Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp158525ybx; Tue, 5 Nov 2019 21:41:26 -0800 (PST) X-Google-Smtp-Source: APXvYqzJOA+bxULOFkdOFHmeGB+E2QLr4sm7qMmHX5ImjWdQZYnUwHEZIm8M+85Zgdsm/SHSdae1 X-Received: by 2002:a50:9a85:: with SMTP id p5mr683296edb.223.1573018886130; Tue, 05 Nov 2019 21:41:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573018886; cv=none; d=google.com; s=arc-20160816; b=XDRN3GgwqrA1w2LsziXxY0V5Zr9s6neQZe4HsShtVHHmVok3CIOzPJuraMIRy5RbGu EiBOcxHee34RSSfp8zsBcqBY0ljdnjqdQF19+iPdkg8Ln2/WVxU2szqHdQitTg6tL5V2 Ax8yEvuq7ti05fHptZrmZKugqoTm7Oh6cwWHzb+FWtgXkHgfd8D+5Exh13iGO1nT/i9K C5uEktTrAuub7y0DuNwjA4Ij1xx0jz9hAaKOlwXwk58KfPraqL+9joDlGC1jvpoMECoY WVVBRtLiNybKQcdh0+nHBnGNP/Hl+NG/5qg3lJzY29I97r4bp1pWBYjv+7BfpERZ88+M iDpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1Y4vRgLCCst6/pB0O3I9R6t/HFVPS2O+ldq3N0SHJ6Q=; b=DXeFfffIg5bxzAyQPNamtFUhXltSfHaeKM4Mf8W0dAAAx644189kLoQoVyG5rF9szm ji0dS/TMCdK8VeuqQeSS016fSz951KH5GR5IwPv0k9vCFGct2P+ECl4L11zrSf59jvBH w+anF3o4nZV4XcbR7sn3OFkhfMmEGnq2qTD46sZf+9urgTAZXnw7DSYJS9jdV47yyiK8 lvJEBQ2jhBglbrIicAre0Hg+6gSvTWsSAdvDIr6+oAa16+KPI3fo+wrYSTkmzZo1acLb L4NIe9aZKgZ/kRj/2iQMQJ2jL34NAqnmzjgPvBcU5cR2+BVeglrbKjIYQtXe5vVo179J m/7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@norrbonn-se.20150623.gappssmtp.com header.s=20150623 header.b=MvHhyk6e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h11si12807166edf.93.2019.11.05.21.41.02; Tue, 05 Nov 2019 21:41:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@norrbonn-se.20150623.gappssmtp.com header.s=20150623 header.b=MvHhyk6e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730948AbfKFFjf (ORCPT + 99 others); Wed, 6 Nov 2019 00:39:35 -0500 Received: from mail-lf1-f67.google.com ([209.85.167.67]:34259 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726133AbfKFFje (ORCPT ); Wed, 6 Nov 2019 00:39:34 -0500 Received: by mail-lf1-f67.google.com with SMTP id f5so17021576lfp.1 for ; Tue, 05 Nov 2019 21:39:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=norrbonn-se.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1Y4vRgLCCst6/pB0O3I9R6t/HFVPS2O+ldq3N0SHJ6Q=; b=MvHhyk6etNd4IQPjPN9G/2nEmK3mt3BOu/DJZUm0GrdawOYoCxh3/N0JuF0bW5uFjm 1fxNyKOpkkrzhDeeLllwFJVnBGefFPJFZVZ5dluOlWpdM34bx5YB1adx3TOMc8Nn49QP w3ZQirN5VsP8YvNSuePCB0LtPEotaBJC+NEs/4A94mbwEkyAAhYKIgSG82UM9SMg1+/M p5YWgHmyQE3NQYe35aObj4T7Hri0jJ5zykwn6+OroLIElZ2IfwMtA75+Ne59Nz67Ne80 TzuVgzRtq7RA+aYxoFWgl1wgZ1UxTeyWuH/M/buUAg+B+FemTu5Ftnn9gZHELLZDSn3x DNiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1Y4vRgLCCst6/pB0O3I9R6t/HFVPS2O+ldq3N0SHJ6Q=; b=bFI6O/FjDxvDE/xJOc0izVSQZd2IYoNWzw8+XTSMddwbkphi//viIcIq5v2Cx2xgdH G98InDtFvCafCYGZPKFdrJbVUmuyjLWURraaqlBodz5MgLSPr6ijbsJIDAReFI6qtelN k1hTyb9GNkcG4DycotVW8X5zTfyDr7S/uxn4Qu6vGn1aKsnT1Oez94PpEDyVpAXQdbc6 /2E432x8pVZgdAVSUMACtNcpzga+nyZx4fmsILqSkX50CjxCy71qipu7dSjw/Vwyqjej FPCJJhoMF3auudt1YQkRbD8RAhsMXzS1eP0QqJzIxfX8KaeuzG0EpF8W9F2zvDyw23u1 ICIQ== X-Gm-Message-State: APjAAAVkGeRjdfgwWen7Hc4C9T1SDzDfhxwMwNE7fRF2CINbCpTfkMUb /gd5NSJPK26IAnmDJ71vhIEzxQ== X-Received: by 2002:a19:6a03:: with SMTP id u3mr21258664lfu.190.1573018772372; Tue, 05 Nov 2019 21:39:32 -0800 (PST) Received: from mimer.lan (h-137-65.A159.priv.bahnhof.se. [81.170.137.65]) by smtp.gmail.com with ESMTPSA id c22sm754737ljk.43.2019.11.05.21.39.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Nov 2019 21:39:31 -0800 (PST) From: Jonas Bonn To: nicolas.dichtel@6wind.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: davem@davemloft.net, Jonas Bonn Subject: [PATCH v2 3/5] rtnetlink: allow RTM_NEWLINK to act upon interfaces in arbitrary namespaces Date: Wed, 6 Nov 2019 06:39:21 +0100 Message-Id: <20191106053923.10414-4-jonas@norrbonn.se> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191106053923.10414-1-jonas@norrbonn.se> References: <20191106053923.10414-1-jonas@norrbonn.se> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org RTM_NEWLINK can be used mostly interchangeably with RTM_SETLINK for modifying device configuration. As such, this method requires the same logic as RTM_SETLINK for finding the device to act on. With this patch, the IFLA_TARGET_NETNSID selects the namespace in which to search for the interface to act upon. This allows, for example, to set the namespace of an interface outside the current namespace by selecting it with the (IFLA_TARGET_NETNSID,ifi->ifi_index) pair and specifying the namespace with one of IFLA_NET_NS_[PID|FD]. Since rtnl_newlink branches off into do_setlink, we need to provide the same backwards compatibility check as we do for RTM_SETLINK: if the device is not found in the namespace given by IFLA_TARGET_NETNSID then we search for it in the current namespace. If found there, it's namespace will be changed, as before. Signed-off-by: Jonas Bonn Acked-by: Nicolas Dichtel --- net/core/rtnetlink.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a6ec1b4ff7cd..3aba9e9d2c32 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -3019,6 +3019,7 @@ static int __rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, const struct rtnl_link_ops *m_ops = NULL; struct net_device *master_dev = NULL; struct net *net = sock_net(skb->sk); + struct net *tgt_net = NULL; const struct rtnl_link_ops *ops; struct nlattr *tb[IFLA_MAX + 1]; struct net *dest_net, *link_net; @@ -3047,6 +3048,15 @@ static int __rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, else ifname[0] = '\0'; + if (tb[IFLA_TARGET_NETNSID]) { + int32_t netnsid; + netnsid = nla_get_s32(tb[IFLA_TARGET_NETNSID]); + tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(skb).sk, netnsid); + if (IS_ERR(tgt_net)) + return PTR_ERR(tgt_net); + net = tgt_net; + } + ifm = nlmsg_data(nlh); if (ifm->ifi_index > 0) dev = __dev_get_by_index(net, ifm->ifi_index); @@ -3057,6 +3067,23 @@ static int __rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, dev = NULL; } + /* A hack to preserve kernel<->userspace interface. + * It was previously allowed to pass the IFLA_TARGET_NETNSID + * attribute as a way to _set_ the network namespace. In this + * case, the device interface was assumed to be in the _current_ + * namespace. + * If the device cannot be found in the target namespace then we + * assume that the request is to set the device in the current + * namespace and thus we attempt to find the device there. + */ + if (!dev && tgt_net) { + net = sock_net(skb->sk); + if (ifm->ifi_index > 0) + dev = __dev_get_by_index(net, ifm->ifi_index); + else if (tb[IFLA_IFNAME]) + dev = __dev_get_by_name(net, ifname); + } + if (dev) { master_dev = netdev_master_upper_dev_get(dev); if (master_dev) @@ -3251,6 +3278,8 @@ static int __rtnl_newlink(struct sk_buff *skb, struct nlmsghdr *nlh, goto out_unregister; } out: + if (tgt_net) + put_net(tgt_net); if (link_net) put_net(link_net); put_net(dest_net); -- 2.20.1