Received: by 10.223.176.5 with SMTP id f5csp619415wra; Wed, 7 Feb 2018 04:54:18 -0800 (PST) X-Google-Smtp-Source: AH8x224tRAL8a0QNilZPHIW6TZ5uiP97wKH3Qm7bzNY/bBGay6ryToDXlkDYV8SI3FxNhlsL7cdU X-Received: by 2002:a17:902:102:: with SMTP id 2-v6mr5985472plb.178.1518008058263; Wed, 07 Feb 2018 04:54:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518008058; cv=none; d=google.com; s=arc-20160816; b=QQh0vLKOfn90ea67FJUH4UIDrfNBm23MfmG7h93tuOvk7CN2bvYJLClXNuLRpLZYvD slgQM/7kua6n+N4zrLE4evyNGwIr16ZR6RRbfRhjP8LnsbcZA/S2n1veiooG1rCC4n3K nk1kiEZKg8p2NOv17LpwtRRSr8aUZD9ai/hgbBgC2F58NE57qdaU7wJKm1H8fRNcVm82 l9uxqR8h0FXnaXNLxrHqKHPOnEpTTvI8nshr/6rURyVGNBMXb+px++4ZS+2uD3/2FnPI 9hWhynyXHBdFhF4awje2N2g25a9NDBGsMm9gwTj7QZdKupxbT9xoViS6jeQzBWEqyTaf 8dmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=tGQGJy4YOnLYBJeZ+QaTbBnzISeDV9fspncUJ8lP7t4=; b=bpswogmRTPwM/Wi9efx666xMxSOkptTp0dQFr99EtRZYZ0WCZSbM0ZqcA4kvfVFi3Q /xOpB7l1+dvJF8JD4xufHzxhbEzMsGioCWHsywnzlAaPPT5iIqBMoosx6sL/okPZ5RFU SC+Pi6F0WLhEZwKWDI0RjcGmQ4V9+HCdjC8pwhezhO7jgTeo+9I805H605C6W8PUhsFX n23Px8FC5BltOQ0ee1frI+Q3H1fYsX1qqVmpRbX1rBbwKWLVF0BJtiO1ZEz9xUiuO+qx kZ68bgNDWS64OL8h+d8S8kjQWnIYYqeb1I082ux78Cq7qEfqtMWkSwLqhGgd1H2xWg1r YlHw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6-v6si1027417plp.731.2018.02.07.04.54.04; Wed, 07 Feb 2018 04:54:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753856AbeBGMx1 (ORCPT + 99 others); Wed, 7 Feb 2018 07:53:27 -0500 Received: from mail-wm0-f52.google.com ([74.125.82.52]:33626 "EHLO mail-wm0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753478AbeBGMxZ (ORCPT ); Wed, 7 Feb 2018 07:53:25 -0500 Received: by mail-wm0-f52.google.com with SMTP id x4-v6so22440424wmc.0; Wed, 07 Feb 2018 04:53:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=tGQGJy4YOnLYBJeZ+QaTbBnzISeDV9fspncUJ8lP7t4=; b=Hzsn/WPSvFxXKh5wRLworSgSS2zhViVGM01I320SaKeKnx0zHYXhjn3S4yxhTNiBYm 1RsbXziEXAVrMfKC+Lbdm6y7MaVdF0k7veFdjGRJJrAhE8TEWq2nBK1R1upU2JYxnpuc wULuLxIH0O4G7FGYP+PXLsZhxZhsJmgq+KoT0WlIKeEo6i5yPjtUsht/DdJBoHtZ25XF IW/lmUVcWomhLACqBpJw2PYhOR/gVRDGjw1miFe+AKkoPCQFE856Zv/J1yQskBaye68N PfxW/0j3KMGH2umdckbT1q9wo9jmyNu6TSgBlepiALoJz+IV2/doSsfZLhM0Z127bxP4 HF1g== X-Gm-Message-State: APf1xPAPNM55gpS2PQ1NUbjTS+xwizp8QsJ5hQe7eJK5WGZ8MrwW94iS pmrChwoJN12S6AkrnQztg1ZIx0d/eZE= X-Received: by 10.28.168.8 with SMTP id r8mr5063046wme.157.1518008003826; Wed, 07 Feb 2018 04:53:23 -0800 (PST) Received: from localhost.localdomain (eap108072.extern.uni-tuebingen.de. [134.2.108.72]) by smtp.gmail.com with ESMTPSA id 78sm2382905wmm.22.2018.02.07.04.53.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 04:53:23 -0800 (PST) From: Christian Brauner To: netdev@vger.kernel.org Cc: ktkhai@virtuozzo.com, stephen@networkplumber.org, w.bumiller@proxmox.com, ebiederm@xmission.com, jbenc@redhat.com, nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org, dsahern@gmail.com, davem@davemloft.net, Christian Brauner Subject: [PATCH net 0/1 v4] rtnetlink: require unique netns identifier Date: Wed, 7 Feb 2018 13:53:19 +0100 Message-Id: <20180207125320.9103-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey, Since we've added support for IFLA_IF_NETNSID for RTM_{DEL,GET,SET,NEW}LINK it is possible for userspace to send us requests with three different properties to identify a target network namespace. This affects at least RTM_{NEW,SET}LINK. Each of them could potentially refer to a different network namespace which is confusing and a potential security liability given that pids might be recycled while the netlink request is served or the process might do a setns() It also lets us indicate that network namespace ids are the preferred way of interacting with network namespaces in rtnetlink requests. The regression potential is quite minimal since the rtnetlink requests in question either won't allow IFLA_IF_NETNSID requests before 4.16 is out (RTM_{NEW,SET}LINK) or don't support IFLA_NET_NS_{PID,FD} (RTM_{DEL,GET}LINK) in the first place. Thanks! Christian --- ChangeLog v3->v4: * Based on discussions with Eric and Jiri: disallow passing multiple network namespace identifying properties for all requests, i.e. always enforce uniqueness. * disable passing IFLA_NET_NS_{FD,PID} for RTM_{DEL,GET}LINK completely since they never supported it ChangeLog v2->v3: * Specifying target network namespaces with pids or fds seems racy since the process might die and the pid get recycled or the process does a setns() in which case the tests would be invalid. So only check whether multiple properties are specified and report a helpful error in this case. ChangeLog v1->v2: * return errno when the specified network namespace id is invalid * fill in struct netlink_ext_ack if the network namespace id is invalid * rename rtnl_ensure_unique_netns_attr() to rtnl_ensure_unique_netns() to indicate that a request without any network namespace identifying attributes is also considered valid. ChangeLog v0->v1: * report a descriptive error to userspace via struct netlink_ext_ack * do not fail when multiple properties specifiy the same network namespace --- Christian Brauner (1): rtnetlink: require unique netns identifier net/core/rtnetlink.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) -- 2.14.1