archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 06:24:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include/net/netns
History
Bobby Eshleman 102eab95f0 vsock: lock down child_ns_mode as write-once 
Two administrator processes may race when setting child_ns_mode as one
process sets child_ns_mode to "local" and then creates a namespace, but
another process changes child_ns_mode to "global" between the write and
the namespace creation. The first process ends up with a namespace in
"global" mode instead of "local". While this can be detected after the
fact by reading ns_mode and retrying, it is fragile and error-prone.

Make child_ns_mode write-once so that a namespace manager can set it
once and be sure it won't change. Writing a different value after the
first write returns -EBUSY. This applies to all namespaces, including
init_net, where an init process can write "local" to lock all future
namespaces into local mode.

Fixes: eafb64f40c ("vsock: add netns to vsock core")
Suggested-by: Daan De Meyer <daan.j.demeyer@gmail.com>
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
Co-developed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Bobby Eshleman <bobbyeshleman@meta.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://patch.msgid.link/20260223-vsock-ns-write-once-v3-2-c0cde6959923@meta.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-02-26 11:10:03 +01:00
..
bpf.h bpf: Invert the dependency between bpf-netns.h and netns/bpf.h 2021-12-29 20:03:05 -08:00
can.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
conntrack.h netfilter: conntrack: remove DCCP protocol support 2025-07-03 13:51:39 +02:00
core.h net: Introduce net.core.bypass_prot_mem sysctl. 2025-10-16 12:04:47 -07:00
flow_table.h netfilter: nf_flow_table: count pending offload workqueue tasks 2022-07-11 16:25:14 +02:00
generic.h netns: Replace zero-length array with DECLARE_FLEX_ARRAY() helper 2022-09-28 18:51:47 -07:00
hash.h netns: provide pure entropy for net_hash_mix() 2019-03-28 17:00:45 -07:00
ieee802154_6lowpan.h net: dynamically allocate fqdir structures 2019-05-26 14:08:05 -07:00
ipv4.h inet: move icmp_global_{credit,stamp} to a separate cache line 2026-02-18 16:46:36 -08:00
ipv6.h ipv6: add sysctl_ipv6_flowlabel group 2026-01-19 09:56:42 -08:00
mctp.h net: mctp: Use hashtable for binds 2025-07-15 12:08:39 +02:00
mib.h net: reorganize fields in netns_mib 2021-04-02 14:31:44 -07:00
mpls.h mpls: Protect net->mpls.platform_label with a per-netns mutex. 2025-11-03 17:40:53 -08:00
netfilter.h netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core 2024-06-19 18:41:59 +02:00
nexthop.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
nftables.h netfilter: nf_tables: place base_seq in struct net 2025-09-10 20:30:37 +02:00
packet.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sctp.h sctp: Convert cookie authentication to use HMAC-SHA256 2025-08-19 19:36:26 -07:00
smc.h net/smc: bpf: Introduce generic hook for handshake flow 2025-11-10 11:19:41 -08:00
unix.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
vsock.h vsock: lock down child_ns_mode as write-once 2026-02-26 11:10:03 +01:00
xdp.h net: xsk: Don't include <linux/rculist.h> 2022-12-06 20:04:34 -08:00
xfrm.h xfrm: Add an inbound percpu state cache. 2024-10-29 11:56:18 +01:00