From: Stephen Hemminger <stephen@networkplumber.org>
To: Denis Kirjanov <kirjanov@gmail.com>
Cc: dsahern@kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH iproute] iplink: emit the error message if open_fds_add failed
Date: Sun, 26 Jan 2025 08:58:02 -0800 [thread overview]
Message-ID: <20250126085802.5af23e35@hermes.local> (raw)
In-Reply-To: <20250121141642.28899-1-kirjanov@gmail.com>
On Tue, 21 Jan 2025 17:16:42 +0300
Denis Kirjanov <kirjanov@gmail.com> wrote:
> open_fds_add may fail since it adds an open fd
> to the fixed array. Print the error message in
> the such case.
>
> Signed-off-by: Denis Kirjanov <kirjanov@gmail.com>
> ---
> ip/iplink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/ip/iplink.c b/ip/iplink.c
> index 59e8caf4..1396da23 100644
> --- a/ip/iplink.c
> +++ b/ip/iplink.c
> @@ -666,7 +666,9 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
> if (netns < 0)
> invarg("Invalid \"netns\" value\n", *argv);
>
> - open_fds_add(netns);
> + if (open_fds_add(netns))
> + invarg("No descriptors left\n", *argv);
> +
> addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_FD,
> &netns, 4);
> move_netns = true;
Not an acceptable fix.
It is not an invalid argument, that would just be confusing.
How to reproduce this?
The original patch that added this made arbitrary choice of 5 fd's.
If this can be reproduced, that should be increased or switch to a dynamic list.
commit 57daf8ff8c6c357a5a083657e5b03d2883cbc4f9
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed Sep 18 18:49:41 2024 +0200
iplink: fix fd leak when playing with netns
The command 'ip link set foo netns mynetns' opens a file descriptor to fill
the netlink attribute IFLA_NET_NS_FD. This file descriptor is never closed.
When batch mode is used, the number of file descriptor may grow greatly and
reach the maximum file descriptor number that can be opened.
This fd can be closed only after the netlink answer. Moreover, a second
fd could be opened because some (struct link_util)->parse_opt() handlers
call iplink_parse().
Let's add a helper to manage these fds:
- open_fds_add() stores a fd, up to 5 (arbitrary choice, it seems enough);
- open_fds_close() closes all stored fds.
Fixes: 0dc34c7713bb ("iproute2: Add processless network namespace support")
Reported-by: Alexandre Ferrieux <alexandre.ferrieux@orange.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
prev parent reply other threads:[~2025-01-26 16:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-21 14:16 [PATCH iproute] iplink: emit the error message if open_fds_add failed Denis Kirjanov
2025-01-26 16:58 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250126085802.5af23e35@hermes.local \
--to=stephen@networkplumber.org \
--cc=dsahern@kernel.org \
--cc=kirjanov@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox