From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Ilya Maximets <i.maximets@ovn.org>, Jiri Benc <jbenc@redhat.com>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Donald Hunter <donald.hunter@gmail.com>,
Shuah Khan <shuah@kernel.org>,
Kuniyuki Iwashima <kuniyu@google.com>,
Kees Cook <kees@kernel.org>, Adrian Moreno <amorenoz@redhat.com>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
Matteo Perin <matteo.perin@canonical.com>
Subject: Re: [PATCH net v2 2/4] net: netlink: don't set nsid on local notifications
Date: Fri, 22 May 2026 09:25:04 +0200 [thread overview]
Message-ID: <76280397-a1e8-4194-b02b-76ccef2732c1@6wind.com> (raw)
In-Reply-To: <b8183167-9e8d-4c75-b340-bc3437a14ea0@ovn.org>
Le 21/05/2026 à 18:01, Ilya Maximets a écrit :
> On 5/21/26 4:25 PM, Nicolas Dichtel wrote:
>> Le 21/05/2026 à 16:00, Jiri Benc a écrit :
>>> On Thu, 21 May 2026 14:36:12 +0200, Nicolas Dichtel wrote:
>>>> I still don't think that this is the right "fix". The app is broken. Even after
>>>> this patch, the bug could be easily triggered again by a third party.
>>>> There is nothing wrong with assigning a self-nsid. It would be a lot more robust
>>>> for the app to assign itself a self-nsid when it starts.
>>>
>>> On the other hand, does the patch break anything in practice (as
>>> opposed to in theory)? It makes live of several apps simpler, which is
>>> not a bad goal.
>> I'm not against the patch, it just look like a workaround.
>> I'm trying to understand how NETLINK_LISTEN_ALL_NSID is used (in fact, why it is
>> used if the app doesn't "understand" NSIDs).
>
> ovs-vswitchd works with NSIDs of remote ports. So it does understand them, it
> just doesn't expect the self-referential ones for the local namespace.
>
> openvswitch module has a minimal support for cross-namespace operation. Ports can
> be added to the openvswitch datapath and then moved to a different namespace (it's
> a little weird use case, but that's beyond the point here). ovs-vswitchd learns
> new NSIDs of those ports from the openvswitch module and then it can perform a
> limited set of cross-namespace operations on them and monitor their status changes
> through notifications on an all-nsid socket. It never learns the NSID of the
> current local namespace, because all the local ports can be directly accessed and
> openvswitch module doesn't report an NSID for them, as it's not needed for anything.
>
> In the end, ovs-vswitchd knows all the remote NSIDs it needs to know and can
> recognize them in notifications. But it doesn't know the NSID of it's own local
> namespace, as the openvswitch module never reports that for local ports and
> ovs-vswitchd doesn't explicitly check its own NSID. So, local notifications with
> NSID set get treatment of a notification from some remote namespace that we do not
> care about.
>
> We will be putting changes into ovs-vswitch to work around this issue, simply
> because it will take time for the kernel patch to propagate to distros. But this
> code will not be useful for anything except for working around this one specific
> case and so it would be nice to get rid of it eventually. And it would be nice
> if future applications didn't need to care about this behavior as well. Having
> the fix in stable will speed up the process significantly.
Ok, thanks for the details.
Regards,
Nicolas
next prev parent reply other threads:[~2026-05-22 7:25 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 17:22 [PATCH net v2 0/4] netlink: fixes for cross-namespace nsid reporting Ilya Maximets
2026-05-20 17:22 ` [PATCH net v2 1/4] net: netlink: fix sending unassigned nsid after assigned one Ilya Maximets
2026-05-21 12:34 ` Nicolas Dichtel
2026-05-20 17:22 ` [PATCH net v2 2/4] net: netlink: don't set nsid on local notifications Ilya Maximets
2026-05-21 12:36 ` Nicolas Dichtel
2026-05-21 14:00 ` Jiri Benc
2026-05-21 14:25 ` Nicolas Dichtel
2026-05-21 16:01 ` Ilya Maximets
2026-05-22 7:25 ` Nicolas Dichtel [this message]
2026-05-22 7:25 ` Nicolas Dichtel
2026-05-20 17:22 ` [PATCH net v2 3/4] tools: ynl: support listening on all nsids Ilya Maximets
2026-05-20 17:22 ` [PATCH net v2 4/4] selftests: net: add a test case for nsid in all nsid notifications Ilya Maximets
2026-05-22 7:30 ` Nicolas Dichtel
2026-05-21 15:23 ` [PATCH net v2 0/4] netlink: fixes for cross-namespace nsid reporting Jakub Kicinski
2026-05-21 15:50 ` patchwork-bot+netdevbpf
2026-05-23 0:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76280397-a1e8-4194-b02b-76ccef2732c1@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=amorenoz@redhat.com \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=i.maximets@ovn.org \
--cc=jbenc@redhat.com \
--cc=kees@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=matteo.perin@canonical.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox