From: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
"Denis V. Lunev" <den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Benjamin Thery <benjamin.thery-6ktuUTfB/bM@public.gmane.org>
Subject: Re: [PATCH] net: Support specifying the network namespace upon device creation.
Date: Tue, 07 Oct 2008 14:20:42 +0200 [thread overview]
Message-ID: <48EB541A.5070306@fr.ibm.com> (raw)
In-Reply-To: <m1vdwatshs.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
Eric W. Biederman wrote:
> There is no good reason to not support userspace specifying the
> network namespace during device creation and it seems a handy
> thing to do.
>
> We have to be a little extra careful in this case to ensure that
> the network namespace exists through the point where we call
> register_netdevice.
>
> In addition we need to pass the network namespace to the
> rtnl_link_ops.newlink method so we can properly create
> the new device in another namespace and have it be a vlan
> device of a device in our current network namespace.
>
> In summary this patch makes ip link add somename netns NNN type sometype
> do the obvious thing instead of ignoring the network namespace parameter.
>
> Signed-off-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> ---
> drivers/net/macvlan.c | 4 ++--
> drivers/net/veth.c | 5 +++--
> include/net/rtnetlink.h | 3 ++-
> net/8021q/vlan_netlink.c | 4 ++--
> net/core/rtnetlink.c | 17 ++++++++++++++++-
> 5 files changed, 25 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
> index 4239450..fc5933b 100644
> --- a/drivers/net/macvlan.c
> +++ b/drivers/net/macvlan.c
> @@ -416,7 +416,7 @@ static int macvlan_validate(struct nlattr *tb[], struct nlattr *data[])
> return 0;
> }
>
> -static int macvlan_newlink(struct net_device *dev,
> +static int macvlan_newlink(struct net *net, struct net_device *dev,
> struct nlattr *tb[], struct nlattr *data[])
> {
> struct macvlan_dev *vlan = netdev_priv(dev);
> @@ -427,7 +427,7 @@ static int macvlan_newlink(struct net_device *dev,
> if (!tb[IFLA_LINK])
> return -EINVAL;
>
> - lowerdev = __dev_get_by_index(dev_net(dev), nla_get_u32(tb[IFLA_LINK]));
> + lowerdev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK]));
> if (lowerdev == NULL)
> return -ENODEV;
>
> diff --git a/drivers/net/veth.c b/drivers/net/veth.c
> index 31cd817..3a2d818 100644
> --- a/drivers/net/veth.c
> +++ b/drivers/net/veth.c
> @@ -335,7 +335,7 @@ static int veth_validate(struct nlattr *tb[], struct nlattr *data[])
>
> static struct rtnl_link_ops veth_link_ops;
>
> -static int veth_newlink(struct net_device *dev,
> +static int veth_newlink(struct net *net, struct net_device *dev,
> struct nlattr *tb[], struct nlattr *data[])
> {
> int err;
> @@ -375,7 +375,7 @@ static int veth_newlink(struct net_device *dev,
> else
> snprintf(ifname, IFNAMSIZ, DRV_NAME "%%d");
>
> - peer = rtnl_create_link(dev_net(dev), ifname, &veth_link_ops, tbp);
> + peer = rtnl_create_link(net, ifname, &veth_link_ops, tbp);
> if (IS_ERR(peer))
> return PTR_ERR(peer);
>
> @@ -383,6 +383,7 @@ static int veth_newlink(struct net_device *dev,
> random_ether_addr(peer->dev_addr);
>
> err = register_netdevice(peer);
> + put_net(peer->nd_net);
> if (err < 0)
> goto err_register_peer;
>
> diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
> index 3c1895e..dbf546f 100644
> --- a/include/net/rtnetlink.h
> +++ b/include/net/rtnetlink.h
> @@ -55,7 +55,8 @@ struct rtnl_link_ops {
> int (*validate)(struct nlattr *tb[],
> struct nlattr *data[]);
>
> - int (*newlink)(struct net_device *dev,
> + int (*newlink)(struct net *net,
> + struct net_device *dev,
> struct nlattr *tb[],
> struct nlattr *data[]);
> int (*changelink)(struct net_device *dev,
> diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
> index e9c91dc..e6190f7 100644
> --- a/net/8021q/vlan_netlink.c
> +++ b/net/8021q/vlan_netlink.c
> @@ -100,7 +100,7 @@ static int vlan_changelink(struct net_device *dev,
> return 0;
> }
>
> -static int vlan_newlink(struct net_device *dev,
> +static int vlan_newlink(struct net *net, struct net_device *dev,
> struct nlattr *tb[], struct nlattr *data[])
> {
> struct vlan_dev_info *vlan = vlan_dev_info(dev);
> @@ -112,7 +112,7 @@ static int vlan_newlink(struct net_device *dev,
>
> if (!tb[IFLA_LINK])
> return -EINVAL;
> - real_dev = __dev_get_by_index(dev_net(dev), nla_get_u32(tb[IFLA_LINK]));
> + real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK]));
Hmm, if the macvlan is created inside a namespace, the network namespace
specified in the parameter function will not be the namespace where
belongs IFLA_LINK and the __dev_get_by_index will fail, no ?
> if (!real_dev)
> return -ENODEV;
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 8862498..069b176 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -1002,6 +1002,19 @@ struct net_device *rtnl_create_link(struct net *net, char *ifname,
> goto err_free;
> }
>
> + /* To support userspace specifying a network namespace during
> + * device creation we grab the network namespace here and hold
> + * it until just after register_netdevice to prevent races.
> + */
> + if (!tb[IFLA_NET_NS_PID])
> + get_net(net);
> + else {
> + net = get_net_ns_by_pid(nla_get_u32(tb[IFLA_NET_NS_PID]));
> + if (IS_ERR(net)) {
> + err = PTR_ERR(net);
> + goto err_free;
> + }
> + }
> dev_net_set(dev, net);
> dev->rtnl_link_ops = ops;
>
> @@ -1150,10 +1163,12 @@ replay:
> if (IS_ERR(dev))
> err = PTR_ERR(dev);
> else if (ops->newlink)
> - err = ops->newlink(dev, tb, data);
> + err = ops->newlink(net, dev, tb, data);
> else
> err = register_netdevice(dev);
>
> + if (!IS_ERR(dev))
> + put_net(dev->nd_net);
If there is an error in ops->newlink or register_netdevice, we will exit
without releasing the net refcount.
> if (err < 0 && !IS_ERR(dev))
> free_netdev(dev);
> return err;
next prev parent reply other threads:[~2008-10-07 12:20 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-03 0:39 [PATCH] netns: Delete virtual interfaces during namespace cleanup Eric W. Biederman
[not found] ` <m18wt6v7eb.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-03 0:46 ` [PATCH] net: Support specifying the network namespace upon device creation Eric W. Biederman
[not found] ` <m1vdwatshs.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-07 12:20 ` Daniel Lezcano [this message]
[not found] ` <48EB541A.5070306-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-07 23:38 ` Eric W. Biederman
2008-10-07 10:16 ` [PATCH] netns: Delete virtual interfaces during namespace cleanup Daniel Lezcano
[not found] ` <48EB36FC.4000008-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-07 10:41 ` Eric W. Biederman
[not found] ` <m1ej2s7kmj.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-07 11:22 ` Daniel Lezcano
[not found] ` <48EB4679.1040602-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-07 11:45 ` Eric W. Biederman
[not found] ` <m1fxn839y3.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-07 12:07 ` Daniel Lezcano
[not found] ` <48EB50E4.3060303-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-07 23:08 ` David Miller
[not found] ` <20081007.160807.32968959.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2008-10-08 8:19 ` Daniel Lezcano
2008-10-07 10:52 ` Pavel Emelyanov
[not found] ` <48EB3F72.5090201-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-07 11:28 ` Eric W. Biederman
[not found] ` <m1d4ic4pbr.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-08 12:34 ` Pavel Emelyanov
[not found] ` <48ECA8D2.4090406-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-11-05 23:22 ` [PATCH 1/3] " Eric W. Biederman
2008-11-05 23:25 ` [PATCH 2/3] net: Guaranetee the proper ordering of the loopback device Eric W. Biederman
2008-11-05 23:27 ` [PATCH 3/3] net: Don't leak packets when a netns is going down Eric W. Biederman
2008-11-06 0:00 ` David Miller
2008-11-06 0:00 ` [PATCH 2/3] net: Guaranetee the proper ordering of the loopback device David Miller
2008-11-06 13:02 ` Eric W. Biederman
2008-11-06 15:34 ` [PATCH 1/2] net: fib_rules ordering fixes Eric W. Biederman
2008-11-06 15:36 ` [PATCH 2/2] net: Guaranetee the proper ordering of the loopback device. v2 Eric W. Biederman
2008-11-08 6:55 ` David Miller
2008-11-08 6:54 ` [PATCH 1/2] net: fib_rules ordering fixes David Miller
2008-11-06 21:20 ` [PATCH 2/3] net: Guaranetee the proper ordering of the loopback device David Miller
2008-11-08 6:53 ` David Miller
2008-11-08 7:13 ` Eric W. Biederman
[not found] ` <m14p2l4v2l.fsf_-_-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-11-06 0:00 ` [PATCH 1/3] netns: Delete virtual interfaces during namespace cleanup David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48EB541A.5070306@fr.ibm.com \
--to=dlezcano-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=benjamin.thery-6ktuUTfB/bM@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox