On 10/21/19 7:20 PM, Hoang Le wrote:
>       n->net = net;
>       n->capabilities = capabilities;
> +     n->pnet = NULL;
> +     for_each_net_rcu(tmp) {

This does not scale well, if say you have a thousand netns ?

> +             tn_peer = net_generic(tmp, tipc_net_id);
> +             if (!tn_peer)
> +                     continue;
> +             /* Integrity checking whether node exists in namespace or not */
> +             if (tn_peer->net_id != tn->net_id)
> +                     continue;
> +             if (memcmp(peer_id, tn_peer->node_id, NODE_ID_LEN))
> +                     continue;
> +
> +             hash_chk = tn_peer->random;
> +             hash_chk ^= net_hash_mix(&init_net);

Why the xor with net_hash_mix(&init_net) is needed ?

> +             hash_chk ^= net_hash_mix(tmp);
> +             if (hash_chk ^ hash_mixes)
> +                     continue;
> +             n->pnet = tmp;
> +             break;
> +     }


How can we set n->pnet without increasing netns ->count ?

Using check_net() later might trigger an use-after-free.

Reply via email to