From patchwork Wed Jan 24 14:26:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 865378 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="an7/VJ0e"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zRSF66KKtz9ryr for ; Thu, 25 Jan 2018 01:27:54 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934090AbeAXO1n (ORCPT ); Wed, 24 Jan 2018 09:27:43 -0500 Received: from mail-wr0-f195.google.com ([209.85.128.195]:34556 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933941AbeAXO0t (ORCPT ); Wed, 24 Jan 2018 09:26:49 -0500 Received: by mail-wr0-f195.google.com with SMTP id 36so4253893wrh.1; Wed, 24 Jan 2018 06:26:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BhfEN5Mf5UuKQhZVxyUjz4oYnK3BHOwfV4rSRL212T4=; b=an7/VJ0e4WPe1/DuWfNZlknha1Ggw2nM2WifFGtYDfZJ2BAsXGJ++gZQJmDS2RRoN6 Akb0oRN/OgQEAb6KzzUmMzCSxJJH34vqMmJAWg/3rx8j7tUYNSzYcxd5jxSibxiHDRX8 tiXE+/Flyh8U6eDKL+TJh7Zh4fFK4ZGrejvZKV4doPKv5vejAWahcq8lPSR5kKybR2go sCEykSmIZwJoQQ5n5JJy+9stqJY12feUUX4g749ZhV+8TSv9xellFcD4n6e2oDwZD2FQ ptCdWjTsNQcrqykoD7kwWttB99Uxx8LISTm1n/0yTwMYAGzY85uWlT7UlEh0Ts0ZCIF7 l6Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BhfEN5Mf5UuKQhZVxyUjz4oYnK3BHOwfV4rSRL212T4=; b=CC0H/GbUjSjDRJNFHme3Dwg6B1vm/H0eEDx4XisKButFz9DdSeka9/qv1+lDrHN8TO 8ZOe95m4Ykd9fEQPJEm7dK2xlmZN8MS320jUE9fiVy0f4QCk36nU4DlFklsJHKwWpp0E 7B9TZ472+Zuh89yzQs2UxTfe4CtfEe0655zGwyCgSZ0yXPKJavzm7Wf+J9LeeMG1wKqZ ig7u3rc8H5snrAgUJh93P0Tbldg2Shwsst5x3NRFTUsTtytNeTOgKorJ+aaQVMX7mD/S RR9oULx6czHU17ehw6NRPLngzprQ9UrfO5I40TMYUbnlg0N840kZofkBOnlt64e5mBwr +wuA== X-Gm-Message-State: AKwxytcQCdbGU/j84IZXea70PSIYbKHj50G9P+PgwScMMXZxvCydHYfu ByAB5Y8MLQU0MbeDEza7KgbSfSceI48= X-Google-Smtp-Source: AH8x225V4F4dB2n2N7HWfTnChRaaP5sJ6BZkNRW7sJ4AIJEmG5QESBr5iyHzSHo8054HfPK8EA7w4Q== X-Received: by 10.223.177.196 with SMTP id r4mr5443176wra.244.1516804007856; Wed, 24 Jan 2018 06:26:47 -0800 (PST) Received: from localhost.localdomain (eap108107.extern.uni-tuebingen.de. [134.2.108.107]) by smtp.gmail.com with ESMTPSA id q48sm3992178wrb.31.2018.01.24.06.26.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jan 2018 06:26:47 -0800 (PST) From: Christian Brauner X-Google-Original-From: Christian Brauner To: netdev@vger.kernel.org Cc: ebiederm@xmission.com, davem@davemloft.net, dsahern@gmail.com, fw@strlen.de, daniel@iogearbox.net, lucien.xin@gmail.com, mschiffer@universe-factory.net, jakub.kicinski@netronome.com, vyasevich@gmail.com, linux-kernel@vger.kernel.org, jbenc@redhat.com, w.bumiller@proxmox.com, nicolas.dichtel@6wind.com, Christian Brauner Subject: [PATCH net-next 1/3 V1] rtnetlink: enable IFLA_IF_NETNSID in do_setlink() Date: Wed, 24 Jan 2018 15:26:32 +0100 Message-Id: <20180124142634.17766-2-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180124142634.17766-1-christian.brauner@ubuntu.com> References: <20180124142634.17766-1-christian.brauner@ubuntu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org RTM_{NEW,SET}LINK already allow operations on other network namespaces by identifying the target network namespace through IFLA_NET_NS_{FD,PID} properties. This is done by looking for the corresponding properties in do_setlink(). Extend do_setlink() to also look for the IFLA_IF_NETNSID property. This introduces no functional changes since all callers of do_setlink() currently block IFLA_IF_NETNSID by reporting an error before they reach do_setlink(). This introduces the helpers: static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net, struct nlattr *tb[]) static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb, struct net *src_net, struct nlattr *tb[], int cap) to simplify permission checks and target network namespace retrieval for RTM_* requests that already support IFLA_NET_NS_{FD,PID} but get extended to IFLA_IF_NETNSID. To perserve backwards compatibility the helpers look for IFLA_NET_NS_{FD,PID} properties first before checking for IFLA_IF_NETNSID. Signed-off-by: Christian Brauner --- net/core/rtnetlink.c | 54 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 47 insertions(+), 7 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 16d644a4f974..54134187485b 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -1893,6 +1893,49 @@ struct net *rtnl_link_get_net(struct net *src_net, struct nlattr *tb[]) } EXPORT_SYMBOL(rtnl_link_get_net); +/* Figure out which network namespace we are talking about by + * examining the link attributes in the following order: + * + * 1. IFLA_NET_NS_PID + * 2. IFLA_NET_NS_FD + * 3. IFLA_IF_NETNSID + */ +static struct net *rtnl_link_get_net_by_nlattr(struct net *src_net, + struct nlattr *tb[]) +{ + struct net *net; + + if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]) + return rtnl_link_get_net(src_net, tb); + + if (!tb[IFLA_IF_NETNSID]) + return get_net(src_net); + + net = get_net_ns_by_id(src_net, nla_get_u32(tb[IFLA_IF_NETNSID])); + if (!net) + return ERR_PTR(-EINVAL); + + return net; +} + +static struct net *rtnl_link_get_net_capable(const struct sk_buff *skb, + struct net *src_net, + struct nlattr *tb[], int cap) +{ + struct net *net; + + net = rtnl_link_get_net_by_nlattr(src_net, tb); + if (IS_ERR(net)) + return net; + + if (!netlink_ns_capable(skb, net->user_ns, cap)) { + put_net(net); + return ERR_PTR(-EPERM); + } + + return net; +} + static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[]) { if (dev) { @@ -2155,17 +2198,14 @@ static int do_setlink(const struct sk_buff *skb, const struct net_device_ops *ops = dev->netdev_ops; int err; - if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD]) { - struct net *net = rtnl_link_get_net(dev_net(dev), tb); + if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD] || tb[IFLA_IF_NETNSID]) { + struct net *net = rtnl_link_get_net_capable(skb, dev_net(dev), + tb, CAP_NET_ADMIN); if (IS_ERR(net)) { err = PTR_ERR(net); goto errout; } - if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) { - put_net(net); - err = -EPERM; - goto errout; - } + err = dev_change_net_namespace(dev, net, ifname); put_net(net); if (err) From patchwork Wed Jan 24 14:26:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 865376 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RkFe4a5V"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zRSDh3m8Bz9ryr for ; Thu, 25 Jan 2018 01:27:32 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934025AbeAXO1T (ORCPT ); Wed, 24 Jan 2018 09:27:19 -0500 Received: from mail-wr0-f193.google.com ([209.85.128.193]:42046 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933993AbeAXO0u (ORCPT ); Wed, 24 Jan 2018 09:26:50 -0500 Received: by mail-wr0-f193.google.com with SMTP id e41so4223435wre.9; Wed, 24 Jan 2018 06:26:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HE4ld6KWGCwbmbk6QGEYzaTdNr4uQ8XLtHpFMGiCRY0=; b=RkFe4a5V3U8fpCjYwXMxZ+3YrxLssPsW6elW4H1tW5cOK5TovTb4aJR9lnjWr681FI PZZ4fkRgc80tlEoSCELJkW8fpmSisb4UCH4rit5QfXwdP5+IlyrhvRO38c3fQBjGGQv8 qOBDJmo7gwv4syeOw1Rn4IZ4fKukPRFxJEzK+py6nFzW3lo3+/nCVABzvtCk1xXVu4BX 6kMBc7n6ZMorQRAOvAtqVeT9ntqVUcOfoMvrhQCSpkJ4jw/g2aAz3Uf8zbdU262pMFVg prB5GAOKi7Bx5XPcol0uVPlqveWGym47J51n3rTDEQD5Glvvu7aJGAQWea169mdNTEqf JdKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HE4ld6KWGCwbmbk6QGEYzaTdNr4uQ8XLtHpFMGiCRY0=; b=efaBBo2HldyGc4/E6Daiwj1JvP/AXkOn7kvH44JbBuAavGkojxZiJv1zOzrAc1Oyrr LrWc6Hg1XOXVusWl7wEWZi9QJmeojoYKs3rEyTQy29EfzV5R65cxJyyFCoILdaP5YYcA 4LkITChqZQ5MtGTm22/1/2F/JOq1Jn9zXBGdHAg7s8nnU18XP4MpJMmd6TYj+d1SODOF brKF1mTYrSVDQOJvCv+nAxdUQFTl79dnZ0OP5LxQAhdo0sO+4naqVS3DJfDKxtXnofaO 0AThLHbsNKM36iBOI9ZCm4DCozLNSJ/+qCUawQl8nkedysromC0W8A5nEIDYQ7jC09jU EhHw== X-Gm-Message-State: AKwxytcoQaTUzsdAmIW7WXkHV2IrKCRkf3Qpc/CkFBUEaKXSlKh5sZQk AfSE4wXzBzkcZHOtD/4nDq7w1jbSTIo= X-Google-Smtp-Source: AH8x225vcpsYNhodkbrNmokTSDXkWzJcknQaq9alm6vLOtyluL7BVeih00o/dSwVSLjs1/tcAj7VZw== X-Received: by 10.223.185.42 with SMTP id k39mr5259536wrf.245.1516804008793; Wed, 24 Jan 2018 06:26:48 -0800 (PST) Received: from localhost.localdomain (eap108107.extern.uni-tuebingen.de. [134.2.108.107]) by smtp.gmail.com with ESMTPSA id q48sm3992178wrb.31.2018.01.24.06.26.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jan 2018 06:26:48 -0800 (PST) From: Christian Brauner X-Google-Original-From: Christian Brauner To: netdev@vger.kernel.org Cc: ebiederm@xmission.com, davem@davemloft.net, dsahern@gmail.com, fw@strlen.de, daniel@iogearbox.net, lucien.xin@gmail.com, mschiffer@universe-factory.net, jakub.kicinski@netronome.com, vyasevich@gmail.com, linux-kernel@vger.kernel.org, jbenc@redhat.com, w.bumiller@proxmox.com, nicolas.dichtel@6wind.com, Christian Brauner Subject: [PATCH net-next 2/3 V1] rtnetlink: enable IFLA_IF_NETNSID for RTM_SETLINK Date: Wed, 24 Jan 2018 15:26:33 +0100 Message-Id: <20180124142634.17766-3-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180124142634.17766-1-christian.brauner@ubuntu.com> References: <20180124142634.17766-1-christian.brauner@ubuntu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org - Backwards Compatibility: If userspace wants to determine whether RTM_SETLINK supports the IFLA_IF_NETNSID property they should first send an RTM_GETLINK request with IFLA_IF_NETNSID on lo. If either EACCESS is returned or the reply does not include IFLA_IF_NETNSID userspace should assume that IFLA_IF_NETNSID is not supported on this kernel. If the reply does contain an IFLA_IF_NETNSID property userspace can send an RTM_SETLINK with a IFLA_IF_NETNSID property. If they receive EOPNOTSUPP then the kernel does not support the IFLA_IF_NETNSID property with RTM_SETLINK. Userpace should then fallback to other means. To retain backwards compatibility the kernel will first check whether a IFLA_NET_NS_PID or IFLA_NET_NS_FD property has been passed. If either one is found it will be used to identify the target network namespace. This implies that users who do not care whether their running kernel supports IFLA_IF_NETNSID with RTM_SETLINK can pass both IFLA_NET_NS_{FD,PID} and IFLA_IF_NETNSID referring to the same network namespace. - Security: Callers must have CAP_NET_ADMIN in the owning user namespace of the target network namespace. Signed-off-by: Christian Brauner --- net/core/rtnetlink.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 54134187485b..a4d4409685e3 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2546,9 +2546,6 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, if (err < 0) goto errout; - if (tb[IFLA_IF_NETNSID]) - return -EOPNOTSUPP; - if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); else From patchwork Wed Jan 24 14:26:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 865375 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="VXXt0Pcb"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zRSD35CYLz9s82 for ; Thu, 25 Jan 2018 01:26:59 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934073AbeAXO0y (ORCPT ); Wed, 24 Jan 2018 09:26:54 -0500 Received: from mail-wm0-f66.google.com ([74.125.82.66]:45995 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934021AbeAXO0v (ORCPT ); Wed, 24 Jan 2018 09:26:51 -0500 Received: by mail-wm0-f66.google.com with SMTP id i186so8786952wmi.4; Wed, 24 Jan 2018 06:26:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=stKKXRLxc6vvp7u3c8PKelpubIxkifEEFUK5bGFb6uw=; b=VXXt0PcbwZ4TuArLr6u0fB2PWDATT/vXzApnRYHxEPVO9suN9Et/46e1zfJBe6eeJM S7cr9SLr1WEcmoNWfF4v/s+co7sInPq3EcEkU9uHfn11E7An25eSl3+m3MnpoTxNefP2 ne7R5AWfRQSQAt1ARyO8k6UJj0SXfZrItpEVf+fbwzn84i5agEg1oqdikukdCmdIcihI RDt9iKVdVT6ueVkU3vLarGUu/dD4Agp4oAyKSkCCNWCepMBhDYVrr8o3eQInJAD6xWE4 Pa7VvVb7bKephcib4i3nUXDvGsnabsPLy5tWxHjDtbJ3f/LtTCZ4BOLwkQkPuSSzITY4 z69g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=stKKXRLxc6vvp7u3c8PKelpubIxkifEEFUK5bGFb6uw=; b=Qi42rSJihPK3TxQwuAy6Ef+308LinCmdZbob1TbnYKhDxKNTxW4/dg7Roeul2sE4LL lgj6GcgfS77hXNk8qllYCaqHUASAAYBVSg6591sG/GuVd3bkMrLhU3JCijm83aiJnAOQ ALj7x1ZoUNmX97MYnIgNk21rS5rmq1yvulKHyLEyGhgxkGYWTZPPUvMK/nOvsObHJrkT Z9AQkCAmqsk2NvotvJqJ3wy5ECUycVX6lbLz+qwKptgCxBokHqRi6OS5TL+7fFjGQcYw 3DgsMuf84tj9N5pFjQyMVNh27RazmJvXtwNV1+UQggLiMQY5fqNsBAr0aZEi2gstBbZT P7eQ== X-Gm-Message-State: AKwxytdm5kO7TLjKjnA/hjYgcC67XKSGuVO6KiacxHBiUmAgkN9M7AV5 +XyWdoFot4bQdNBPJad9VPZQat7H15k= X-Google-Smtp-Source: AH8x226yoFv9zhORAQdG8iiTuJPW6Dipir2q4eJbcQNbKPlTNwDg3IFlCcIGVb5enGpSNkFYvNMSUw== X-Received: by 10.28.191.19 with SMTP id p19mr4677551wmf.142.1516804009666; Wed, 24 Jan 2018 06:26:49 -0800 (PST) Received: from localhost.localdomain (eap108107.extern.uni-tuebingen.de. [134.2.108.107]) by smtp.gmail.com with ESMTPSA id q48sm3992178wrb.31.2018.01.24.06.26.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jan 2018 06:26:49 -0800 (PST) From: Christian Brauner X-Google-Original-From: Christian Brauner To: netdev@vger.kernel.org Cc: ebiederm@xmission.com, davem@davemloft.net, dsahern@gmail.com, fw@strlen.de, daniel@iogearbox.net, lucien.xin@gmail.com, mschiffer@universe-factory.net, jakub.kicinski@netronome.com, vyasevich@gmail.com, linux-kernel@vger.kernel.org, jbenc@redhat.com, w.bumiller@proxmox.com, nicolas.dichtel@6wind.com, Christian Brauner Subject: [PATCH net-next 3/3 V1] rtnetlink: enable IFLA_IF_NETNSID for RTM_DELLINK Date: Wed, 24 Jan 2018 15:26:34 +0100 Message-Id: <20180124142634.17766-4-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180124142634.17766-1-christian.brauner@ubuntu.com> References: <20180124142634.17766-1-christian.brauner@ubuntu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org - Backwards Compatibility: If userspace wants to determine whether RTM_DELLINK supports the IFLA_IF_NETNSID property they should first send an RTM_GETLINK request with IFLA_IF_NETNSID on lo. If either EACCESS is returned or the reply does not include IFLA_IF_NETNSID userspace should assume that IFLA_IF_NETNSID is not supported on this kernel. If the reply does contain an IFLA_IF_NETNSID property userspace can send an RTM_DELLINK with a IFLA_IF_NETNSID property. If they receive EOPNOTSUPP then the kernel does not support the IFLA_IF_NETNSID property with RTM_DELLINK. Userpace should then fallback to other means. - Security: Callers must have CAP_NET_ADMIN in the owning user namespace of the target network namespace. Signed-off-by: Christian Brauner --- Changelog 2018-01-24: * Preserve old behavior and report -ENODEV when either ifindex or ifname is provided and IFLA_GROUP is set. Spotted by Wolfgang Bumiller. --- net/core/rtnetlink.c | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a4d4409685e3..fdb9e8777abb 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2630,36 +2630,53 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { struct net *net = sock_net(skb->sk); - struct net_device *dev; + struct net *tgt_net = net; + struct net_device *dev = NULL; struct ifinfomsg *ifm; char ifname[IFNAMSIZ]; struct nlattr *tb[IFLA_MAX+1]; int err; + int netnsid = -1; err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFLA_MAX, ifla_policy, extack); if (err < 0) return err; - if (tb[IFLA_IF_NETNSID]) - return -EOPNOTSUPP; - if (tb[IFLA_IFNAME]) nla_strlcpy(ifname, tb[IFLA_IFNAME], IFNAMSIZ); + if (tb[IFLA_IF_NETNSID]) { + netnsid = nla_get_s32(tb[IFLA_IF_NETNSID]); + tgt_net = get_target_net(NETLINK_CB(skb).sk, netnsid); + if (IS_ERR(tgt_net)) + return PTR_ERR(tgt_net); + } + + err = -EINVAL; ifm = nlmsg_data(nlh); if (ifm->ifi_index > 0) - dev = __dev_get_by_index(net, ifm->ifi_index); + dev = __dev_get_by_index(tgt_net, ifm->ifi_index); else if (tb[IFLA_IFNAME]) - dev = __dev_get_by_name(net, ifname); + dev = __dev_get_by_name(tgt_net, ifname); else if (tb[IFLA_GROUP]) - return rtnl_group_dellink(net, nla_get_u32(tb[IFLA_GROUP])); + err = rtnl_group_dellink(tgt_net, nla_get_u32(tb[IFLA_GROUP])); else - return -EINVAL; + goto out; - if (!dev) - return -ENODEV; + if (!dev) { + if (tb[IFLA_IFNAME] || ifm->ifi_index > 0) + err = -ENODEV; - return rtnl_delete_link(dev); + goto out; + } + + err = rtnl_delete_link(dev); + +out: + if (netnsid >= 0) + put_net(tgt_net); + + return err; } int rtnl_configure_link(struct net_device *dev, const struct ifinfomsg *ifm)