Received: by 10.223.176.5 with SMTP id f5csp555033wra; Wed, 7 Feb 2018 03:51:46 -0800 (PST) X-Google-Smtp-Source: AH8x225uCDRUo8uZfQzRJS1jVCg9xPwaB+b0JLC+NVHTVMRkR9JBRv3YEZNQNHC1N/rasEEfNDH+ X-Received: by 2002:a17:902:7b81:: with SMTP id w1-v6mr5703982pll.295.1518004306700; Wed, 07 Feb 2018 03:51:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518004306; cv=none; d=google.com; s=arc-20160816; b=aCi6MeOw4gHodAG93gY5a5onWAbc0Wc6yDRCcSzzVAF9cogidaJmrJBdcO+7N9K1dM J5X6lPcvQqhtO0BoDrlg49KwsjukgsZjsosCH3Bm10RmieIY3usyvJ4EwZSOF4XrnnER PVWPxFsVQ+zUxXXVOazFuAkIJ2gE7Fx54wyvg4pDpEQIM7p6cLoBr4UE87EyR6JsPsf0 sqS+1/aDXGYed4aSm09WavqPEKlCNEQcV5V+Ttx1nHerUYrHpt/PFaMiRo3G1aSSEYcJ IY+mrST3CgQObG+tlXkg/2V0hwJnTJa/6gvVFFrUvzai+kbUHd1Y5j0lnmI9JPzHUAWv ODpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=CFOJLaCkIIwhK6y69e2B1FWbCnVN4GpuYJh6Jzq75lE=; b=U7Yy1dXqTTZfc+7Z2wXGiMjN4n8ZClrjGvGKCCVRkQLA6wY6HywC9pXiLitWqxFwaB hz7PdU+D0mMw+N7lJYUTlxIpagK3uW04KxF9lumBhEA39u6hKAxZ+CW0SwmUGtVMN1o6 XiAkjCrYjWiv9Icek0QksNVBfVCd+pVdPDRNRdqZc9ARuztDaof7ybcKYUBX6qJ1mC7Q c37ppvaHQoPwwoZzcMpZoIkN2WNY5YjPqbL7WG1Hkvq7zJUuQF6hSNKqacUHMFKpz+F3 91I0GVZmGx+svCwdUgdL2CRGTPIbtrTe+bt1kb4g5GKHGrsrrJ1y5JZeVeIpdeYuc06N VjAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u125si838462pgc.321.2018.02.07.03.51.33; Wed, 07 Feb 2018 03:51:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754007AbeBGLuz (ORCPT + 99 others); Wed, 7 Feb 2018 06:50:55 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:40475 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753630AbeBGLuy (ORCPT ); Wed, 7 Feb 2018 06:50:54 -0500 Received: from mail-wr0-f199.google.com ([209.85.128.199]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1ejOFZ-0007yY-3F for linux-kernel@vger.kernel.org; Wed, 07 Feb 2018 11:50:53 +0000 Received: by mail-wr0-f199.google.com with SMTP id y44so346430wry.8 for ; Wed, 07 Feb 2018 03:50:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=CFOJLaCkIIwhK6y69e2B1FWbCnVN4GpuYJh6Jzq75lE=; b=TCrefc2n5IuskcUa+KD1fAEeMQi0mDzzQOx5aqbXydGLnMqH4yOsEgVYDVLmYmbpTx DcW/LAOpUGDjzU84AoX4YswAQCUuQV0pBtgLmDtf7HPZ2Fu4OVTyxkVYMvi/QIEEUywD Urh3+NXyRNaCEKHAkmkh7PmsuSCA7A/zDLybjmvk6etIjRKU4AWdfsI1wvkjjffaOgYd eDxwJkxJ4gXbjp0vr1BuXtV0ccw+MoJC+iFlbhGFVwKpXu6PVbqzNl4qStKGJNMnZ4UE llfWHPSgzL8o9yAl483/Sq4FSd6+EYaDVn83AAfsdoQQKNT5hOgnwZ64MLx8VS7IDt95 DmPw== X-Gm-Message-State: APf1xPDlUwOfT8kqe9GeC7Y4lPdGZtNghzTUN4HC04Zu9ENpZYLVbOe3 M6VZpr6FrZeSkb28MRWCTvMut6rFqoxxYk9ulqfO0nsV9L+B7xsKnN4pbMkGjNTJQ2N4LyxDs1a mGH3qfR0oW1KHBPkVbLZGguBJKgReSQdTv3UyaKy3qQ== X-Received: by 10.28.239.3 with SMTP id n3mr4852938wmh.88.1518004252671; Wed, 07 Feb 2018 03:50:52 -0800 (PST) X-Received: by 10.28.239.3 with SMTP id n3mr4852926wmh.88.1518004252445; Wed, 07 Feb 2018 03:50:52 -0800 (PST) Received: from gmail.com (eap108072.extern.uni-tuebingen.de. [134.2.108.72]) by smtp.gmail.com with ESMTPSA id n24sm2106824wmi.21.2018.02.07.03.50.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 07 Feb 2018 03:50:51 -0800 (PST) Date: Wed, 7 Feb 2018 12:50:51 +0100 From: Christian Brauner To: Jiri Benc Cc: Christian Brauner , netdev@vger.kernel.org, ktkhai@virtuozzo.com, stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net Subject: Re: [PATCH net 1/1 v3] rtnetlink: require unique netns identifier Message-ID: <20180207115050.GA29047@gmail.com> References: <20180206131902.31937-1-christian.brauner@ubuntu.com> <20180206131902.31937-2-christian.brauner@ubuntu.com> <20180207121925.5fa1e534@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180207121925.5fa1e534@redhat.com> User-Agent: Mutt/1.9.3 (2018-01-21) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 07, 2018 at 12:19:25PM +0100, Jiri Benc wrote: > On Tue, 6 Feb 2018 14:19:02 +0100, Christian Brauner wrote: > > +/* Verify that rtnetlink requests supporting network namespace ids > > + * do not pass additional properties potentially referring to different > > + * network namespaces. > > + */ > > +static int rtnl_ensure_unique_netns(struct nlattr *tb[], > > + struct netlink_ext_ack *extack) > > +{ > > + /* Requests without network namespace ids have been able to specify > > + * multiple properties referring to different network namespaces so > > + * don't regress them. > > + */ > > + if (!tb[IFLA_IF_NETNSID]) > > + return 0; > > I agree with Eric that we should enforce this also for the existing > pid/fd attributes. Yes, I would prefer this too but in the Linux spirit of never regressing userspace I was afraid that there might already be userspace applications that stick a pid and an fd at the same time into an rtnetlink request. If we are ok with potentially breaking them then we should just go for it. It is definitely the cleaner solution. > > > + > > + /* Caller operates on the current network namespace. */ > > + if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD]) > > + return 0; > > + > > + NL_SET_ERR_MSG(extack, "multiple netns identifying attributes specified"); > > + return -EINVAL; > > But if we don't reach an agreement on that, this version is the next > best one. No reason to compare the namespaces whether they're the same, > a message with more than one such attribute is just invalid. > > > @@ -2649,6 +2675,10 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, > > if (err < 0) > > return err; > > > > + err = rtnl_ensure_unique_netns(tb, extack); > > + if (err < 0) > > + return err; > > + > > if (tb[IFLA_IFNAME]) > > nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); > > > > @@ -3045,6 +3079,10 @@ static int rtnl_getlink(struct sk_buff *skb, struct nlmsghdr *nlh, > > if (err < 0) > > return err; > > > > + err = rtnl_ensure_unique_netns(tb, extack); > > + if (err < 0) > > + return err; > > + > > if (tb[IFLA_IF_NETNSID]) { > > netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); > > tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); > > dellink and getlink support only netnsid, we should just reject a > message with pid or fd set. Thanks for the feedback, I'll adapt the patch with the requested changes.