Received: by 10.223.176.5 with SMTP id f5csp2672589wra; Mon, 5 Feb 2018 08:01:01 -0800 (PST) X-Google-Smtp-Source: AH8x226K+izrLUVbXyq6PG2Ro7jybN5XS2ALz6ymeNBgmzCj0TwBBEii5BQPQ2lug398+cOZQ7wV X-Received: by 10.101.97.12 with SMTP id z12mr7701952pgu.92.1517846461390; Mon, 05 Feb 2018 08:01:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517846461; cv=none; d=google.com; s=arc-20160816; b=o1wJ9HWn7wNjLZb5Ot0yRTN2l/0JzGBo3wma+YJKEz6n7IYc//i2k9tANKLaYD7w8S llw7LIRe871hm2bZq+LU7irPF2gACAjTh8/WZjArNreUlREgq0ueRgj+ilzp+seUEUV/ mPhPWdsZM2fiFfQGfzq/PlpXHQLgz82nuk7cGjeYXkXj7zPd0lRYWEIHkoL1/Uvgi/qy FVbht4NTi1u7nMfnPTTDPJid42O1i31v3/B+Y6MM+3o+hZv4NrQvBTPhevfzuW/0Us+b 5ZeV07SvULvXdUr2a3bhqUyB5jVztVKzaIw0w2fZP/cOmM7h0mtmRBVo/NPQKHcgC5tw mwww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=8AQvM9C5vZjlgWvATna2DiQA/PjoZuBATYrebDt8wEI=; b=OZ9J1+kGIHQpERDLpKd4YlAdMHV+bOD6gppdSv/YvnFhlHjy1TxEIosw2UYRuoqyPY 9vnNfW2W/2hWa6+bmdZxPsZcE1pudgyVt/lBXyuhH7lbTjLYL2psD404PhNcfRd69XrB A3ugLoZ1R6ijFRzjb5NJk6RmhZ4Q5QEk1NrHQT7+hDchF0lv+6SEdv3tmntSafrkfbi6 4YvkC5FFcK6hhNMzI1VP+CGnFyLMeJ4PT3uq4NQJPl3m5RULHNTb4n6VQYQ1IfT1T/vx Nc6wOeHZZfiEEX7yLHkGG57yqiju8uoGaw34KiCT0jN4qljcyQyeXntL6vxqKmvV6PQR 10zw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f4-v6si655630plm.163.2018.02.05.08.00.46; Mon, 05 Feb 2018 08:01:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753078AbeBEQAG (ORCPT + 99 others); Mon, 5 Feb 2018 11:00:06 -0500 Received: from mail-wm0-f51.google.com ([74.125.82.51]:40166 "EHLO mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752925AbeBEQAA (ORCPT ); Mon, 5 Feb 2018 11:00:00 -0500 Received: by mail-wm0-f51.google.com with SMTP id v123so26860710wmd.5; Mon, 05 Feb 2018 07:59:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8AQvM9C5vZjlgWvATna2DiQA/PjoZuBATYrebDt8wEI=; b=bhSF7Of07RlJoK6nbEtaXoIJBcdKkd5WVMKR3aznamLEF7D1ptWp+/Wf+zwDVupP9O pW+wlBS3KIuJWVNffjYZtpKIZtzSMfXpDcNpa/MSxxCONPfPi3P64j5KCwfzRUNBOU31 fW7Ta09AC/KuCMLjRiRPPrbiBTNDRvTbj2fburde/1HJfdCUo1IOS4eizOHwPWVcSE7O 0N1zC7Z1FbP2GTd1mEmg4QHDs7DTx0oLbHGXhZo90RC+FiwhfMD8x+oZCMvDhOYcw53d 1km/xTnaB5OcrOgoaLH5FuQz/1TO0i8e3soZ9SN79tqwsxILLh2zMtEOV3DBY5loYeI6 ucTQ== X-Gm-Message-State: AKwxytdmhGYunwcFeMgkDFa9qIPYxLE7ypETNqTFk65Q6hfQAPOSY/Op yALBxl6LVGR74E0XOGZBkHxqkg4eXPZ6NPd/ X-Received: by 10.80.166.218 with SMTP id f26mr77625956edc.266.1517846398576; Mon, 05 Feb 2018 07:59:58 -0800 (PST) Received: from localhost.localdomain ([84.198.244.204]) by smtp.gmail.com with ESMTPSA id 6sm6486024edl.87.2018.02.05.07.59.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Feb 2018 07:59:57 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 0/1 v2] rtnetlink: require unique netns identifier Date: Mon, 5 Feb 2018 16:55:49 +0100 Message-Id: <20180205155550.21432-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey, Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing. For legacy reasons the kernel will pick the IFLA_NET_NS_PID property first and then look for the IFLA_NET_NS_FD property but there is no reason to extend this type of behavior to network namespace ids. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. We obviously cannot prevent users from passing both IFLA_NET_NS_PID and IFLA_NET_NS_FD since we have supported this somehow for a long time. So the check I'm proposing is to only fail when both IFLA_IF_NETNSID, and IFLA_NET_NS_PID or IFLA_NET_NS_FD are passed and they refer to different network namespaces. Thanks! Christian ChangeLog v1->v2: * return errno when the specified network namespace id is invalid * fill in struct netlink_ext_ack if the network namespace id is invalid * rename rtnl_ensure_unique_netns_attr() to rtnl_ensure_unique_netns() to indicate that a request without any network namespace identifying attributes is also considered valid. ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace Christian Brauner (1): rtnetlink: require unique netns identifier net/core/rtnetlink.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) -- 2.14.1