From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: "Denis V. Lunev" <den-3ImXcnM4P+0@public.gmane.org>
Cc: yoshfuji-VfPWfsRibaP+Ru+s062T9g@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
Benjamin Thery <benjamin.thery-6ktuUTfB/bM@public.gmane.org>,
davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [patch 1/1][NETNS][IPV6] protect addrconf from loopback registration
Date: Mon, 12 Nov 2007 09:51:58 -0700 [thread overview]
Message-ID: <m1ejev4dap.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <473879C3.5020301-3ImXcnM4P+0@public.gmane.org> (Denis V. Lunev's message of "Mon, 12 Nov 2007 19:05:23 +0300")
"Denis V. Lunev" <den-3ImXcnM4P+0@public.gmane.org> writes:
>> Index: linux-2.6-netns/net/ipv6/addrconf.c
>> ===================================================================
>> --- linux-2.6-netns.orig/net/ipv6/addrconf.c
>> +++ linux-2.6-netns/net/ipv6/addrconf.c
>> @@ -2272,7 +2272,8 @@ static int addrconf_notify(struct notifi
>>
>> switch(event) {
>> case NETDEV_REGISTER:
>> - if (!idev && dev->mtu >= IPV6_MIN_MTU) {
>> + if (!(dev->flags & IFF_LOOPBACK) &&
>> + !idev && dev->mtu >= IPV6_MIN_MTU) {
It is idev being true here for the loopback device that would
prevent things not missing the REGISTER event.
Hmm. But we do call ipv6_add_dev on loopback and now the loopback
device is practically guaranteed to be the first device so we can
probably just remove the special case in addrconf_init.
Anyway Daniels patch makes increasingly less sense the more I look
at it.
> Namespaces are good to catch leakage using standard codepaths, so they
> should be preserved as much as possible. So, _all_ normal down code
> should be called for a loopback device in other than init_net context.
In any context. After the code path is aware of multiple network namespaces
init_net should not be special in any way.
I completely agree about the ability to catch weird leakage scenarios.
Eric
next prev parent reply other threads:[~2007-11-12 16:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20071112151953.052335971@mai.toulouse-stg.fr.ibm.com>
2007-11-12 15:19 ` [patch 1/1][NETNS][IPV6] protect addrconf from loopback registration Daniel Lezcano
2007-11-12 16:05 ` Denis V. Lunev
2007-11-12 16:11 ` Daniel Lezcano
2007-11-12 16:49 ` Denis V. Lunev
2007-11-12 16:59 ` Eric W. Biederman
2007-11-12 22:24 ` David Miller
2007-11-13 12:59 ` Eric W. Biederman
[not found] ` <473879C3.5020301-3ImXcnM4P+0@public.gmane.org>
2007-11-12 16:51 ` Eric W. Biederman [this message]
2007-11-12 17:01 ` Daniel Lezcano
2007-11-12 19:50 ` Eric W. Biederman
2007-11-13 1:52 ` YOSHIFUJI Hideaki / 吉藤英明
2007-11-13 13:11 ` Eric W. Biederman
2007-11-13 10:55 ` Daniel Lezcano
2007-11-12 21:00 ` Denis V. Lunev
2007-11-12 16:40 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1ejev4dap.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=benjamin.thery-6ktuUTfB/bM@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=den-3ImXcnM4P+0@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=yoshfuji-VfPWfsRibaP+Ru+s062T9g@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.