From nobody Mon Jun  8 18:55:56 2026
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1C713CE080
	for <linux-kernel@vger.kernel.org>; Wed, 27 May 2026 07:59:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.42
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779868773; cv=none;
 b=Mf1QHQ3bvEsitXgqe2O/PKSytz1pZOPX/XcvwOehs7KUzHJnEYPcZYxpSn9b6x9eHcNdm4v5N/Y3jf/G7oriToIz1jQcgESu6Yq7qx85xMT6QWT/bz2metsKyJQ1XunUmXtkGKrnfWTS9Xwu0dlFUfZo42C8mRiPIzorX+m3QZY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779868773; c=relaxed/simple;
	bh=oJWJrp+hfd9LJvMDqawW72LsBMSm3eITaNs27jH29x0=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=G1lQwv80pIpdjtS6oG6DiPI8HgENaooWq/3KtmISJNwEoijt8zxAHt7enVH9M6Zuxgv9iDvWkGyqwrD2wPdUPCl/0eYJQbUUOFOIis90RR7NgUob6C+3Wc5k7DM6T/iGkK7u8eUqBHr1czKWIHAVBblT8mrzpJtdrtjHEy7OzZE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=LawSnM1f; arc=none smtp.client-ip=209.85.216.42
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="LawSnM1f"
Received: by mail-pj1-f42.google.com with SMTP id
 98e67ed59e1d1-367d88b9940so7591813a91.1
        for <linux-kernel@vger.kernel.org>;
 Wed, 27 May 2026 00:59:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779868771; x=1780473571;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=XASDqBX1HWl6sXU3qoflGCtvXLQG0oc8mDyz90ZpDuo=;
        b=LawSnM1f4MR2FClxmaMPApL+y134am5xo+3k0mA7hDkCSzlQJu6rX6cpC2MVYIXvND
         Ks0poI/nDvYKYVajwxaFlXbZLMQcMbIF8tVA4A+QBWJ7XSibzGhd2aUn54/cnbe6jSS3
         1hYHa+5/lV9CEKxP8hZX+dSpLNxqAEAJ5eTo08DXQj1rDfrvFUzAreGvEXEzbGYQu+74
         eEyTlARUu5dyd5+sytnMdfqOt2W5Zmrm8JzPSxdI/acUCvt+2SCd4U5QgSIxjO2zYsQD
         6rBVx12/hqDXN5SotOGomOHTNBsFAJPwlvehrOJJDYY0bleelW+t8xwHNHW83EMSZ9pP
         XcYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779868771; x=1780473571;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=XASDqBX1HWl6sXU3qoflGCtvXLQG0oc8mDyz90ZpDuo=;
        b=oMkoEE7ERBcFOwmu5Toze+eS/Il1BNj6lw+uHBadXe1Nhf6T8/Er0+UQmWdsgs4+w0
         11DDiLNkLQ3h6iuMsvPgImW3J/lvYp38QoB2FvNdktCWXHJsTLRhRWNAPJcZ3KldemVi
         ez2UvqLcHcfjEtMlfq4JCurwkdC/EwPZAuFCoU410AI7DlWYe5UuLa2ebY/XpeGex9YK
         eYpZbkjzGRtT6v7xoefAlErOogOcEJu8fPC/G4kSTZHR63nZT5qRAZl9nqo8Fh7ib95K
         jOgrUEtp3+c9soLYEi1YblBA2TC0DL5KKr6AiRdYt4+SVh05t5u+vGq//l/P3EkQj1vA
         hhRg==
X-Forwarded-Encrypted: i=1;
 AFNElJ/wlUo8ZnU9y6Yh08xkfEt9ytiPahNzOyDxKZXubK87IemYF51AYdQepPazjdJZXHlYJZLY75QP5Y0zoMo=@vger.kernel.org
X-Gm-Message-State: AOJu0YzqoIi7nqRcFO1PoxFbYhlvCLXABDv5xhHKP+6sCPf5NpUdfcCM
	Cj3tIc2xm8Ggxl0xJ4PTnmPUW5Gp+5I56K+CFls4i7GAkSw6+wzg0D8S
X-Gm-Gg: Acq92OFlJ8vtuU8MUxVNxnb69rV4xVaTQxWeM2fRTcb55ajwafUQAaCa3rUw1qU2Bk5
	8SjsWmVvyrRtamGfC77gqwaGPBWuyxwnpPwjIxILVUvkPiRY/FQPR17Ex/vbNoXey3dXZQU3HCu
	r/Uo6qetX1Y5VtO+Xy+DpVIepqeqtMCOgIb6UGy9R7uiA4jgA2tglGcbW5UWJwIHGuMOfMQPwIB
	kz9I2EPubE7RASaF81IqGXffY9CGm7jR9o2CxgXRJ7kafAy45rCG0vcXq8HwVZJ1Mo7iOrRTHvn
	4SFSz5WBZqUQ2n71Ng2hYLtb57GCjTMR/qKw4KrvoOUEXwnSQDnrRqGnjUuqVgZC8Adcm4KgvEK
	8LGgrtikQTWUzninaEAlBwHBaTxF2A4p+MNSFMwXmgw5xvRrpUyJli8x5FbhIaxQ32s6c2k8atU
	l/SduNNNPI1YwGxKwSITckr4H/6N1FsqyYSZExfp26mo3s6kp5
X-Received: by 2002:a17:903:2b0e:b0:2bd:a403:4ab8 with SMTP id
 d9443c01a7336-2beb06319ffmr244207735ad.25.1779868770897;
        Wed, 27 May 2026 00:59:30 -0700 (PDT)
Received: from csl-conti-dell7858.ntu.edu.sg ([155.69.195.57])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-2beb5695f54sm149937405ad.10.2026.05.27.00.59.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 27 May 2026 00:59:30 -0700 (PDT)
From: Maoyi Xie <maoyixie.tju@gmail.com>
To: "David S . Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Simon Horman <horms@kernel.org>
Cc: Fernando Fernandez Mancera <fmancera@suse.de>,
	Jan Vaclav <jvaclav@redhat.com>,
	Andrew Lunn <andrew@lunn.ch>,
	Taehee Yoo <ap420073@gmail.com>,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Maoyi Xie <maoyixie.tju@gmail.com>,
	stable@vger.kernel.org
Subject: [PATCH net] hsr: broadcast netlink notifications in the device's net
 namespace
Date: Wed, 27 May 2026 15:59:24 +0800
Message-Id: <20260527075924.2707856-1-maoyixie.tju@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
 <CAHPEe=GO=2qqWZPwBB4rrXc3mkD0dznp2K78nCsKwF=c-QwxEw@mail.gmail.com>
References: 
 <CAHPEe=GO=2qqWZPwBB4rrXc3mkD0dznp2K78nCsKwF=c-QwxEw@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The HSR generic netlink family sets .netnsok =3D true. HSR devices can
live in network namespaces other than init_net.

Two async notifiers broadcast events with genlmsg_multicast(). They
are hsr_nl_ringerror() and hsr_nl_nodedown(). That helper delivers
only on the default genl socket in init_net. So the events always land
in init_net. The network namespace of the device does not matter.

This has two effects. A listener in the device's own namespace never
sees its own ring error and node down events. A privileged listener in
init_net receives events from HSR devices in other namespaces. The
payload carries the peer node MAC (HSR_A_NODE_ADDR) and the slave port
ifindex (HSR_A_IFINDEX). It leaks information across network
namespaces.

Switch both callers to genlmsg_multicast_netns(). Other families with
.netnsok =3D true already do this. Examples are gtp, ovpn, team,
batman-adv, netdev-genl, ethtool and handshake.

hsr_nl_ringerror() already has the slave port. It uses
dev_net(port->dev). hsr_nl_nodedown() takes the namespace from the
master port via hsr_port_get_hsr().

Fixes: 09e91dbea0aa ("hsr: set .netnsok flag")
Cc: stable@vger.kernel.org
Signed-off-by: Maoyi Xie <maoyixie.tju@gmail.com>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
---
This is the fix for the problem I reported on netdev on 2026-05-18 [1].
That thread had no reply, so I am sending the patch and adding the HSR
maintainers to Cc. The proof of concept and the test numbers are in
that message.

[1] https://lore.kernel.org/netdev/CAHPEe=3DGO=3D2qqWZPwBB4rrXc3mkD0dznp2K7=
8nCsKwF=3Dc-QwxEw@mail.gmail.com/

 net/hsr/hsr_netlink.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/net/hsr/hsr_netlink.c b/net/hsr/hsr_netlink.c
index db0b0af7a692..067ceaf7304b 100644
--- a/net/hsr/hsr_netlink.c
+++ b/net/hsr/hsr_netlink.c
@@ -247,7 +247,8 @@ void hsr_nl_ringerror(struct hsr_priv *hsr, unsigned ch=
ar addr[ETH_ALEN],
 		goto nla_put_failure;
=20
 	genlmsg_end(skb, msg_head);
-	genlmsg_multicast(&hsr_genl_family, skb, 0, 0, GFP_ATOMIC);
+	genlmsg_multicast_netns(&hsr_genl_family, dev_net(port->dev),
+				skb, 0, 0, GFP_ATOMIC);
=20
 	return;
=20
@@ -283,8 +284,17 @@ void hsr_nl_nodedown(struct hsr_priv *hsr, unsigned ch=
ar addr[ETH_ALEN])
 	if (res < 0)
 		goto nla_put_failure;
=20
+	rcu_read_lock();
+	master =3D hsr_port_get_hsr(hsr, HSR_PT_MASTER);
+	if (!master) {
+		rcu_read_unlock();
+		goto nla_put_failure;
+	}
+
 	genlmsg_end(skb, msg_head);
-	genlmsg_multicast(&hsr_genl_family, skb, 0, 0, GFP_ATOMIC);
+	genlmsg_multicast_netns(&hsr_genl_family, dev_net(master->dev),
+				skb, 0, 0, GFP_ATOMIC);
+	rcu_read_unlock();
=20
 	return;
=20
--=20
2.34.1