lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Mar 2019 12:16:42 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     netdev@...r.kernel.org
Cc:     davem@...emloft.net, harald.albrecht@....net, jasowang@...hat.com,
        brouer@...hat.com, edumazet@...gle.com, mst@...hat.com,
        nicolas.dichtel@...nd.com, wangli39@...du.com, ktkhai@...tuozzo.com
Subject: [PATCH 1/2] tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining
 real net ns of tun device

In commit f2780d6d7475 "tun: Add ioctl() SIOCGSKNS cmd to allow
obtaining net ns of tun device" it was missed that tun may change
its net ns, while net ns of socket remains the same as it was
created initially. SIOCGSKNS returns net ns of socket, so it is
not suitable for obtaining net ns of device.

We may have two tun devices with the same names in two net ns,
and in this case it's not possible to determ, which of them
fd refers to (TUNGETIFF will return the same name).

This patch adds new ioctl() cmd for obtaining net ns of a device.

Reported-by: Harald Albrecht <harald.albrecht@....net>
Signed-off-by: Kirill Tkhai <ktkhai@...tuozzo.com>
---
 drivers/net/tun.c           |    8 ++++++++
 include/uapi/linux/if_tun.h |    1 +
 2 files changed, 9 insertions(+)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index e9ca1c088d0b..b7137edff624 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -3103,6 +3103,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 
 	tun_debug(KERN_INFO, tun, "tun_chr_ioctl cmd %u\n", cmd);
 
+	net = dev_net(tun->dev);
 	ret = 0;
 	switch (cmd) {
 	case TUNGETIFF:
@@ -3328,6 +3329,13 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
 		ret = tun_net_change_carrier(tun->dev, (bool)carrier);
 		break;
 
+	case TUNGETDEVNETNS:
+		ret = -EPERM;
+		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+			goto unlock;
+		ret = open_related_ns(&net->ns, get_net_ns);
+		break;
+
 	default:
 		ret = -EINVAL;
 		break;
diff --git a/include/uapi/linux/if_tun.h b/include/uapi/linux/if_tun.h
index 23a6753b37df..454ae31b93c7 100644
--- a/include/uapi/linux/if_tun.h
+++ b/include/uapi/linux/if_tun.h
@@ -60,6 +60,7 @@
 #define TUNSETSTEERINGEBPF _IOR('T', 224, int)
 #define TUNSETFILTEREBPF _IOR('T', 225, int)
 #define TUNSETCARRIER _IOW('T', 226, int)
+#define TUNGETDEVNETNS _IO('T', 227)
 
 /* TUNSETIFF ifr flags */
 #define IFF_TUN		0x0001

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ