From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christian Brauner <christian.brauner@canonical.com>
Subject: Re: [PATCH net 1/1 v1] rtnetlink: require unique netns identifier
Date: Sun, 4 Feb 2018 13:11:02 +0100
Message-ID: <20180204121100.GA1344@gmail.com>
References: <20180203132904.11972-1-christian.brauner@ubuntu.com>
 <20180203132904.11972-2-christian.brauner@ubuntu.com>
 <20180203111701.2ff8d7a3@xeon-e3>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Cc: Christian Brauner <christian.brauner@ubuntu.com>,
        netdev@vger.kernel.org, ebiederm@xmission.com, jbenc@redhat.com,
        nicolas.dichtel@6wind.com, linux-kernel@vger.kernel.org,
        dsahern@gmail.com, davem@davemloft.net
To: Stephen Hemminger <stephen@networkplumber.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from youngberry.canonical.com ([91.189.89.112]:34017 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751835AbeBDMLK (ORCPT
        <rfc822;netdev@vger.kernel.org>); Sun, 4 Feb 2018 07:11:10 -0500
Received: from mail-wr0-f199.google.com ([209.85.128.199])
        by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
        (Exim 4.76)
        (envelope-from <christian.brauner@canonical.com>)
        id 1eiJ8X-0004iZ-OE
        for netdev@vger.kernel.org; Sun, 04 Feb 2018 12:11:09 +0000
Received: by mail-wr0-f199.google.com with SMTP id i12so13926400wra.22
        for <netdev@vger.kernel.org>; Sun, 04 Feb 2018 04:11:09 -0800 (PST)
Content-Disposition: inline
In-Reply-To: <20180203111701.2ff8d7a3@xeon-e3>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Sat, Feb 03, 2018 at 11:17:01AM -0800, Stephen Hemminger wrote:
> On Sat,  3 Feb 2018 14:29:04 +0100
> Christian Brauner <christian.brauner@ubuntu.com> wrote:
> 
> > +static int rtnl_ensure_unique_netns_attr(const struct sock *sk,
> > +					 struct nlattr *tb[],
> > +					 struct netlink_ext_ack *extack)
> > +{
> > +	int ret = -EINVAL;
> > +	struct net *net = NULL, *unique_net = NULL;
> > +
> > +	/* Requests without network namespace ids have been able to specify
> > +	 * multiple properties referring to different network namespaces so
> > +	 * don't regress them.
> > +	 */
> > +	if (!tb[IFLA_IF_NETNSID])
> > +		return 0;
> > +
> > +	if (!tb[IFLA_NET_NS_PID] && !tb[IFLA_NET_NS_FD])
> > +		return 0;
> 
> Isn't this an error?

My reasoning was that having no explicit network namespace identifying
attributes the caller operates on the current network namespace which is
uniquely identified.

> 
> > +
> > +	unique_net = get_net_ns_by_id(sock_net(sk), nla_get_s32(tb[IFLA_IF_NETNSID]));
> > +	if (!unique_net)
> > +		return -1;
> 
> Other paths are returning errno, so why -1 here?

Yes, this should be -EINVAL as well.

Thanks!
Christian