Received: by 10.223.176.5 with SMTP id f5csp657475wra; Tue, 6 Feb 2018 05:21:46 -0800 (PST) X-Google-Smtp-Source: AH8x227MNyh3WiwJp4YWizxkbQS+TfEmRUcCoIkID+jXk0codu1tNTfyyTQtTiAKJ72l75lvgKIh X-Received: by 2002:a17:902:be06:: with SMTP id r6-v6mr2400517pls.448.1517923306069; Tue, 06 Feb 2018 05:21:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517923306; cv=none; d=google.com; s=arc-20160816; b=SEBsIevA4AESD2QgeQUzUUS1y7H3DAQYCqyq7/c6rOtuOBfX2UwBalrz5EHD/Ot0/8 vu+daajQUY7AQxjqq9/vIB5gmv2uF9k4oacw3J4Aje/+KGR9eZ8JrZ23rLFAy7+QIpFx /hVXEd3TMYTWwidaTgkKdExzfAMmaKlpyGVXqC8SZVqsvTLlCZTZrFjBAP829WMrwnqp 301vyJPbWCin2PZV2ic4qim4WWXVbT47xhik71x9mDzTG312GM3xsk9dgIzAqGW8arfJ t0C2d9ouONPtu6zJJsyffdf5wCl7f66kTXmHo4mDfZ6wjeCi6as9gNmstO4xe65vPy6/ q34w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=7Tf1mE7fX+ASL+re77/sa5AhgZTrB1ghUif2HpNzsrE=; b=kaxiW9PyxVDrLbdofjMWDAJJWuln/SkI2GNrEilAMvaHolTCvJ/9N0RI1WFsHYuOry 7vqN9GAV+wZhfKmtuVJ7UjQXjUEaiwH/Ri8yKECkfzY7gwhNjvo3jOg3vj/6TT9E086c vYd9rQEd/RtuBTzhMNUpCqv3//9KXY6JAalDnHmpl9pDShOILALujEcbB/dlTtW2h0t7 vD9jr7iMUn/1SnvuXdrJL5ACGGrrF60Cm5FWE3rjIMfWDdJpW3JtxHxV600KEQsq27la UuMKdimeR6g8XeavQ3wwKiFnPvHEIWukii/OhEkH3uybVue9lelcIkb38YWx67fJy1Iq HvZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e1-v6si8558015ple.452.2018.02.06.05.21.32; Tue, 06 Feb 2018 05:21:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752802AbeBFNTx (ORCPT + 99 others); Tue, 6 Feb 2018 08:19:53 -0500 Received: from mail-wr0-f180.google.com ([209.85.128.180]:33450 "EHLO mail-wr0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751738AbeBFNTs (ORCPT ); Tue, 6 Feb 2018 08:19:48 -0500 Received: by mail-wr0-f180.google.com with SMTP id s5so1906496wra.0; Tue, 06 Feb 2018 05:19:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7Tf1mE7fX+ASL+re77/sa5AhgZTrB1ghUif2HpNzsrE=; b=MpxWHK9SfiL1B9MkXGTvudP6IsUACNZcenPpdQk+p07hvxQgNk0pbijc31o24kunk0 CKKCCDvvdffB6WSidc9aF4mMxGgGJG7D6iWHplHfNGj01O1JIrcst+BXrCZAEgNAgXM9 V1LQXNgYTzV0/x07AhQpdetprnBuvaILdoncYtX8S9QYDJKH3uV/1EJwTURrr/ZVJWtm HC//dT9r2cDIn2LTDLjp/G2hAI2GHpG6XPFT23WjOOShcnYYJV72x91u+EP2UGCeshth IlUWR9LbrqyEfIu9eMIN1Msdm4CKnJYWX3ZfPUkb+FajDBE/otiHGdwoLmWkH6rHn1zS mVxA== X-Gm-Message-State: APf1xPBsErPyA9YqJE5TUT97CE8w+/sfEh2uetPeeqQLZwuie5dNqLCz xdy+KPEQEs1cbu8fmlxFviZFi7eQtcg= X-Received: by 10.223.164.80 with SMTP id e16mr2243260wra.198.1517923186633; Tue, 06 Feb 2018 05:19:46 -0800 (PST) Received: from localhost.localdomain (eap104082.extern.uni-tuebingen.de. [134.2.104.82]) by smtp.gmail.com with ESMTPSA id s63sm7532369wrc.64.2018.02.06.05.19.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 05:19:45 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: ktkhai@virtuozzo.com, stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 0/1 v3] rtnetlink: require unique netns identifier Date: Tue, 6 Feb 2018 14:19:01 +0100 Message-Id: <20180206131902.31937-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey, Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing and a potential security liability given that pids might be recycled while the netlink request is served or the process might do a setns() It also lets us indicate that network namespace ids are the preferred way of interacting with network namespaces in rtnetlink requests. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. We obviously cannot prevent users from passing both IFLA_NET_NS_PID and IFLA_NET_NS_FD since we have supported this somehow for a long time for a subset of rtnetlink requests. So the check I'm proposing is to only fail when both IFLA_IF_NETNSID, and IFLA_NET_NS_PID or IFLA_NET_NS_FD are passed. Thanks! Christian --- ChangeLog v2->v3: * Specifying target network namespaces with pids or fds seems racy since the process might die and the pid get recycled or the process does a setns() in which case the tests would be invalid. So only check whether multiple properties are specified and report a helpful error in this case. ChangeLog v1->v2: * return errno when the specified network namespace id is invalid * fill in struct netlink_ext_ack if the network namespace id is invalid * rename rtnl_ensure_unique_netns_attr() to rtnl_ensure_unique_netns() to indicate that a request without any network namespace identifying attributes is also considered valid. ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace --- Christian Brauner (1): rtnetlink: require unique netns identifier net/core/rtnetlink.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) -- 2.14.1