lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  6 Feb 2018 16:16:15 +0100
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     netdev@...r.kernel.org
Cc:     stephen@...workplumber.org,
        Christian Brauner <christian.brauner@...ntu.com>
Subject: [PATCH iproute2] ip netns: allow negative nsid

If the kernel receives a negative nsid it will automatically assign the
next available nsid. In this case alloc_netid() will set min and max to
0 for ird_alloc(). And when max == 0 idr_alloc() will interpret this as
the maxium range, i.e. specific to nsids it will try to find an id in
the range [0,INT_MAX). This is intentionally supported in the kernel for
nsids. Commit acbe9118ce8086f765ffb0da15f80c7c01a8903a regressed ip
netns in that respect although previously the use-case was either
accidentally supported or opaquely supported such that it triggered the
original commit. From what I can gather it went as follows before:
atoi() was called with a string indicating a negative value which caused
it to return -1 which was passed to the kernel. Let's make it less
opaque and use get_integer() and set to -1 when a negative nsid was
requested. This restores the old behavior.

Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
---
 ip/ipnetns.c        | 7 +++++--
 man/man8/ip-netns.8 | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index 059a4220..3d140cae 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -706,7 +706,7 @@ static int netns_set(int argc, char **argv)
 {
 	char netns_path[PATH_MAX];
 	const char *name;
-	unsigned int nsid;
+	int nsid;
 	int netns;
 
 	if (argc < 1) {
@@ -718,8 +718,11 @@ static int netns_set(int argc, char **argv)
 		return -1;
 	}
 	name = argv[0];
-	if (get_unsigned(&nsid, argv[1], 0))
+	if (get_integer(&nsid, argv[1], 0))
 		invarg("Invalid \"netnsid\" value\n", argv[1]);
+	/* If a negative nsid is specified the kernel will select the nsid. */
+	if (nsid < 0)
+		nsid = -1;
 
 	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
 	netns = open(netns_path, O_RDONLY | O_CLOEXEC);
diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8
index c5310e24..ecfb56f8 100644
--- a/man/man8/ip-netns.8
+++ b/man/man8/ip-netns.8
@@ -137,6 +137,7 @@ $ ip netns del net0
 .sp
 This command assigns a id to a peer network namespace. This id is valid
 only in the current network namespace.
+If the requested id is negative the kernel will pick an available positive id.
 This id will be used by the kernel in some netlink messages. If no id is
 assigned when the kernel needs it, it will be automatically assigned by
 the kernel.
-- 
2.14.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ