Re: iproute2: potential upgrade regression with 58a3e827

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Dilip Daya <dilip.daya@hp.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Chris J Arges <chris.j.arges@canonical.com>,
	Brian Haley <brian.haley@hp.com>,
	shemminger@osdl.org,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: iproute2: potential upgrade regression with 58a3e827
Date: Mon, 11 Nov 2013 19:36:52 -0500	[thread overview]
Message-ID: <1384216612.2758.30.camel@dilip-laptop> (raw)
In-Reply-To: <871u2mblzk.fsf@xmission.com>

Hi Eric,

On Mon, 2013-11-11 at 14:40 -0800, Eric W. Biederman wrote:
> Dilip Daya <dilip.daya@hp.com> writes:
> 
> > Hi Chris,
> >
> > On Mon, 2013-11-11 at 15:26 -0600, Chris J Arges wrote:
> >
> >> Good suggestion,
> >> So I'll use a more simple example now:
> >> 
> >> 1)
> >> ip netns add first
> >> ip netns exec first bash
> >> 
> >> 2)
> >> ip netns add second
> >> ip netns exec second bash
> >> 
> >> 3)
> >> ip netns exec first bash
> >> 
> >> If we do not upgrade the package, after we execute (2) we have:
> >> # ls -l /var/run/netns
> >> total 0
> >> -r-------- 1 root root 0 Nov 11 20:38 first
> >> -r-------- 1 root root 0 Nov 11 20:38 second
> >> 
> >> If we upgrade after (1), then run (2) we have:
> >> # ls -l /var/run/netns
> >> total 0
> >> ---------- 1 root root 0 Nov 11 20:56 first
> >> -r-------- 1 root root 0 Nov 11 20:57 second
> >> 
> >> So looks like netns add is doing something different from 58a3e827 and on.
> 
> I will just add that it is worth looking at /proc/mounts as well.
> 
> Although I have to admit that the difference in permissions is odd.


=> kernel v3.2.51 with iproute2-ss130903


Terminal #1--Add first netns
# ip netns add first


Terminal #1:
# tree --inodes /var/run/netns ; echo "=====" ; ls -li /var/run/netns ; echo "====="; cat /proc/self/mounts | grep first ; echo "=====" ; cat /proc/self/mountinfo | grep -e first
/var/run/netns
└── [   5204]  first

0 directories, 1 file
=====
total 0
5204 -r-------- 1 root root 0 Nov 11 17:17 first
=====
none /var/run/netns/first proc rw,nosuid,nodev,noexec,relatime 0 0
=====
23 22 0:3 /1935/ns/net /var/run/netns/first rw,nosuid,nodev,noexec,relatime shared:2 - proc none rw


Terminal #1:
# ip netns exec first /bin/bash


Terminal #1:
# tree --inodes /var/run/netns ; echo "=====" ; ls -li /var/run/netns ; echo "====="; cat /proc/self/mounts | grep first ; echo "=====" ; cat /proc/self/mountinfo | grep -e first
/var/run/netns
└── [   5204]  first

0 directories, 1 file
=====
total 0
5204 -r-------- 1 root root 0 Nov 11 17:17 first
=====
none /var/run/netns/first proc rw,nosuid,nodev,noexec,relatime 0 0
first /sys sysfs rw,relatime 0 0
=====
33 32 0:3 /1935/ns/net /var/run/netns/first rw,nosuid,nodev,noexec,relatime master:2 - proc none rw
29 25 0:17 / /sys rw,relatime - sysfs first rw


Terminal #1:
# ip netns add second


Terminal #1:
# tree --inodes /var/run/netns ; echo "=====" ; ls -li /var/run/netns ; echo "====="; cat /proc/self/mounts | grep first ; echo "=====" ; cat /proc/self/mountinfo | grep -e first -e second
/var/run/netns
├── [   5204]  first
└── [   5236]  second

0 directories, 2 files
=====
total 0
5204 -r-------- 1 root root 0 Nov 11 17:17 first
5236 -r-------- 1 root root 0 Nov 11 17:21 second   <<< observe this inode # and permissions
=====
none /var/run/netns/first proc rw,nosuid,nodev,noexec,relatime 0 0
first /sys sysfs rw,relatime 0 0
=====
33 32 0:3 /1935/ns/net /var/run/netns/first rw,nosuid,nodev,noexec,relatime shared:4 master:2 - proc none rw
29 25 0:17 / /sys rw,relatime - sysfs first rw
34 32 0:3 /1955/ns/net /var/run/netns/second rw,nosuid,nodev,noexec,relatime shared:5 - proc none rw



Terminal #2--in main (not in netns):
# tree --inodes /var/run/netns ; echo "=====" ; ls -li /var/run/netns ; echo "====="; cat /proc/self/mounts | grep first ; echo "=====" ; cat /proc/self/mountinfo | grep -e first -e second
/var/run/netns
├── [   5204]  first
└── [  51492]  second   <<< inode is different

0 directories, 2 files
=====
total 0
 5204 -r-------- 1 root root 0 Nov 11 17:17 first
51492 ---------- 1 root root 0 Nov 11 17:21 second   << inode different with NULL permissions
=====
none /var/run/netns/first proc rw,nosuid,nodev,noexec,relatime 0 0
=====
23 22 0:3 /1935/ns/net /var/run/netns/first rw,nosuid,nodev,noexec,relatime shared:2 - proc none rw

=> When in main (not in netns) "second" netns is not viewable.


Terminal #2--Enter first:
# ip netns exec first bash


Terminal #2:
# tree --inodes /var/run/netns ; echo "=====" ; ls -li /var/run/netns ; echo "====="; cat /proc/self/mounts | grep first ; echo "=====" ; cat /proc/self/mountinfo | grep -e first -e second
/var/run/netns
├── [   5204]  first
└── [  51492]  second   <<< inode different then when created from first in Terminal #1 above

0 directories, 2 files
=====
total 0
 5204 -r-------- 1 root root 0 Nov 11 17:17 first
51492 ---------- 1 root root 0 Nov 11 17:21 second   <<< inode with NULL permissions
=====
none /var/run/netns/first proc rw,nosuid,nodev,noexec,relatime 0 0
first /sys sysfs rw,relatime 0 0
=====
44 43 0:3 /1935/ns/net /var/run/netns/first rw,nosuid,nodev,noexec,relatime master:2 - proc none rw
40 36 0:17 / /sys rw,relatime - sysfs first rw

=> mounts and mountinfo does not show "second"


Terminal #2:
# ip netns exec second /bin/bash
seting the network namespace "second" failed: Invalid argument

=> "second" netns is now rendered unusable from "first" netns and from main.



Thanks,
-DilipD.



> 
> Eric

-- 
-DilipD.

next prev parent reply	other threads:[~2013-11-12  0:36 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-08 18:03 iproute2: potential upgrade regression with 58a3e827 Chris J Arges
2013-11-08 21:36 ` Eric W. Biederman
2013-11-08 22:30   ` Chris J Arges
2013-11-08 22:42     ` Eric W. Biederman
2013-11-09 17:00 ` Brian Haley
2013-11-11 21:26   ` Chris J Arges
2013-11-11 21:38     ` Dilip Daya
2013-11-11 22:40       ` Eric W. Biederman
2013-11-12  0:36         ` Dilip Daya [this message]
2013-12-13 18:46           ` [PATCH] " Chris J Arges
2013-12-13 18:55             ` Stephen Hemminger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1384216612.2758.30.camel@dilip-laptop \
    --to=dilip.daya@hp.com \
    --cc=brian.haley@hp.com \
    --cc=chris.j.arges@canonical.com \
    --cc=ebiederm@xmission.com \
    --cc=netdev@vger.kernel.org \
    --cc=shemminger@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox