Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1632108yba; Sat, 27 Apr 2019 03:49:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqzolTKkv2i725E6xswu44Agr4CysMho7iZn9VqyrM+aFWmeZ3sXhapd92pS3WOov1aY6pP7 X-Received: by 2002:a62:ee17:: with SMTP id e23mr52371012pfi.80.1556362184063; Sat, 27 Apr 2019 03:49:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556362184; cv=none; d=google.com; s=arc-20160816; b=JqVAsZzjvNCSatXWY0tqatDdwxJD4lTEPUQ8aKtpRrGkitCouvAXomezPfKuV1M0u8 h+h4Onsx+DFYfld+49C4FYPM/cG8r/LRr+16DEeft7g8q2V9/whjhLMaeeUUG89eUz8e wHk1W4+MaAeGTug36Hiy17MAxzmCyAix2ltf3DRB+T5HWiIznD2892QM/0eRYb8PZZK2 oMLmfQrWD0bkUdsh/MJGlyAoUPgIcm30kJV3vA59ekGZTlWkumkzje6REcSBckS6pinq zHbKl6QcgC5OGHQi8BMqfoRzptnWIXDJvcB6yvm18bnnyI/w9eG9iop23yZm36kGkDYq O3kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=++lyK0/Przr4xnl8qGUSG2Yro7NLg7scLarfR5uNBzI=; b=mDe2aAqGAB0DXE0GOriMpnOm9e0Fy1GMvmNUlvts/Mkgr6Y/GvseRdKdWj7g/Rm6ax Z/+sW2U3LA5i0OovrbdJbt2avGAYQpeha08t/MlIrL2JW+DAN0VYba7wbrZLLqwviwIb L5RxTsJLU9Jr7KG+wkR9VV0DiWEET0gb5VJS/Ls4b/U5GwgYGH6yd/9tf0a9qRgkgssf 0AibU2Y/C2KLEtcn31AuLIgp0tdU4HHSgBOpyxl/Sll5U33AhB6TkVMP1my/d0Vk2fEJ g6rziAkzJbQoHYVdlUi6mi3CuGzGo/S8yataiuaoEbm3ZDJJuoviEs+mKSfK2UJlk98R olKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=TIMNqvAx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w22si26912535pgj.174.2019.04.27.03.49.28; Sat, 27 Apr 2019 03:49:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=TIMNqvAx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726209AbfD0Ksh (ORCPT + 99 others); Sat, 27 Apr 2019 06:48:37 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:46447 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725929AbfD0Ksg (ORCPT ); Sat, 27 Apr 2019 06:48:36 -0400 Received: by mail-ot1-f66.google.com with SMTP id s24so4776999otk.13 for ; Sat, 27 Apr 2019 03:48:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=++lyK0/Przr4xnl8qGUSG2Yro7NLg7scLarfR5uNBzI=; b=TIMNqvAxeGkJ99uzPJLiugrlM6P6HgYUKE9pbhj0Imnf0AMj22kGUQvNUozJiZ7LyC fNN9WQIBeLQtbYGeOGissBVOCkhHCVCmSX6/XOATF3BlZwpOf54yYwCBEg6XCZ7ELoLo 8/XyUSH/P1a9ErNAlCpUXtmOPruEOq6UE8KfE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=++lyK0/Przr4xnl8qGUSG2Yro7NLg7scLarfR5uNBzI=; b=qRyRovxlRU0vubhPFtyeJpCRCLOjWaRRqRrASnMXtbk9vTcpWYwW5mFGDSHJgQbzq5 hwHXHWUlGlMK7NKDDlP6mK0+lITxYV+v+Xd0+4GkcYZMhYXoobL1/7EGZsNdjPn3hjzK V8iPz2anUBE7jQAEslpboHxk61USTjz9BqMqz4LYQaZ9BG2/aWPkpsZbrnzlLiWv4RBn MxPWCwFpdBun1UsDHFccFJlxusaQskxYW9FLwaIIHDtw6XnMmxAB2tkUUYrzNzmUeUYW uCt6HOwvsA7qFsUk24PTPbcjuDWdRMmiam6TnqAsjwUHzsIo40P/aFfUtU0qnJLEvLXj XLQQ== X-Gm-Message-State: APjAAAUpRDilKWg2iiNC/U2x5osrahiWyBRFUxj7yfmt5DUoIrV6EyFo Z+aTuWgoFWqNU84FL5t9s9HY/B1zMSsNLnR6jJremA== X-Received: by 2002:a9d:4d91:: with SMTP id u17mr26660488otk.356.1556362115983; Sat, 27 Apr 2019 03:48:35 -0700 (PDT) MIME-Version: 1.0 References: <20190426154848.23490-1-alban@kinvolk.io> <20190426140323.4edf1127@cakuba.netronome.com> In-Reply-To: <20190426140323.4edf1127@cakuba.netronome.com> From: Alban Crequy Date: Sat, 27 Apr 2019 12:48:25 +0200 Message-ID: Subject: Re: [PATCH bpf-next v3 1/4] bpf: sock ops: add netns ino and dev in bpf context To: Jakub Kicinski Cc: Alban Crequy , John Fastabend , Alexei Starovoitov , Daniel Borkmann , bpf , netdev , LKML , =?UTF-8?Q?Iago_L=C3=B3pez_Galeiras?= Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 26, 2019 at 11:03 PM Jakub Kicinski wrote: > > On Fri, 26 Apr 2019 17:48:45 +0200, Alban Crequy wrote: > > In the unlikely case where network namespaces are not compiled in > > (CONFIG_NET_NS=n), the verifier will not allow access to ->netns_*. > > Naive question - why return an error? init_net should always be there, > no? True for netns_dev. However, without CONFIG_NET_NS, we cannot access netns_ino: (struct sock_common).possible_net_t.(struct net *): typedef struct { #ifdef CONFIG_NET_NS struct net *net; #endif } possible_net_t; And I don't think it would make much sense to allow access to netns_dev but not netns_ino.