lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Oct 2020 09:59:24 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: netdev@...r.kernel.org Cc: Sabrina Dubroca <sd@...asysnail.net>, Nicolas Dichtel <nicolas.dichtel@...nd.com>, Marek Lindner <mareklindner@...mailbox.ch>, Simon Wunderlich <sw@...onwunderlich.de>, Antonio Quartulli <a@...table.cc>, Sven Eckelmann <sven@...fation.org>, b.a.t.m.a.n@...ts.open-mesh.org, Roopa Prabhu <roopa@...dia.com>, Nikolay Aleksandrov <nikolay@...dia.com> Subject: [PATCH net 00/12] net: iflink and link-netnsid fixes In a lot of places, we use this kind of comparison to detect if a device has a lower link: dev->ifindex != dev_get_iflink(dev) This seems to be a leftover of the pre-netns days, when the ifindex was unique over the whole system. Nowadays, with network namespaces, it's very easy to create a device with the same ifindex as its lower link: ip netns add main ip netns add peer ip -net main link add dummy0 type dummy ip -net main link add link dummy0 macvlan0 netns peer type macvlan ip -net main link show type dummy 9: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop ... ip -net peer link show type macvlan 9: macvlan0@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop ... To detect if a device has a lower link, we can simply check the existence of the dev->netdev_ops->ndo_get_iflink operation, instead of checking its return value. In particular, I attempted to fix one of these checks in commit feadc4b6cf42 ("rtnetlink: always put IFLA_LINK for links with a link-netnsid"), but this patch isn't correct, since tunnel devices can export IFLA_LINK_NETNSID without IFLA_LINK. That patch needs to be reverted. This series will fix all those bogus comparisons, and export missing IFLA_LINK_NETNSID attributes in bridge and ipv6 dumps. ipvlan and geneve are also missing the get_link_net operation, so userspace can't know when those device are cross-netns. There are a couple of other device types that have an ndo_get_iflink op but no get_link_net (virt_wifi, ipoib), and should probably also have a get_link_net. Sabrina Dubroca (12): ipvlan: add get_link_net geneve: add get_link_net Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid" rtnetlink: always put IFLA_LINK for links with ndo_get_iflink bridge: always put IFLA_LINK for ports with ndo_get_iflink bridge: advertise IFLA_LINK_NETNSID when dumping bridge ports ipv6: always put IFLA_LINK for devices with ndo_get_iflink ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses net: link_watch: fix operstate when the link has the same index as the device net: link_watch: fix detection of urgent events batman-adv: fix iflink detection in batadv_is_on_batman_iface batman-adv: fix detection of lower link in batadv_get_real_netdevice drivers/net/can/vxcan.c | 2 +- drivers/net/geneve.c | 8 ++++++++ drivers/net/ipvlan/ipvlan_main.c | 9 +++++++++ drivers/net/veth.c | 2 +- include/net/rtnetlink.h | 4 ++++ net/batman-adv/hard-interface.c | 4 ++-- net/bridge/br_netlink.c | 4 +++- net/core/link_watch.c | 4 ++-- net/core/rtnetlink.c | 25 ++++++++++++------------- net/ipv6/addrconf.c | 11 ++++++++++- 10 files changed, 52 insertions(+), 21 deletions(-) -- 2.28.0
Powered by blists - more mailing lists