From: Allison Henderson <achender@kernel.org>
To: netdev@vger.kernel.org
Cc: pabeni@redhat.com, edumazet@google.com, rds-devel@oss.oracle.com,
kuba@kernel.org, horms@kernel.org, linux-rdma@vger.kernel.org,
achender@kernel.org
Subject: [PATCH net v1 2/2] net/rds: Restrict use of RDS/IB to the initial network namespace
Date: Sat, 4 Apr 2026 21:16:13 -0700 [thread overview]
Message-ID: <20260405041613.309958-3-achender@kernel.org> (raw)
In-Reply-To: <20260405041613.309958-1-achender@kernel.org>
From: Greg Jumper <greg.jumper@oracle.com>
Prevent using RDS/IB in network namespaces other than the initial one.
The existing RDS/IB code will not work properly in non-initial network
namespaces, and there are currently no plans to support such use.
Fixes: d5a8ac28a7ff ("RDS-TCP: Make RDS-TCP work correctly when it is set up in a netns other than init_net")
Reported-by: syzbot+da8e060735ae02c8f3d1@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=da8e060735ae02c8f3d1
Signed-off-by: Greg Jumper <greg.jumper@oracle.com>
Signed-off-by: Allison Henderson <achender@kernel.org>
---
net/rds/af_rds.c | 10 ++++++++--
net/rds/ib.c | 7 ++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c
index b396c673dfaf..896d4cfda5c3 100644
--- a/net/rds/af_rds.c
+++ b/net/rds/af_rds.c
@@ -357,7 +357,8 @@ static int rds_cong_monitor(struct rds_sock *rs, sockptr_t optval, int optlen)
return ret;
}
-static int rds_set_transport(struct rds_sock *rs, sockptr_t optval, int optlen)
+static int rds_set_transport(struct net *net, struct rds_sock *rs,
+ sockptr_t optval, int optlen)
{
int t_type;
@@ -373,6 +374,10 @@ static int rds_set_transport(struct rds_sock *rs, sockptr_t optval, int optlen)
if (t_type < 0 || t_type >= RDS_TRANS_COUNT)
return -EINVAL;
+ /* Only RDS/TCP supports non-initial network namespaces */
+ if (t_type != RDS_TRANS_TCP && !net_eq(net, &init_net))
+ return -EPROTOTYPE;
+
rs->rs_transport = rds_trans_get(t_type);
return rs->rs_transport ? 0 : -ENOPROTOOPT;
@@ -433,6 +438,7 @@ static int rds_setsockopt(struct socket *sock, int level, int optname,
sockptr_t optval, unsigned int optlen)
{
struct rds_sock *rs = rds_sk_to_rs(sock->sk);
+ struct net *net = sock_net(sock->sk);
int ret;
if (level != SOL_RDS) {
@@ -461,7 +467,7 @@ static int rds_setsockopt(struct socket *sock, int level, int optname,
break;
case SO_RDS_TRANSPORT:
lock_sock(sock->sk);
- ret = rds_set_transport(rs, optval, optlen);
+ ret = rds_set_transport(net, rs, optval, optlen);
release_sock(sock->sk);
break;
case SO_TIMESTAMP_OLD:
diff --git a/net/rds/ib.c b/net/rds/ib.c
index 73e01984ee9a..1bdbe8eaf3fc 100644
--- a/net/rds/ib.c
+++ b/net/rds/ib.c
@@ -490,8 +490,13 @@ static int rds_ib_laddr_check_cm(struct net *net, const struct in6_addr *addr,
static int rds_ib_laddr_check(struct net *net, const struct in6_addr *addr,
__u32 scope_id)
{
- struct rds_ib_device *rds_ibdev = rds_ib_get_device(addr->s6_addr32[3]);
+ struct rds_ib_device *rds_ibdev;
+
+ /* RDS/IB is only supported in the initial network namespace */
+ if (!net_eq(net, &init_net))
+ return -EPROTOTYPE;
+ rds_ibdev = rds_ib_get_device(addr->s6_addr32[3]);
if (rds_ibdev) {
rds_ib_dev_put(rds_ibdev);
--
2.43.0
next prev parent reply other threads:[~2026-04-05 4:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-05 4:16 [PATCH net v1 0/2] net/rds: Fix use-after-free in RDS/IB for non-init namespaces Allison Henderson
2026-04-05 4:16 ` [PATCH net v1 1/2] net/rds: Optimize rds_ib_laddr_check Allison Henderson
2026-04-07 1:19 ` Jakub Kicinski
2026-04-07 7:55 ` Allison Henderson
2026-04-07 1:19 ` Jakub Kicinski
2026-04-07 7:54 ` Allison Henderson
2026-04-05 4:16 ` Allison Henderson [this message]
2026-04-07 1:19 ` [PATCH net v1 2/2] net/rds: Restrict use of RDS/IB to the initial network namespace Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260405041613.309958-3-achender@kernel.org \
--to=achender@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rds-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.