From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: [patch net] net: forbid netdev used by mirred tc act from being moved to another netns Date: Mon, 13 Nov 2017 10:37:10 -0700 Message-ID: References: <20171113140541.1128-1-jiri@resnulli.us> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: davem@davemloft.net, jhs@mojatatu.com, xiyou.wangcong@gmail.com, mlxsw@mellanox.com, idosch@mellanox.com, edumazet@google.com, willemb@google.com, me@tobin.cc, john.fastabend@gmail.com, jakub.kicinski@netronome.com, daniel@iogearbox.net To: Jiri Pirko , netdev@vger.kernel.org Return-path: Received: from mail-pg0-f67.google.com ([74.125.83.67]:53527 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754164AbdKMRg4 (ORCPT ); Mon, 13 Nov 2017 12:36:56 -0500 Received: by mail-pg0-f67.google.com with SMTP id s2so13168300pge.10 for ; Mon, 13 Nov 2017 09:36:56 -0800 (PST) In-Reply-To: <20171113140541.1128-1-jiri@resnulli.us> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 11/13/17 7:05 AM, Jiri Pirko wrote: > diff --git a/net/core/dev.c b/net/core/dev.c > index 11596a3..877979f 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -8250,7 +8250,7 @@ int dev_change_net_namespace(struct net_device *dev, struct net *net, const char > > /* Don't allow namespace local devices to be moved. */ > err = -EINVAL; > - if (dev->features & NETIF_F_NETNS_LOCAL) > + if (dev->features & NETIF_F_NETNS_LOCAL || dev_netns_blocked(dev)) > goto out; > > /* Ensure the device has been registrered */ Add the extack arg to dev_change_net_namespace and tell user why the namespace change is not allowed. And for the netns_blocked case, EINVAL does not seem the proper error code since the device is legit.