* [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
@ 2018-02-14 13:39 Kirill Tkhai
2018-02-14 13:39 ` [PATCH net-next v2 1/3] net: Make extern and export get_net_ns() Kirill Tkhai
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Kirill Tkhai @ 2018-02-14 13:39 UTC (permalink / raw)
To: davem, jasowang, edumazet, xiyou.wangcong, willemb, peterpenkov96,
linyu.yuan, kstewart, aviadye, gregkh, ktkhai, davejwatson,
netdev
Currently, it's not possible to get or check net namespace,
which was used to create tun socket. User may have two tun
devices with the same names in different nets, and there
is no way to differ them each other.
The patchset adds support for ioctl() cmd SIOCGSKNS for tun
devices. It will allow people to obtain net namespace file
descriptor like we allow to do that for sockets in general.
v2: Add new patch [2/3] to export open_related_ns().
---
Kirill Tkhai (3):
net: Make extern and export get_net_ns()
net: Export open_related_ns()
tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
drivers/net/tun.c | 16 ++++++++++++++--
fs/nsfs.c | 1 +
include/linux/socket.h | 2 ++
net/socket.c | 3 ++-
4 files changed, 19 insertions(+), 3 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net-next v2 1/3] net: Make extern and export get_net_ns()
2018-02-14 13:39 [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
@ 2018-02-14 13:39 ` Kirill Tkhai
2018-02-14 13:40 ` [PATCH net-next v2 2/3] net: Export open_related_ns() Kirill Tkhai
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Kirill Tkhai @ 2018-02-14 13:39 UTC (permalink / raw)
To: davem, jasowang, edumazet, xiyou.wangcong, willemb, peterpenkov96,
linyu.yuan, kstewart, aviadye, gregkh, ktkhai, davejwatson,
netdev
This function will be used to obtain net of tun device.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
include/linux/socket.h | 2 ++
net/socket.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/socket.h b/include/linux/socket.h
index 9286a5a8c60c..1ce1f768a58c 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -353,4 +353,6 @@ extern int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen
unsigned int flags, struct timespec *timeout);
extern int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg,
unsigned int vlen, unsigned int flags);
+
+extern struct ns_common *get_net_ns(struct ns_common *ns);
#endif /* _LINUX_SOCKET_H */
diff --git a/net/socket.c b/net/socket.c
index fac8246a8ae8..7d1ffa755821 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -991,10 +991,11 @@ static long sock_do_ioctl(struct net *net, struct socket *sock,
* what to do with it - that's up to the protocol still.
*/
-static struct ns_common *get_net_ns(struct ns_common *ns)
+struct ns_common *get_net_ns(struct ns_common *ns)
{
return &get_net(container_of(ns, struct net, ns))->ns;
}
+EXPORT_SYMBOL_GPL(get_net_ns);
static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
{
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net-next v2 2/3] net: Export open_related_ns()
2018-02-14 13:39 [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
2018-02-14 13:39 ` [PATCH net-next v2 1/3] net: Make extern and export get_net_ns() Kirill Tkhai
@ 2018-02-14 13:40 ` Kirill Tkhai
2018-02-14 13:40 ` [PATCH net-next v2 3/3] tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
2018-02-15 20:35 ` [PATCH net-next v2 0/3] " David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Kirill Tkhai @ 2018-02-14 13:40 UTC (permalink / raw)
To: davem, jasowang, edumazet, xiyou.wangcong, willemb, peterpenkov96,
linyu.yuan, kstewart, aviadye, gregkh, ktkhai, davejwatson,
netdev
This function will be used to obtain net of tun device.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
fs/nsfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 36b0772701a0..60702d677bd4 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -184,6 +184,7 @@ int open_related_ns(struct ns_common *ns,
return fd;
}
+EXPORT_SYMBOL_GPL(open_related_ns);
static long ns_ioctl(struct file *filp, unsigned int ioctl,
unsigned long arg)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net-next v2 3/3] tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
2018-02-14 13:39 [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
2018-02-14 13:39 ` [PATCH net-next v2 1/3] net: Make extern and export get_net_ns() Kirill Tkhai
2018-02-14 13:40 ` [PATCH net-next v2 2/3] net: Export open_related_ns() Kirill Tkhai
@ 2018-02-14 13:40 ` Kirill Tkhai
2018-02-15 20:35 ` [PATCH net-next v2 0/3] " David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Kirill Tkhai @ 2018-02-14 13:40 UTC (permalink / raw)
To: davem, jasowang, edumazet, xiyou.wangcong, willemb, peterpenkov96,
linyu.yuan, kstewart, aviadye, gregkh, ktkhai, davejwatson,
netdev
This patch adds possibility to get tun device's net namespace fd
in the same way we allow to do that for sockets.
Socket ioctl numbers do not intersect with tun-specific, and there
is already SIOCSIFHWADDR used in tun code. So, SIOCGSKNS number
is choosen instead of custom-made for this functionality.
Note, that open_related_ns() uses plain get_net_ns() and it's safe
(net can't be already dead at this moment):
tun socket is allocated via sk_alloc() with zero last arg (kern = 0).
So, each alive socket increments net::count, and the socket is definitely
alive during ioctl syscall.
Also, common variable net is introduced, so small cleanup in TUNSETIFF
is made.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
drivers/net/tun.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 81e6cc951e7f..8e9a0ac644d2 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -78,6 +78,7 @@
#include <linux/mutex.h>
#include <linux/uaccess.h>
+#include <linux/proc_fs.h>
/* Uncomment to enable debugging */
/* #define TUN_DEBUG 1 */
@@ -2793,6 +2794,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
struct tun_struct *tun;
void __user* argp = (void __user*)arg;
struct ifreq ifr;
+ struct net *net;
kuid_t owner;
kgid_t group;
int sndbuf;
@@ -2801,7 +2803,8 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
int le;
int ret;
- if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == SOCK_IOC_TYPE) {
+ if (cmd == TUNSETIFF || cmd == TUNSETQUEUE ||
+ (_IOC_TYPE(cmd) == SOCK_IOC_TYPE && cmd != SIOCGSKNS)) {
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
} else {
@@ -2821,6 +2824,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
rtnl_lock();
tun = tun_get(tfile);
+ net = sock_net(&tfile->sk);
if (cmd == TUNSETIFF) {
ret = -EEXIST;
if (tun)
@@ -2828,7 +2832,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
ifr.ifr_name[IFNAMSIZ-1] = '\0';
- ret = tun_set_iff(sock_net(&tfile->sk), file, &ifr);
+ ret = tun_set_iff(net, file, &ifr);
if (ret)
goto unlock;
@@ -2850,6 +2854,14 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
tfile->ifindex = ifindex;
goto unlock;
}
+ if (cmd == SIOCGSKNS) {
+ ret = -EPERM;
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+ goto unlock;
+
+ ret = open_related_ns(&net->ns, get_net_ns);
+ goto unlock;
+ }
ret = -EBADFD;
if (!tun)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
2018-02-14 13:39 [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
` (2 preceding siblings ...)
2018-02-14 13:40 ` [PATCH net-next v2 3/3] tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
@ 2018-02-15 20:35 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2018-02-15 20:35 UTC (permalink / raw)
To: ktkhai
Cc: jasowang, edumazet, xiyou.wangcong, willemb, peterpenkov96,
linyu.yuan, kstewart, aviadye, gregkh, davejwatson, netdev
From: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Wed, 14 Feb 2018 16:39:45 +0300
> Currently, it's not possible to get or check net namespace,
> which was used to create tun socket. User may have two tun
> devices with the same names in different nets, and there
> is no way to differ them each other.
>
> The patchset adds support for ioctl() cmd SIOCGSKNS for tun
> devices. It will allow people to obtain net namespace file
> descriptor like we allow to do that for sockets in general.
>
> v2: Add new patch [2/3] to export open_related_ns().
Series applied, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-02-15 20:35 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-14 13:39 [PATCH net-next v2 0/3] Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
2018-02-14 13:39 ` [PATCH net-next v2 1/3] net: Make extern and export get_net_ns() Kirill Tkhai
2018-02-14 13:40 ` [PATCH net-next v2 2/3] net: Export open_related_ns() Kirill Tkhai
2018-02-14 13:40 ` [PATCH net-next v2 3/3] tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device Kirill Tkhai
2018-02-15 20:35 ` [PATCH net-next v2 0/3] " David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).