Received: by 10.223.176.5 with SMTP id f5csp567176wra; Sat, 3 Feb 2018 05:38:59 -0800 (PST) X-Google-Smtp-Source: AH8x224FpjuD33c7b1jp3ESEH5p2AV70dt0jFLqHICscglhLr/qZw6gZWkJL9DaF9/r+3xDLNVdg X-Received: by 10.98.153.197 with SMTP id t66mr3043013pfk.142.1517665139261; Sat, 03 Feb 2018 05:38:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517665139; cv=none; d=google.com; s=arc-20160816; b=A8rItzSDfmngDtBpXmlz/YDsW5DrimiZre/snoniEPpk/rl+dv2N/tUG/R6mUWgb5s T1ZOUyWdE1Mc/1s/TfavVYpVpLRkZ+TRBbQEdis4JOEetnZkR810dwtvKzaDOJOV0KVM DaV0pz6/1UQm4v16C7LU4BWQMFJm0/Mgb4TZG3dlAlDCryDQv7nmL91zNxTT77Taql3v FJIj+YsYXYeahLQx3VF8FzEpEU8MQN0TBcWR3X/j2+GML08vmUOUGtQuMBP/ZJmtLbSx 1AiS16ririFBRmDLrTH7wQMhXrqzcG9lTi7BydneAeN0B5n98u4VhNOX/1naCfWjdF2L 86/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=oUbF4RKRgQy5qzt76NsJb0yFikOTG77HO7JB0sNAGtk=; b=RMid+dDdDhvl5Png/ZfKrVwv8fRxsNnQk/NRKf9njGq/lL33ZhisUPTR6WvZzUHjQ2 k9+xffYcMPstFNVAUZIQ4VFpOBPoEOzaUsDw9oNE23Lwph27ZMCftc28ElrYOpoozOeN SZZl3t8L71miBFaFhew3NKlO2oDnYmcGcO8ZC/DV8yja61pS39rDqsSut+LD2YMo2IPG UyCRbSE9jrW+dMcI5UYiJ/nVQi8USEYCKRvs9KXztLYWua6Xj1FoKcTGmK5idkiSdeVP Gz37xEBEMtL1JOl1rHYvd76CqVagGqnYesEkpQeXwy5r2HEj/wjeqn1sx6Jo25Zn5faE AmBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s4si3710814pfe.48.2018.02.03.05.38.43; Sat, 03 Feb 2018 05:38:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752218AbeBCN3i (ORCPT + 99 others); Sat, 3 Feb 2018 08:29:38 -0500 Received: from mail-wr0-f182.google.com ([209.85.128.182]:37362 "EHLO mail-wr0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751787AbeBCN3e (ORCPT ); Sat, 3 Feb 2018 08:29:34 -0500 Received: by mail-wr0-f182.google.com with SMTP id a43so17613009wrc.4; Sat, 03 Feb 2018 05:29:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=oUbF4RKRgQy5qzt76NsJb0yFikOTG77HO7JB0sNAGtk=; b=UMXYOpTr3Q9O89KBY9sAFjyVjkislCfDmKjoSABUjrJahMopDF6O2S4wEqRaCyIhPd w2RdEwdn0dtMiFCUAtDzUl2jfiHQsnY0BQeMe9ROC4uhtkKCdZyJ8P6rsJ127TJwiAH4 vazEx86cPBTo5mjRQ7tILpS1hEbVcwKOFP0XYIcniHe3ZGYU8RJNiVao2fTHWWgNIbQQ s/P03fxsR0Ic9YZnYvc1vsJw750SxADNRR+3AIgvFh/g3AzocKX0Cz3vu8Nnbp+K5gZc 8wMCU+fU1GONNQF4S8aj0O7g25c1XZOX2XZFjnW/14Hr9pV4DNJStkiF1aJp+2BvyWK+ 71vg== X-Gm-Message-State: AKwxytf4UOLEywnitMCgsIXPV8rENyeWo7nGBai7HXoBAwPJRnXjQIYR R/UhqlCTJHeq7h1WohgQ9gL4bvYGDhI= X-Received: by 10.223.145.129 with SMTP id 1mr21958580wri.18.1517664573276; Sat, 03 Feb 2018 05:29:33 -0800 (PST) Received: from localhost.localdomain ([2001:67c:1810:f051:f817:224e:7728:4274]) by smtp.gmail.com with ESMTPSA id o98sm3539830wrb.44.2018.02.03.05.29.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Feb 2018 05:29:32 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 0/1 v1] rtnetlink: require unique netns identifier Date: Sat, 3 Feb 2018 14:29:03 +0100 Message-Id: <20180203132904.11972-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey, Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing. For legacy reasons the kernel will pick the IFLA_NET_NS_PID property first and then look for the IFLA_NET_NS_FD property but there is no reason to extend this type of behavior to network namespace ids. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. We obviously cannot prevent users from passing both IFLA_NET_NS_PID and IFLA_NET_NS_FD since we have supported this somehow for a long time. So the check I'm proposing is to only fail when both IFLA_IF_NETNSID, and IFLA_NET_NS_PID or IFLA_NET_NS_FD are passed and they refer to different network namespaces. Thanks! Christian ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace Christian Brauner (1): rtnetlink: require unique netns identifier net/core/rtnetlink.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) -- 2.14.1