lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 06 May 2015 15:42:50 +0200
From:	Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:	Thomas Graf <tgraf@...g.ch>
CC:	netdev@...r.kernel.org, davem@...emloft.net, ebiederm@...ssion.com
Subject: Re: [PATCH net-next 6/6] netlink: allow to listen "all" netns

Le 06/05/2015 14:10, Thomas Graf a écrit :
> On 05/06/15 at 11:58am, Nicolas Dichtel wrote:
[snip]
>> +/* This function returns true is the peer netns has an id assigned into the
>> + * current netns.
>> + */
>> +bool peernet_has_id(struct net *net, struct net *peer)
>> +{
>> +	return peernet2id(net, peer) >= 0;
>> +}
>
> Missing export?
Only used by net/netlink/af_netlink.c, which cannot be compiled as a module.

>
>> +
>>   struct net *get_net_ns_by_id(struct net *net, int id)
>>   {
>>   	unsigned long flags;
>> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
>> index ec4adbdcb9b4..bdbde542e952 100644
>> --- a/net/netlink/af_netlink.c
>> +++ b/net/netlink/af_netlink.c
>> @@ -83,6 +83,7 @@ struct listeners {
>>   #define NETLINK_RECV_PKTINFO	0x2
>>   #define NETLINK_BROADCAST_SEND_ERROR	0x4
>>   #define NETLINK_RECV_NO_ENOBUFS	0x8
>> +#define NETLINK_LISTEN_ALL	0x10
>
> Maybe name this NETLINK_LISTEN_ALL_NSID just to make it clear?
Yes ... but it's also the name of the socket option (see include/uapi/linux
/netlink.h).
I can introduce a patch before this one to rename all these private flags from
NETLINK_FOO to NETLINK_F_FOO so that they will never overlap with netlink
socket options.

>
>> +		if (!file_ns_capable(sk->sk_socket->file, p->net->user_ns,
>> +				     CAP_NET_BROADCAST))
>> +			return;
>> +	}
>> +	NETLINK_CB(p->skb).net = p->net;
>
> Does this need a get_net()? The netns could disappear while the skb is
> queued, right?
>
You're right.

Thank you for your review.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists