* net: netdev-genl: NETDEV_A_NAPI_PID is the init-ns pid, not the caller's
@ 2026-06-15 7:01 Maoyi Xie
2026-06-15 16:12 ` Jakub Kicinski
0 siblings, 1 reply; 2+ messages in thread
From: Maoyi Xie @ 2026-06-15 7:01 UTC (permalink / raw)
To: David S . Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni
Cc: Amritha Nambiar, Simon Horman, David Wei, Stanislav Fomichev,
Samiullah Khawaja, netdev, linux-kernel, Maoyi Xie
Hi all,
I noticed something in netdev_nl_napi_fill_one() and would appreciate
your view on whether it is a real problem.
It reports the NAPI kthread pid like this:
if (napi->thread) {
pid = task_pid_nr(napi->thread);
if (nla_put_u32(rsp, NETDEV_A_NAPI_PID, pid))
task_pid_nr() returns the pid in the initial pid namespace. It is put
into NETDEV_A_NAPI_PID without any translation to the caller's pid
namespace.
NETDEV_CMD_NAPI_GET has no GENL_ADMIN_PERM and the family is netnsok.
So a caller in a child pid namespace can read it. That caller then sees
the kthread's global pid. The kthread is not in that namespace, so the
value there should be 0.
This looks like the same case as commit 3799c2570982 ("io_uring/fdinfo:
translate SqThread PID through caller's pid_ns").
I checked it with a small reproducer and a fix. From a child pid
namespace the reproducer reads the kthread's global pid. With the fix it
reads 0. I am not sure how much this matters in practice. I would
appreciate it if you could let me know whether it is worth a fix. I am
happy to send the patch.
Thanks,
Maoyi
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: net: netdev-genl: NETDEV_A_NAPI_PID is the init-ns pid, not the caller's
2026-06-15 7:01 net: netdev-genl: NETDEV_A_NAPI_PID is the init-ns pid, not the caller's Maoyi Xie
@ 2026-06-15 16:12 ` Jakub Kicinski
0 siblings, 0 replies; 2+ messages in thread
From: Jakub Kicinski @ 2026-06-15 16:12 UTC (permalink / raw)
To: Maoyi Xie
Cc: David S . Miller, Eric Dumazet, Paolo Abeni, Amritha Nambiar,
Simon Horman, David Wei, Stanislav Fomichev, Samiullah Khawaja,
netdev, linux-kernel
On Mon, 15 Jun 2026 15:01:52 +0800 Maoyi Xie wrote:
> Hi all,
>
> I noticed something in netdev_nl_napi_fill_one() and would appreciate
> your view on whether it is a real problem.
>
> It reports the NAPI kthread pid like this:
>
> if (napi->thread) {
> pid = task_pid_nr(napi->thread);
> if (nla_put_u32(rsp, NETDEV_A_NAPI_PID, pid))
>
> task_pid_nr() returns the pid in the initial pid namespace. It is put
> into NETDEV_A_NAPI_PID without any translation to the caller's pid
> namespace.
>
> NETDEV_CMD_NAPI_GET has no GENL_ADMIN_PERM and the family is netnsok.
> So a caller in a child pid namespace can read it. That caller then sees
> the kthread's global pid. The kthread is not in that namespace, so the
> value there should be 0.
>
> This looks like the same case as commit 3799c2570982 ("io_uring/fdinfo:
> translate SqThread PID through caller's pid_ns").
>
> I checked it with a small reproducer and a fix. From a child pid
> namespace the reproducer reads the kthread's global pid. With the fix it
> reads 0. I am not sure how much this matters in practice. I would
> appreciate it if you could let me know whether it is worth a fix. I am
> happy to send the patch.
Please send a patch, we should try to obey the PID namespace, indeed.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-15 16:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-15 7:01 net: netdev-genl: NETDEV_A_NAPI_PID is the init-ns pid, not the caller's Maoyi Xie
2026-06-15 16:12 ` Jakub Kicinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox