tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'netns'

Nicolas Dichtel says:

====================
netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]

When one of these attributes is set, the netdevice is created into the netns
pointed by IFLA_NET_NS_[PID|FD] (see the call to rtnl_create_link() in
rtnl_newlink()). Let's call this netns the dest_net. After this creation, if the
newlink handler exists, it is called with a netns argument that points to the
netns where the netlink message has been received (called src_net in the code)
which is the link netns.
Hence, with one of these attributes, it's possible to create a x-netns
netdevice.

Here is the result of my code review:
- all ip tunnels (sit, ipip, ip6_tunnels, gre[tap][v6], ip_vti[6]) does not
really allows to use this feature: the netdevice is created in the dest_net
and the src_net is completely ignored in the newlink handler.
- VLAN properly handles this x-netns creation.
- bridge ignores src_net, which seems fine (NETIF_F_NETNS_LOCAL is set).
- CAIF subsystem is not clear for me (I don't know how it works), but it seems
to wrongly use src_net. Patch #1 tries to fix this, but it was done only by
code review (and only compile-tested), so please carefully review it. I may
miss something.
- HSR subsystem uses src_net to parse IFLA_HSR_SLAVE[1|2], but the netdevice has
the flag NETIF_F_NETNS_LOCAL, so the question is: does this netdevice really
supports x-netns? If not, the newlink handler should use the dest_net instead
of src_net, I can provide the patch.
- ieee802154 uses also src_net and does not have NETIF_F_NETNS_LOCAL. Same
question: does this netdevice really supports x-netns?
- bonding ignores src_net and flag NETIF_F_NETNS_LOCAL is set, ie x-netns is not
supported. Fine.
- CAN does not support rtnl/newlink, ok.
- ipvlan uses src_net and does not have NETIF_F_NETNS_LOCAL. After looking at
the code, it seems that this drivers support x-netns. Am I right?
- macvlan/macvtap uses src_net and seems to have x-netns support.
- team ignores src_net and has the flag NETIF_F_NETNS_LOCAL, ie x-netns is not
supported. Ok.
- veth uses src_net and have x-netns support ;-) Ok.
- VXLAN didn't properly handle this. The link netns (vxlan->net) is the src_net
and not dest_net (see patch #2). Note that it was already possible to create a
x-netns vxlan before the commit f01ec1c017de ("vxlan: add x-netns support")
but the nedevice remains broken.

To summarize:
- CAIF patch must be carefully reviewed
- for HSR, ieee802154, ipvlan: is x-netns supported?
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller d445d63b 9ce35779

+5 -7
-1
drivers/net/caif/caif_hsi.c
··· 1415 1415 1416 1416 cfhsi = netdev_priv(dev); 1417 1417 cfhsi_netlink_parms(data, cfhsi); 1418 - dev_net_set(cfhsi->ndev, src_net); 1419 1418 1420 1419 get_ops = symbol_get(cfhsi_get_ops); 1421 1420 if (!get_ops) {
+5 -5
drivers/net/vxlan.c
··· 2432 2432 dev_put(vxlan->dev); 2433 2433 } 2434 2434 2435 - static int vxlan_newlink(struct net *net, struct net_device *dev, 2435 + static int vxlan_newlink(struct net *src_net, struct net_device *dev, 2436 2436 struct nlattr *tb[], struct nlattr *data[]) 2437 2437 { 2438 - struct vxlan_net *vn = net_generic(net, vxlan_net_id); 2438 + struct vxlan_net *vn = net_generic(src_net, vxlan_net_id); 2439 2439 struct vxlan_dev *vxlan = netdev_priv(dev); 2440 2440 struct vxlan_rdst *dst = &vxlan->default_dst; 2441 2441 __u32 vni; ··· 2445 2445 if (!data[IFLA_VXLAN_ID]) 2446 2446 return -EINVAL; 2447 2447 2448 - vxlan->net = dev_net(dev); 2448 + vxlan->net = src_net; 2449 2449 2450 2450 vni = nla_get_u32(data[IFLA_VXLAN_ID]); 2451 2451 dst->remote_vni = vni; ··· 2481 2481 if (data[IFLA_VXLAN_LINK] && 2482 2482 (dst->remote_ifindex = nla_get_u32(data[IFLA_VXLAN_LINK]))) { 2483 2483 struct net_device *lowerdev 2484 - = __dev_get_by_index(net, dst->remote_ifindex); 2484 + = __dev_get_by_index(src_net, dst->remote_ifindex); 2485 2485 2486 2486 if (!lowerdev) { 2487 2487 pr_info("ifindex %d does not exist\n", dst->remote_ifindex); ··· 2557 2557 nla_get_u8(data[IFLA_VXLAN_UDP_ZERO_CSUM6_RX])) 2558 2558 vxlan->flags |= VXLAN_F_UDP_ZERO_CSUM6_RX; 2559 2559 2560 - if (vxlan_find_vni(net, vni, use_ipv6 ? AF_INET6 : AF_INET, 2560 + if (vxlan_find_vni(src_net, vni, use_ipv6 ? AF_INET6 : AF_INET, 2561 2561 vxlan->dst_port)) { 2562 2562 pr_info("duplicate VNI %u\n", vni); 2563 2563 return -EEXIST;
-1
net/caif/chnl_net.c
··· 470 470 ASSERT_RTNL(); 471 471 caifdev = netdev_priv(dev); 472 472 caif_netlink_parms(data, &caifdev->conn_req); 473 - dev_net_set(caifdev->netdev, src_net); 474 473 475 474 ret = register_netdevice(dev); 476 475 if (ret)