Received: by 10.223.176.5 with SMTP id f5csp561659wra; Sat, 3 Feb 2018 05:31:36 -0800 (PST) X-Google-Smtp-Source: AH8x225EC0T8Lq1eu+RE0DpER3DnCLDaeXtNOQ9lYWGpf5eMqbXIsxaAV9zzLNikr288OSC7ySnT X-Received: by 10.101.75.193 with SMTP id p1mr17661206pgr.63.1517664696660; Sat, 03 Feb 2018 05:31:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517664696; cv=none; d=google.com; s=arc-20160816; b=X0Zu6WkoWGN4Li7KLqgcQ6mcbbFZF1Xxav21YLuLqgIalu19tEmufumJMj5j8/iz3+ dKZXHPasr+autVCmQjKvIxnaf3QQyRk83BURlLzpgYp7kfsCIyvhy9gd8DXX/qGGALhz QjdDB25YVS3pmGzQ99yiU99nHQaYACGm+M+enHphTZOLayFGzNA/KuvsrP1UoL+FyOpl uzZ1mAecXRZ7nia9i/UJRpHXJ/SsWPpX8gxz1urR2A2HLV95uZao0Vq58cwgHHnDfgp6 H9PfoLsiq3JXQIA2nOPAuO8LpbTfIGZSIjslAhoBKyKBfPQ9H1kYSS6Bnx0XlfA27vaj ArMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=k1CS5J9YNKUpUd+gpkWdJmzUv4O7yqg3RqBJATqsmYA=; b=LBVM4h2JHff2Isq8IfQ2Fzez1SsmhbDct5ogTJF5Iqsx0D8td8gRd4oOhkCWr0h2cA aTErFoqD8kL9Nd4B8xhNDbZzIRB7wgsQMZ0RFfs7Jef2swhjn0HWBmFF6iaBjc/uAczM a9kXCbtjG1KHSjJ18sBrpPfi9QEE7ZGJSEDtOYjP9zNisj6t+teElwng4HkfUB7xZLQQ 2tFYttGDC+RhR7Z0bk7jwYoIQiqgkQLfXiQ52ZshFQ7VBak5uiN+qhjLPq9/rAfGxi5k /X0qSi5Nv8JgJr6vDBUyZ45/RWHMgzQliOw2Y2atFIBSofN5q0P2Vev1wArOiPAY2/9h KWXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c17-v6si1172486plz.700.2018.02.03.05.31.14; Sat, 03 Feb 2018 05:31:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752413AbeBCN36 (ORCPT + 99 others); Sat, 3 Feb 2018 08:29:58 -0500 Received: from mail-wr0-f193.google.com ([209.85.128.193]:40914 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751795AbeBCN3f (ORCPT ); Sat, 3 Feb 2018 08:29:35 -0500 Received: by mail-wr0-f193.google.com with SMTP id i56so25162242wra.7; Sat, 03 Feb 2018 05:29:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=k1CS5J9YNKUpUd+gpkWdJmzUv4O7yqg3RqBJATqsmYA=; b=V74iJL9Lm5EZvlc4fjQPLAlCqircB+jKwerLV96T7rn0GVGJlu7BfnFhtalJpH7kLr O0Ub+DgImAJpym5CqqTmUbvFHOkH8p6bBZdsvR9ysZAN9zadyLrXlay8+k2MJBhbY+02 q0TuprDf5RJ9PD+csZqys3uMPHlRTl5JJicRm5aHrmhR9XUmQ8YnjNkLz0LRbCovNIq0 e9C7yQoosZgLu5yNG5bu6xQcbGbE4Ke+NGcz9nkeTa3eAKPjx0mYOjkdhd7SL8gyxOOP +TJWU63rFxeZol8sHx00hVVArnHV9k/aaT3L0Rrqp7LMyMB5PyA0B1eJM26PGarYgKQi kolA== X-Gm-Message-State: APf1xPDfNgZG1VBhjaOKCzj8lIA65dQMQwmZsOGMFrKq2VOFmVDUCEnA JuBxJthMP590oyKlH4Gv0gNM36+FO5E= X-Received: by 10.223.197.12 with SMTP id q12mr4154033wrf.147.1517664574010; Sat, 03 Feb 2018 05:29:34 -0800 (PST) Received: from localhost.localdomain ([2001:67c:1810:f051:f817:224e:7728:4274]) by smtp.gmail.com with ESMTPSA id o98sm3539830wrb.44.2018.02.03.05.29.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Feb 2018 05:29:33 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 1/1 v1] rtnetlink: require unique netns identifier Date: Sat, 3 Feb 2018 14:29:04 +0100 Message-Id: <20180203132904.11972-2-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180203132904.11972-1-christian.brauner@ubuntu.com> References: <20180203132904.11972-1-christian.brauner@ubuntu.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing. For legacy reasons the kernel will pick the IFLA_NET_NS_PID property first and then look for the IFLA_NET_NS_FD property but there is no reason to extend this type of behavior to network namespace ids. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. Signed-off-by: Christian Brauner --- ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace --- net/core/rtnetlink.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 56af8e41abfc..df2363f28574 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1951,6 +1951,57 @@ static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb, return net; } +/* Verify that rtnetlink requests supporting network namespace ids + * do not pass additional properties referring to different network + * namespaces. + */ +static int rtnl_ensure_unique_netns_attr(const struct sock *sk, + struct nlattr *tb[], + struct netlink_ext_ack *extack) +{ + int ret = -EINVAL; + struct net *net = NULL, *unique_net = NULL; + + /* Requests without network namespace ids have been able to specify + * multiple properties referring to different network namespaces so + * don't regress them. + */ + if (!tb[IFLA_IF_NETNSID]) + return 0; + + if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD]) + return 0; + + unique_net = get_net_ns_by_id(sock_net(sk), nla_get_s32(tb[IFLA_IF_NETNSID])); + if (!unique_net) + return -1; + + if (tb[IFLA_NET_NS_PID]) { + net = get_net_ns_by_pid(nla_get_u32(tb[IFLA_NET_NS_PID])); + if (net != unique_net) + goto on_error; + } + + if (tb[IFLA_NET_NS_FD]) { + net = get_net_ns_by_fd(nla_get_u32(tb[IFLA_NET_NS_FD])); + if (net != unique_net) + goto on_error; + } + + ret = 0; + +on_error: + put_net(unique_net); + + if (net && !IS_ERR(net)) + put_net(net); + + if (ret != 0) + NL_SET_ERR_MSG(extack, "multiple network namespaces specified"); + + return ret; +} + static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) { if (dev) { @@ -2553,6 +2604,10 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) goto errout; + err = rtnl_ensure_unique_netns_attr(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + goto errout; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); else @@ -2649,6 +2704,10 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns_attr(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); @@ -2802,6 +2861,10 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns_attr(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); else @@ -3045,6 +3108,10 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns_attr(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IF_NETNSID]) { netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); -- 2.14.1