tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
[NET]: Make packet reception network namespace safe
This patch modifies every packet receive function
registered with dev_add_pack() to drop packets if they
are not from the initial network namespace.
This should ensure that the various network stacks do
not receive packets in a anything but the initial network
namespace until the code has been converted and is ready
for them.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Eric W. Biederman
and committed by
David S. Miller
e730c155
6d34b1c2
+113
+4
drivers/block/aoe/aoenet.c
+4
drivers/block/aoe/aoenet.c
···
8
8
#include <linux/blkdev.h>
9
9
#include <linux/netdevice.h>
10
10
#include <linux/moduleparam.h>
11
+
#include <net/net_namespace.h>
11
12
#include <asm/unaligned.h>
12
13
#include "aoe.h"
13
14
···
114
113
{
115
114
struct aoe_hdr *h;
116
115
u32 n;
116
+
117
+
if (ifp->nd_net != &init_net)
118
+
goto exit;
117
119
118
120
skb = skb_share_check(skb, GFP_ATOMIC);
119
121
if (skb == NULL)
+4
drivers/net/bonding/bond_3ad.c
+4
drivers/net/bonding/bond_3ad.c
···
29
29
#include <linux/ethtool.h>
30
30
#include <linux/if_bonding.h>
31
31
#include <linux/pkt_sched.h>
32
+
#include <net/net_namespace.h>
32
33
#include "bonding.h"
33
34
#include "bond_3ad.h"
34
35
···
2448
2447
struct bonding *bond = dev->priv;
2449
2448
struct slave *slave = NULL;
2450
2449
int ret = NET_RX_DROP;
2450
+
2451
+
if (dev->nd_net != &init_net)
2452
+
goto out;
2451
2453
2452
2454
if (!(dev->flags & IFF_MASTER))
2453
2455
goto out;
+3
drivers/net/bonding/bond_alb.c
+3
drivers/net/bonding/bond_alb.c
+3
drivers/net/bonding/bond_main.c
+3
drivers/net/bonding/bond_main.c
+3
drivers/net/hamradio/bpqether.c
+3
drivers/net/hamradio/bpqether.c
+6
drivers/net/pppoe.c
+6
drivers/net/pppoe.c
···
389
389
if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
390
390
goto out;
391
391
392
+
if (dev->nd_net != &init_net)
393
+
goto drop;
394
+
392
395
if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
393
396
goto drop;
394
397
···
420
417
{
421
418
struct pppoe_hdr *ph;
422
419
struct pppox_sock *po;
420
+
421
+
if (dev->nd_net != &init_net)
422
+
goto abort;
423
423
424
424
if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
425
425
goto abort;
+7
drivers/net/wan/hdlc.c
+7
drivers/net/wan/hdlc.c
···
36
36
#include <linux/rtnetlink.h>
37
37
#include <linux/notifier.h>
38
38
#include <linux/hdlc.h>
39
+
#include <net/net_namespace.h>
39
40
40
41
41
42
static const char* version = "HDLC support module revision 1.21";
···
67
66
struct packet_type *p, struct net_device *orig_dev)
68
67
{
69
68
struct hdlc_device_desc *desc = dev_to_desc(dev);
69
+
70
+
if (dev->nd_net != &init_net) {
71
+
kfree_skb(skb);
72
+
return 0;
73
+
}
74
+
70
75
if (desc->netif_rx)
71
76
return desc->netif_rx(skb);
72
77
+3
drivers/net/wan/lapbether.c
+3
drivers/net/wan/lapbether.c
+6
drivers/net/wan/syncppp.c
+6
drivers/net/wan/syncppp.c
···
51
51
#include <linux/spinlock.h>
52
52
#include <linux/rcupdate.h>
53
53
54
+
#include <net/net_namespace.h>
54
55
#include <net/syncppp.h>
55
56
56
57
#include <asm/byteorder.h>
···
1446
1445
1447
1446
static int sppp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *p, struct net_device *orig_dev)
1448
1447
{
1448
+
if (dev->nd_net != &init_net) {
1449
+
kfree_skb(skb);
1450
+
return 0;
1451
+
}
1452
+
1449
1453
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
1450
1454
return NET_RX_DROP;
1451
1455
sppp_input(dev,skb);
+5
net/8021q/vlan_dev.c
+5
net/8021q/vlan_dev.c
+3
net/appletalk/aarp.c
+3
net/appletalk/aarp.c
+6
net/appletalk/ddp.c
+6
net/appletalk/ddp.c
···
1403
1403
int origlen;
1404
1404
__u16 len_hops;
1405
1405
1406
+
if (dev->nd_net != &init_net)
1407
+
goto freeit;
1408
+
1406
1409
/* Don't mangle buffer if shared */
1407
1410
if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
1408
1411
goto out;
···
1491
1488
static int ltalk_rcv(struct sk_buff *skb, struct net_device *dev,
1492
1489
struct packet_type *pt, struct net_device *orig_dev)
1493
1490
{
1491
+
if (dev->nd_net != &init_net)
1492
+
goto freeit;
1493
+
1494
1494
/* Expand any short form frames */
1495
1495
if (skb_mac_header(skb)[2] == 1) {
1496
1496
struct ddpehdr *ddp;
+5
net/ax25/ax25_in.c
+5
net/ax25/ax25_in.c
···
451
451
skb->sk = NULL; /* Initially we don't know who it's for */
452
452
skb->destructor = NULL; /* Who initializes this, dammit?! */
453
453
454
+
if (dev->nd_net != &init_net) {
455
+
kfree_skb(skb);
456
+
return 0;
457
+
}
458
+
454
459
if ((*skb->data & 0x0F) != 0) {
455
460
kfree_skb(skb); /* Not a KISS data frame */
456
461
return 0;
+4
net/bridge/br_stp_bpdu.c
+4
net/bridge/br_stp_bpdu.c
···
17
17
#include <linux/netfilter_bridge.h>
18
18
#include <linux/etherdevice.h>
19
19
#include <linux/llc.h>
20
+
#include <net/net_namespace.h>
20
21
#include <net/llc.h>
21
22
#include <net/llc_pdu.h>
22
23
#include <asm/unaligned.h>
···
141
140
struct net_bridge_port *p = rcu_dereference(dev->br_port);
142
141
struct net_bridge *br;
143
142
const unsigned char *buf;
143
+
144
+
if (dev->nd_net != &init_net)
145
+
goto err;
144
146
145
147
if (!p)
146
148
goto err;
+3
net/decnet/dn_route.c
+3
net/decnet/dn_route.c
+3
net/econet/af_econet.c
+3
net/econet/af_econet.c
+3
net/ipv4/arp.c
+3
net/ipv4/arp.c
+3
net/ipv4/ip_input.c
+3
net/ipv4/ip_input.c
+6
net/ipv4/ipconfig.c
+6
net/ipv4/ipconfig.c
···
426
426
unsigned char *sha, *tha; /* s for "source", t for "target" */
427
427
struct ic_device *d;
428
428
429
+
if (dev->nd_net != &init_net)
430
+
goto drop;
431
+
429
432
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
430
433
return NET_RX_DROP;
431
434
···
837
834
struct iphdr *h;
838
835
struct ic_device *d;
839
836
int len, ext_len;
837
+
838
+
if (dev->nd_net != &init_net)
839
+
goto drop;
840
840
841
841
/* Perform verifications before taking the lock. */
842
842
if (skb->pkt_type == PACKET_OTHERHOST)
+5
net/ipv6/ip6_input.c
+5
net/ipv6/ip6_input.c
+3
net/ipx/af_ipx.c
+3
net/ipx/af_ipx.c
+3
net/irda/irlap_frame.c
+3
net/irda/irlap_frame.c
+4
net/llc/llc_input.c
+4
net/llc/llc_input.c
···
12
12
* See the GNU General Public License for more details.
13
13
*/
14
14
#include <linux/netdevice.h>
15
+
#include <net/net_namespace.h>
15
16
#include <net/llc.h>
16
17
#include <net/llc_pdu.h>
17
18
#include <net/llc_sap.h>
···
145
144
int dest;
146
145
int (*rcv)(struct sk_buff *, struct net_device *,
147
146
struct packet_type *, struct net_device *);
147
+
148
+
if (dev->nd_net != &init_net)
149
+
goto drop;
148
150
149
151
/*
150
152
* When the interface is in promisc. mode, drop all the crap that it
+9
net/packet/af_packet.c
+9
net/packet/af_packet.c
···
252
252
struct sock *sk;
253
253
struct sockaddr_pkt *spkt;
254
254
255
+
if (dev->nd_net != &init_net)
256
+
goto out;
257
+
255
258
/*
256
259
* When we registered the protocol we saved the socket in the data
257
260
* field for just this event.
···
455
452
int skb_len = skb->len;
456
453
unsigned int snaplen, res;
457
454
455
+
if (dev->nd_net != &init_net)
456
+
goto drop;
457
+
458
458
if (skb->pkt_type == PACKET_LOOPBACK)
459
459
goto drop;
460
460
···
573
567
unsigned short macoff, netoff;
574
568
struct sk_buff *copy_skb = NULL;
575
569
struct timeval tv;
570
+
571
+
if (dev->nd_net != &init_net)
572
+
goto drop;
576
573
577
574
if (skb->pkt_type == PACKET_LOOPBACK)
578
575
goto drop;
+6
net/tipc/eth_media.c
+6
net/tipc/eth_media.c
···
38
38
#include <net/tipc/tipc_bearer.h>
39
39
#include <net/tipc/tipc_msg.h>
40
40
#include <linux/netdevice.h>
41
+
#include <net/net_namespace.h>
41
42
42
43
#define MAX_ETH_BEARERS 2
43
44
#define ETH_LINK_PRIORITY TIPC_DEF_LINK_PRI
···
100
99
{
101
100
struct eth_bearer *eb_ptr = (struct eth_bearer *)pt->af_packet_priv;
102
101
u32 size;
102
+
103
+
if (dev->nd_net != &init_net) {
104
+
kfree_skb(buf);
105
+
return 0;
106
+
}
103
107
104
108
if (likely(eb_ptr->bearer)) {
105
109
if (likely(buf->pkt_type <= PACKET_BROADCAST)) {