Received: by 10.223.176.5 with SMTP id f5csp2674561wra; Mon, 5 Feb 2018 08:02:17 -0800 (PST) X-Google-Smtp-Source: AH8x224fU2Ro8FJi81na8EWJlSC8Y8W7uUpYAihC8tRk2oGtcGOjgf+8pEKRmOhGOoSK9C1xdEuy X-Received: by 10.99.120.66 with SMTP id t63mr38391018pgc.375.1517846537184; Mon, 05 Feb 2018 08:02:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517846537; cv=none; d=google.com; s=arc-20160816; b=uOtCW5AXc/QZtAKXiiU+jYHLy5RnYXAl+MfkDAmT4Q4NEoqQX80Bsp/1l591LQRKwr bM/QdL5InCXZ9iLZMvPyJ9uDJuhK2QvalMhg/RbbhkliebiV+mCyGw/hdZoOdQ1pazRq 4HmBPOhoa2dTIBg2xOrFs6SI+eXNhmjS96w37zMkJGhuP/H89DN6rNE5zMBvjatRyIe8 Baayv5QUYoFZVdxY8NK3SdF1OWeOyqsLaBXfqcI+1AMoMX/ccc4ZQeOxvo1wovXCXOfx 4rThPbLCdf7iw8Baas0398w1raQ/xQENFaqeaJ9bJkQq57b2h50RQkmd5xOCd4IVamoA pKSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=VXQsArHtUEltPvfZTdO+cputFI1zaGw+2GwGrQTZO2k=; b=YFocAlmDqmx4Z368cgI44AN/cSWBGUmxG9uaY4VE+lkjkv/p7KsaaZkkL6kI8fCB6k LnGsYV2QZxQexdS/tFq2Lb8Mazmd1sJ4Tw5we8XhrZWVWcHWjo/qOBZUIDTRnBUoxB7h u782SMuByDQDCws2LXNfgVyILhkT5M/A7cuGbfVV+16NBITzrtK/+cgKnuAdl3c5gBOq BehUTrMVu2so+0Lc4c3PgDH2mcGv/RTdsEzlj6BSgq6PFrhioZMLQ+wOZUWvpKSEY4mU C550cjN1ahoEkoSJdJOOS8daqc67U1rRfk9NTIrh4VKNk31HguNW51G/1KSTunGIHT7k 62vA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 60-v6si7031824plc.444.2018.02.05.08.02.01; Mon, 05 Feb 2018 08:02:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753337AbeBEQA0 (ORCPT + 99 others); Mon, 5 Feb 2018 11:00:26 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:34181 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753025AbeBEQAB (ORCPT ); Mon, 5 Feb 2018 11:00:01 -0500 Received: by mail-wm0-f67.google.com with SMTP id j21-v6so13843204wmh.1; Mon, 05 Feb 2018 08:00:00 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VXQsArHtUEltPvfZTdO+cputFI1zaGw+2GwGrQTZO2k=; b=o0KijViTvbYQcEXRyRuJ6DXhed47p/o/FtQ0FkSzlVS7IKO26LHASEcBqE6oLXvM52 TvYgB7U6U5wJI9e5rpXvwUb+LE0b0U/N8KAI/L0lk9dxyMeQVDGvmIArkAKABclycGis 5aBODqgW50TFPfJx01qzgeE5znLLHPDb2wdrNvT/snRa3pOYjQlKFaThWYt+8Iri41fk BV8eV1JGTR/VpXhCP4GMFmokWvHlXSHa35Fgn+sSDGjsDR9mvd6ikUWfBXapruSxq3z3 OujFPQNA+XNEE3iWp0HNYHXVP1LPkmzWW4Kik3SIlRVXntHVufzJ3k/h2KiM90wOwJkj eaiQ== X-Gm-Message-State: AKwxytd9e2FGRUiSLqPZn+N+soybM3ZbCGhG+MWJpyhqvvFjK2Ox1WdO iVRLsT5K5qBw7FBkWnO79gL0aMO5WSlh4YiH X-Received: by 10.80.153.45 with SMTP id k42mr81070929edb.21.1517846399430; Mon, 05 Feb 2018 07:59:59 -0800 (PST) Received: from localhost.localdomain ([84.198.244.204]) by smtp.gmail.com with ESMTPSA id 6sm6486024edl.87.2018.02.05.07.59.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Feb 2018 07:59:59 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 1/1 v2] rtnetlink: require unique netns identifier Date: Mon, 5 Feb 2018 16:55:50 +0100 Message-Id: <20180205155550.21432-2-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180205155550.21432-1-christian.brauner@ubuntu.com> References: <20180205155550.21432-1-christian.brauner@ubuntu.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing. For legacy reasons the kernel will pick the IFLA_NET_NS_PID property first and then look for the IFLA_NET_NS_FD property but there is no reason to extend this type of behavior to network namespace ids. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. Signed-off-by: Christian Brauner --- ChangeLog v1->v2: * return errno when the specified network namespace id is invalid * fill in struct netlink_ext_ack if the network namespace id is invalid * rename rtnl_ensure_unique_netns_attr() to rtnl_ensure_unique_netns() to indicate that a request without any network namespace identifying attributes is also considered valid. ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace --- net/core/rtnetlink.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 56af8e41abfc..c096c4ff9a00 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1951,6 +1951,59 @@ static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb, return net; } +/* Verify that rtnetlink requests supporting network namespace ids + * do not pass additional properties referring to different network + * namespaces. + */ +static int rtnl_ensure_unique_netns(const struct sock *sk, struct nlattr *tb[], + struct netlink_ext_ack *extack) +{ + int ret = -EINVAL; + struct net *net = NULL, *unique_net = NULL; + + /* Requests without network namespace ids have been able to specify + * multiple properties referring to different network namespaces so + * don't regress them. + */ + if (!tb[IFLA_IF_NETNSID]) + return 0; + + /* Caller operates on the current network namespace. */ + if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD]) + return 0; + + unique_net = get_net_ns_by_id(sock_net(sk), nla_get_s32(tb[IFLA_IF_NETNSID])); + if (!unique_net) { + NL_SET_ERR_MSG(extack, "invalid network namespace id"); + return ret; + } + + if (tb[IFLA_NET_NS_PID]) { + net = get_net_ns_by_pid(nla_get_u32(tb[IFLA_NET_NS_PID])); + if (net != unique_net) + goto on_error; + } + + if (tb[IFLA_NET_NS_FD]) { + net = get_net_ns_by_fd(nla_get_u32(tb[IFLA_NET_NS_FD])); + if (net != unique_net) + goto on_error; + } + + ret = 0; + +on_error: + put_net(unique_net); + + if (net && !IS_ERR(net)) + put_net(net); + + if (ret != 0) + NL_SET_ERR_MSG(extack, "multiple network namespaces specified"); + + return ret; +} + static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) { if (dev) { @@ -2553,6 +2606,10 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) goto errout; + err = rtnl_ensure_unique_netns(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + goto errout; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); else @@ -2649,6 +2706,10 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); @@ -2802,6 +2863,10 @@ static int rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); else @@ -3045,6 +3110,10 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) return err; + err = rtnl_ensure_unique_netns(NETLINK_CB(skb).sk, tb, extack); + if (err < 0) + return err; + if (tb[IFLA_IF_NETNSID]) { netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); -- 2.14.1