you enjoyed your travels.

> 
> This looks good to me; please commit.

Committed as cf5a7743..87c5318a

> 
> On Thu, Dec 12, 2024 at 12:36:22PM -0600, Eric Blake wrote:
> > ping
> > 
> > This patch series is being added as a dependency to KubeSAN:
> > https://gitlab.com/kubesan/kubesan/-/merge_requests/100/diffs?commit_id=89a370dcde
> > https://quay.io/repository/kubesan/nbd-client-i
> > 
> > so it would be nice to have it upstream instead of in a one-off fork.
> > 
> > On Tue, Nov 19, 2024 at 05:27:27PM -0600, Eric Blake wrote:
> > > Stefan Hajnoczi pointed out to me that since kernel 5.14 (commit
> > > 6497ef8d in Apr 2021), the netlink interface has allowed userspace to
> > > pass in an arbitrary backend string visible at
> > > /sys/block/nbdN/backend, and which prevents the abuse of netlink to
> > > arbitrarily reconfigure an active NBD connection to a different
> > > backend, for some added safety when multiple threads might be racing
> > > to create NBD devices.  Time to expose it in nbd-client, along with
> > > first fixing some regressions along the way.

Interestingly, I note that while the netlink interface in the kernel
_requires_ that if the user passed in an identifer on create, then it
must pass in the same identifier on a reconfigure (ie. reconfigure
will fail if the user is not attempting to reconfigure the same
backend); but when it comes to deletion, the kernel does not check for
any consistency, even if the user passes in an indentifier.  I
understand that for backwards compatibility, the deletion MUST happen
if the user does not pass in an identifier, but it would be nice if
the kernel insisted that deletion is only possible with the same
identifier that was used in creation if the user did bother to pass in
an identifier at deletion.  So if I do get the kernel patched along
those lines, this patch will need a followup to add support for
'nbd-client -d /dev/nbd0 -i $backend_passed_to_the_create'.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.
Virtualization:  qemu.org | libguestfs.org

Reply to:

References:
- Re: [PATCH 0/2] Add support for setting netlink backend string
  - From: Eric Blake <eblake@redhat.com>
- Re: [PATCH 0/2] Add support for setting netlink backend string
  - From: Wouter Verhelst <w@uter.be>

Prev by Date: Re: [PATCH 0/2] Add support for setting netlink backend string
Next by Date: [syzbot] Monthly nbd report (Dec 2024)
Previous by thread: Re: [PATCH 0/2] Add support for setting netlink backend string
Next by thread: [syzbot] [nbd?] KASAN: slab-use-after-free Write in recv_work
Index(es):
- Date
- Thread