[v4] ip6_vti: vti6_changelink and vti6_siocdevprivate netns fixes

[PATCH net v4 0/2] ip6_vti: vti6_changelink and vti6_siocdevprivate netns fixes

Maoyi Xie posted 2 patches 3 days, 6 hours ago

Diff against v3
Download series mbox

net/ipv6/ip6_vti.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)

Expand all Fold all

[PATCH net v4 0/2] ip6_vti: vti6_changelink and vti6_siocdevprivate netns fixes

Posted by Maoyi Xie 3 days, 6 hours ago

v3 -> v4

 - Update Fixes tag on both patches to commit 61220ab34948
   ("vti6: Enable namespace changing"). Xiao noted the old tag
   5e72ce3e3980 is not the introducing commit. dev_net(dev) and
   t->net first diverge when 61220ab34948 dropped
   NETIF_F_NETNS_LOCAL and made vti6 devices movable through
   IFLA_NET_NS_FD. Same Fixes shape Jakub took for the sibling
   fix 1d324c2f43f7.

 - 2/2 adds ns_capable(self->net->user_ns, CAP_NET_ADMIN) inside
   the non fallback SIOCCHGTUNNEL branch. The check at the top
   of the case is against dev_net(dev)->user_ns only. A caller
   in the migrated netns can pick params absent from self->net,
   the lookup returns NULL, t becomes self, and vti6_update()
   inserts the device into self->net's hash. v3 did not close
   that path.

1/2 carries forward Eric Dumazet's Reviewed-by. Only the Fixes
tag changes there. 2/2 changes the Fixes tag and adds the
ns_capable hunk.

Kuniyuki Iwashima (1):
  ip6: vti: Use ip6_tnl.net in vti6_changelink().

Maoyi Xie (1):
  ip6: vti: Use ip6_tnl.net in vti6_siocdevprivate().

 net/ipv6/ip6_vti.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

--
2.34.1