Re: [PATCH] net: Allow to specify ifindex when device is moved to another namespace

Mon, 05 Apr 2021 15:15:14 -0700 

On Mon,  5 Apr 2021 00:12:23 -0700 Andrei Vagin wrote:
> Currently, we can specify ifindex on link creation. This change allows
> to specify ifindex when a device is moved to another network namespace.
> 
> Even now, a device ifindex can be changed if there is another device
> with the same ifindex in the target namespace. So this change doesn't
> introduce completely new behavior, it adds more control to the process.
> 
> CRIU users want to restore containers with pre-created network devices.
> A user will provide network devices and instructions where they have to
> be restored, then CRIU will restore network namespaces and move devices
> into them. The problem is that devices have to be restored with the same
> indexes that they have before C/R.
> 
> Cc: Alexander Mikhalitsyn <[email protected]>
> Suggested-by: Christian Brauner <[email protected]>
> Signed-off-by: Andrei Vagin <[email protected]>

> @@ -2354,7 +2354,7 @@ static int netvsc_register_vf(struct net_device 
> *vf_netdev)
>        */
>       if (!net_eq(dev_net(ndev), dev_net(vf_netdev))) {
>               ret = dev_change_net_namespace(vf_netdev,
> -                                            dev_net(ndev), "eth%d");
> +                                            dev_net(ndev), "eth%d", 0);

Given vast majority of callers pass 0 as the new param - perhaps
dev_change_net_namespace() should become a static inline wrapper
over a function with more parameters?

>               if (ret)
>                       netdev_err(vf_netdev,
>                                  "could not move to same namespace as %s: 
> %d\n",

> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 1bdcb33fb561..d51252afde0a 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -2266,6 +2266,9 @@ static int validate_linkmsg(struct net_device *dev, 
> struct nlattr *tb[])
>                       return -EINVAL;
>       }
>  
> +     if (tb[IFLA_NEW_IFINDEX] && nla_get_s32(tb[IFLA_NEW_IFINDEX]) <= 0)
> +             return -EINVAL;

I think you need to add IFLA_NEW_IFINDEX to ifla_policy, it used to be
an output only attribute, it's missing input validation. You can add
policy right there NLA_POLICY_MIN(NLA_S32, 0) - .min is 16 bit but it'd
get promoted correctly, I believe?

>       if (tb[IFLA_AF_SPEC]) {
>               struct nlattr *af;
>               int rem, err;

Reply via email to