lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 21 Dec 2019 21:57:35 -0700
From:   David Ahern <>
To:     Jiri Pirko <>
Subject: Re: [patch net-next 0/4] net: allow per-net notifier to follow netdev
 into namespace

On 12/21/19 1:14 AM, Jiri Pirko wrote:
> Fri, Dec 20, 2019 at 07:30:22PM CET, wrote:
>> On 12/20/19 5:35 AM, Jiri Pirko wrote:
>>> However if netdev can change namespace, per-net notifier cannot be used.
>>> Introduce dev_net variant that is basically per-net notifier with an
>>> extension that re-registers the per-net notifier upon netdev namespace
>>> change. Basically the per-net notifier follows the netdev into
>>> namespace.
>> This is getting convoluted.
>> If the driver wants notifications in a new namespace, then it should
>> register for notifiers in the new namespace. The info for
>> NETDEV_UNREGISTER event could indicate the device is getting moved to a
>> new namespace and the driver register for notifications in the new
> Yes, I considered this option. However, that would lead to having a pair
> of notifier block struct for every registration and basically the same
> tracking code would be implemented in every driver.
> That is why i chose this implementation where there is still one
> notifier block structure and the core takes care of the tracking for
> all.

This design has core code only handling half of the problem - automatic
registration in new namespaces for a netdev but not dealing with drivers
receiving notifications in namespaces they no longer care about. If a
driver cares for granularity, it can deal with namespace changes on its
own. If that's too much, use the global registration.

Powered by blists - more mailing lists