From: "Denis V. Lunev" <den@sw.ru>
To: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: davem@davemloft.net, netdev@vger.kernel.org, xemul@openvz.org,
ebiederm@xmission.com, containers@lists.osdl.org,
yoshfuji@linux-ipv6.org, Benjamin Thery <benjamin.thery@bull.net>
Subject: Re: [patch 1/1][NETNS][IPV6] protect addrconf from loopback registration
Date: Mon, 12 Nov 2007 19:05:23 +0300 [thread overview]
Message-ID: <473879C3.5020301@sw.ru> (raw)
In-Reply-To: <20071112152403.273795630@mai.toulouse-stg.fr.ibm.com>
Daniel Lezcano wrote:
> The loopback is now dynamically allocated. The ipv6 code was written
> considering the loopback is allocated before the ipv6 protocol
> initialization. This is still the case when we don't use multiple
> network namespaces.
>
> In the case of the network namespaces, ipv6 notification handler is
> already setup and active (done by the initial network namespace),
> so when a network namespace is created, a new instance of the
> loopback device, via dynamic allocation, will trigger a REGISTER event
> to addrconf_notify and this one will try to setup the network device
> while the ipv6 protocol is not yet initialized for the network namespace.
>
> Because the ipv6 is relying on the fact that the loopback device will
> not trigger REGISTER/UNREGISTER events, I just protect the addrconf_notify
> function when the loopback register event is triggered.
>
> In the case of multiple network namespaces, the usual ipv6 protocol
> initialization will be done after the loopback initialization with
> the subsystem registration mechanism.
>
> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
> Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
> ---
> net/ipv6/addrconf.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> Index: linux-2.6-netns/net/ipv6/addrconf.c
> ===================================================================
> --- linux-2.6-netns.orig/net/ipv6/addrconf.c
> +++ linux-2.6-netns/net/ipv6/addrconf.c
> @@ -2272,7 +2272,8 @@ static int addrconf_notify(struct notifi
>
> switch(event) {
> case NETDEV_REGISTER:
> - if (!idev && dev->mtu >= IPV6_MIN_MTU) {
> + if (!(dev->flags & IFF_LOOPBACK) &&
> + !idev && dev->mtu >= IPV6_MIN_MTU) {
> idev = ipv6_add_dev(dev);
> if (!idev)
> return notifier_from_errno(-ENOMEM);
> @@ -2366,11 +2367,15 @@ static int addrconf_notify(struct notifi
> /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
>
> case NETDEV_DOWN:
> + addrconf_ifdown(dev, 0);
> + break;
> +
> case NETDEV_UNREGISTER:
> /*
> * Remove all addresses from this interface.
> */
> - addrconf_ifdown(dev, event != NETDEV_DOWN);
> + if (!(dev->flags & IFF_LOOPBACK))
> + addrconf_ifdown(dev, 1);
> break;
>
> case NETDEV_CHANGENAME:
>
why should we care on down? we are destroying the device. It should
gone. All references to it should also gone. So, we should perform the
cleaning and remove all IPv6 addresses, so notifier should also work.
The code relies on the "persistent" loopback and this is a _bad_ thing.
This is longstanding bug in the code, that the dst_entry should have a
valid reference to a device. This is the only purpose for a loopback
persistence. Though, at the namespace death no such entries must be and
this will be checked during unregister process. This patch definitely
breaks this assumption :(
Namespaces are good to catch leakage using standard codepaths, so they
should be preserved as much as possible. So, _all_ normal down code
should be called for a loopback device in other than init_net context.
Regards,
Den
next prev parent reply other threads:[~2007-11-12 16:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20071112151953.052335971@mai.toulouse-stg.fr.ibm.com>
2007-11-12 15:19 ` [patch 1/1][NETNS][IPV6] protect addrconf from loopback registration Daniel Lezcano
2007-11-12 16:05 ` Denis V. Lunev [this message]
2007-11-12 16:11 ` Daniel Lezcano
2007-11-12 16:49 ` Denis V. Lunev
2007-11-12 16:59 ` Eric W. Biederman
2007-11-12 22:24 ` David Miller
2007-11-13 12:59 ` Eric W. Biederman
[not found] ` <473879C3.5020301-3ImXcnM4P+0@public.gmane.org>
2007-11-12 16:51 ` Eric W. Biederman
2007-11-12 17:01 ` Daniel Lezcano
2007-11-12 19:50 ` Eric W. Biederman
2007-11-13 1:52 ` YOSHIFUJI Hideaki / 吉藤英明
2007-11-13 13:11 ` Eric W. Biederman
2007-11-13 10:55 ` Daniel Lezcano
2007-11-12 21:00 ` Denis V. Lunev
2007-11-12 16:40 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=473879C3.5020301@sw.ru \
--to=den@sw.ru \
--cc=benjamin.thery@bull.net \
--cc=containers@lists.osdl.org \
--cc=davem@davemloft.net \
--cc=dlezcano@fr.ibm.com \
--cc=ebiederm@xmission.com \
--cc=netdev@vger.kernel.org \
--cc=xemul@openvz.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).