Received: by 10.223.176.5 with SMTP id f5csp526820wra; Wed, 7 Feb 2018 03:20:31 -0800 (PST) X-Google-Smtp-Source: AH8x226AQ/7/shDGLlo1XOtd73WXNqZZUWgbh+z+iPA88a1SFr8WZ8l+Ut9WBUUC6mw9X7XZGo1y X-Received: by 2002:a17:902:4681:: with SMTP id p1-v6mr5868643pld.47.1518002431717; Wed, 07 Feb 2018 03:20:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518002431; cv=none; d=google.com; s=arc-20160816; b=C1XV9XSERgWrA/cxvBAb1d1gu0Pv5ZDgiNfpm4AWoXxsxQuXt0ExZ1T3+8WiElC0OU jY0C6Vm7uXVH9DMLb1i7lXar06aywRlYUmXHIQ1OcFTU8nLsB2Asbv+JMTFYQTLMknBa pMDsXt9Yv90AWExXrTorlW2xKDjd9gki4PBF083yoYwnUZ508df1yYa1Am/9uGRDwHNF Z7fuPEKxWUFxLVaASVW5uwaPC0vtvNppNSqUFbZJ97hL2U3eIwc9aKY8KfmrZbVTW/C6 UlS26RfSlfME0XkEjZUAsetDeX43DHvfAF/2pymyAhXyV6X1nA9st3i9b1wmhDOzqKc4 +8Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :arc-authentication-results; bh=+Qc07TtVguhveOvCuNumStlamNjmK546/ELwQv29HLw=; b=ADrK5IGneiir8ufzSMwwgOFVKvsBN6reMQ7pZwJgOZDEeqeU/Lc/rpfeysNRXP2S4Y sdmKEsKiOqkuWdMd7a9yeUchE2oWnGuhqP5LpdXPkPRJzZyVf00hPwMvKAxjMo+L1WG6 4HJ+Eq3kmMT+N1wOem1GUan04gNxG4tcQmiQYCXSO3TywHQTvUEL32Q8udhyOKlncE9v YwmqJq1rSCbCbRrRAoeRT6gygPqBWmGKwNyMrZ5qiaPfIhfDV3JtgeRZUWtYIZ+J02xd hEHw8q5D+2RRdC6N3RjlgpxI+3iUioFTXuW7w1MJZnz9Wk79U3F799i23DUMjOs/QIXK eMKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b29si963085pfm.54.2018.02.07.03.20.17; Wed, 07 Feb 2018 03:20:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753856AbeBGLTf (ORCPT + 99 others); Wed, 7 Feb 2018 06:19:35 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:43514 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753693AbeBGLTd (ORCPT ); Wed, 7 Feb 2018 06:19:33 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2999DEAE87; Wed, 7 Feb 2018 11:19:33 +0000 (UTC) Received: from localhost (unknown [10.40.205.88]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A6E912166BAE; Wed, 7 Feb 2018 11:19:31 +0000 (UTC) Date: Wed, 7 Feb 2018 12:19:25 +0100 From: Jiri Benc To: Christian Brauner Cc: netdev@vger.kernel.org, ktkhai@virtuozzo.com, stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net Subject: Re: [PATCH net 1/1 v3] rtnetlink: require unique netns identifier Message-ID: <20180207121925.5fa1e534@redhat.com> In-Reply-To: <20180206131902.31937-2-christian.brauner@ubuntu.com> References: <20180206131902.31937-1-christian.brauner@ubuntu.com> <20180206131902.31937-2-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Feb 2018 11:19:33 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Feb 2018 11:19:33 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'jbenc@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 6 Feb 2018 14:19:02 +0100, Christian Brauner wrote: > +/* Verify that rtnetlink requests supporting network namespace ids > + * do not pass additional properties potentially referring to different > + * network namespaces. > + */ > +static int rtnl_ensure_unique_netns(struct nlattr *tb[], > + struct netlink_ext_ack *extack) > +{ > + /* Requests without network namespace ids have been able to specify > + * multiple properties referring to different network namespaces so > + * don't regress them. > + */ > + if (!tb[IFLA_IF_NETNSID]) > + return 0; I agree with Eric that we should enforce this also for the existing pid/fd attributes. > + > + /* Caller operates on the current network namespace. */ > + if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD]) > + return 0; > + > + NL_SET_ERR_MSG(extack, "multiple netns identifying attributes specified"); > + return -EINVAL; But if we don't reach an agreement on that, this version is the next best one. No reason to compare the namespaces whether they're the same, a message with more than one such attribute is just invalid. > @@ -2649,6 +2675,10 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, > if (err < 0) > return err; > > + err = rtnl_ensure_unique_netns(tb, extack); > + if (err < 0) > + return err; > + > if (tb[IFLA_IFNAME]) > nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); > > @@ -3045,6 +3079,10 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, > if (err < 0) > return err; > > + err = rtnl_ensure_unique_netns(tb, extack); > + if (err < 0) > + return err; > + > if (tb[IFLA_IF_NETNSID]) { > netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); > tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); dellink and getlink support only netnsid, we should just reject a message with pid or fd set. Jiri