On Sun, Jan 17, 2021 at 06:23:19PM +0800, menglong8.d...@gmail.com wrote:
> From: Menglong Dong
>
> For now, sysctl_wmem_default and sysctl_rmem_default are globally
> unified. It's not convenient in some case. For example, when we
> use docker and try to control the default udp socket receive bu
On Wed, Feb 10, 2021 at 12:04:23PM +, Lorenz Bauer wrote:
> Network namespaces have a globally unique non-zero identifier aka a
> cookie, in line with socket cookies. Add an ioctl to retrieve the
> cookie from user space without going via BPF.
>
> Cc: linux-...@vger.kernel.org
> Signed-off-by:
On Wed, Mar 31, 2021 at 04:05:10PM +0800, Xie Yongji wrote:
> Export receive_fd() so that some modules can use
> it to pass file descriptor between processes without
> missing any security stuffs.
>
> Signed-off-by: Xie Yongji
> ---
Yeah, as I said in the other mail I'd be comfortable with expos
On Wed, Mar 31, 2021 at 12:26:24PM +0300, Dan Carpenter wrote:
> On Wed, Mar 31, 2021 at 11:15:45AM +0200, Christian Brauner wrote:
> > On Wed, Mar 31, 2021 at 04:05:10PM +0800, Xie Yongji wrote:
> > > Export receive_fd() so that some modules can use
> > > it to p
On Wed, Mar 31, 2021 at 07:32:33PM +0800, Yongji Xie wrote:
> On Wed, Mar 31, 2021 at 5:15 PM Christian Brauner
> wrote:
> >
> > On Wed, Mar 31, 2021 at 04:05:10PM +0800, Xie Yongji wrote:
> > > Export receive_fd() so that some modules can use
> > > it to pa
On Wed, Mar 31, 2021 at 09:59:07PM +0800, Yongji Xie wrote:
> On Wed, Mar 31, 2021 at 8:23 PM Christian Brauner
> wrote:
> >
> > On Wed, Mar 31, 2021 at 07:32:33PM +0800, Yongji Xie wrote:
> > > On Wed, Mar 31, 2021 at 5:15 PM Christian Brauner
> > > wrote:
er Mikhalitsyn
> Suggested-by: Christian Brauner
> Signed-off-by: Andrei Vagin
> ---
Thank you for doing this! This will really help a lot of people with
using CRIU's network dump+restore capabilities.
It might be worth to point out that the ifindex of a netdev can already
change d
where they have to
> be restored, then CRIU will restore network namespaces and move devices
> into them. The problem is that devices have to be restored with the same
> indexes that they have before C/R.
>
> Cc: Alexander Mikhalitsyn
> Suggested-by: Christian Brauner
> Signed-of
where they have to
> be restored, then CRIU will restore network namespaces and move devices
> into them. The problem is that devices have to be restored with the same
> indexes that they have before C/R.
>
> Cc: Alexander Mikhalitsyn
> Suggested-by: Christian Brauner
> Reviewed
On Tue, Apr 13, 2021 at 03:08:48AM -0400, Jonathon Reinhart wrote:
> Currently, tcp_allowed_congestion_control is global and writable;
> writing to it in any net namespace will leak into all other net
> namespaces.
>
> tcp_available_congestion_control and tcp_allowed_congestion_control are
> the o
Hey everyone,
I get the following WARN triggered in net/wireless/nl80211.c during boot
on v5.12-rc1:
[ 36.749643] [ cut here ]
[ 36.749645] WARNING: CPU: 7 PID: 829 at net/wireless/nl80211.c:7746
nl80211_get_reg_do+0x215/0x250 [cfg80211]
[ 36.749683] Modules linked
On Tue, Mar 02, 2021 at 09:47:10AM +, Lorenz Bauer wrote:
> On Mon, 1 Mar 2021 at 10:04, Christian Brauner
> wrote:
> >
> > Hey Lorenz,
> >
> > Just to make sure: is it intentional that any user can retrieve the
> > cookie associated with any network n
On Mon, Mar 15, 2021 at 05:46:43PM +0800, Yongji Xie wrote:
> On Mon, Mar 15, 2021 at 5:08 PM Christoph Hellwig wrote:
> >
> > On Mon, Mar 15, 2021 at 01:37:11PM +0800, Xie Yongji wrote:
> > > Export __receive_fd() so that some modules can use
> > > it to pass file descriptor between processes.
>
nction fails.
>
> Add a separate NULL check to tell gcc about it as well.
>
> Signed-off-by: Arnd Bergmann
> ---
Seems reasonable,
Acked-by: Christian Brauner
bot+43a3fa52c0d9c5c94...@syzkaller.appspotmail.com
Fixes: 22567590b2e6 ("netfilter: bridge: namespace bridge netfilter sysctls")
Signed-off-by: Christian Brauner
---
net/bridge/br_netfilter_hooks.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_netfilter_hooks.c
vices/pci:00/:00:02.0/:01:00.1/net/eth1 (net)
Thanks!
Christian
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Christian Brauner (2):
uevent: add alloc_uevent_skb() helper
netns: restrict uevents
atch therefore removes kobj_bcast_filter() and replaces
netlink_broadcast_filtered() with the simpler netlink_broadcast()
everywhere.
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Signed-off
This patch adds alloc_uevent_skb() in preparation for follow up patches.
Signed-off-by: Christian Brauner
---
lib/kobject_uevent.c | 39 ++-
1 file changed, 26 insertions(+), 13 deletions(-)
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index
On Fri, Apr 27, 2018 at 11:39:44AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > This patch adds alloc_uevent_skb() in preparation for follow up patches.
> >
> > Signed-off-by: Christian Brauner
> > ---
On Fri, Apr 27, 2018 at 11:30:26AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
> > ---
> > lib/kobject_uevent.c | 140 ++-
> > 1 file changed, 99 insertions(+), 41 deletions(-)
> >
> > diff -
This patch adds alloc_uevent_skb() in preparation for follow up patches.
Signed-off-by: Christian Brauner
---
v3->v4:
* non-functional changes:
initialize some variables again explicitly to make it obvious to
readers that they are correctly set
v2->v3:
* new approach: patch added
atch therefore removes kobj_bcast_filter() and replaces
netlink_broadcast_filtered() with the simpler netlink_broadcast()
everywhere.
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Signed-off-by: Christian Brauner
---
v3->
(net)
KERNEL[655.333272] remove
/devices/pci:00/:00:02.0/:01:00.1/net/eth1 (net)
Thanks!
Christian
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Christian Brauner (2):
uevent: add alloc_uevent_skb() h
On Sat, Apr 28, 2018 at 11:23:58PM -0500, Eric W. Biederman wrote:
>
> > + /* fix credentials */
> > + if (owning_user_ns != &init_user_ns) {
> > + struct netlink_skb_parms *parms = &NETLINK_CB(skb);
> > + kuid_t root_uid;
> > + kgid_t root_gid;
> > +
> > +
atch therefore removes kobj_bcast_filter() and replaces
netlink_broadcast_filtered() with the simpler netlink_broadcast()
everywhere.
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Signed-off-by: Christian Brauner
---
v4->
(net)
KERNEL[655.333272] remove
/devices/pci:00/:00:02.0/:01:00.1/net/eth1 (net)
Thanks!
Christian
[1]: https://lkml.org/lkml/2018/4/4/739
[2]: https://lkml.org/lkml/2018/4/26/767
[3]: https://lkml.org/lkml/2018/4/26/738
Christian Brauner (2):
uevent: add alloc_uevent_skb() h
This patch adds alloc_uevent_skb() in preparation for follow up patches.
Signed-off-by: Christian Brauner
---
v4->v5:
* patch unchanged
v3->v4:
* non-functional changes:
initialize some variables again explicitly to make it obvious to
readers that they are correctly set
v2->
network namespaces not in the global uevent
socket list.
**A very detailed rationale is present in the commit message
[PATCH 2/2] netns: isolate seqnums to use per-netns locks**
Thanks!
Christian
Christian Brauner (2):
netns: restrict uevents
netns: isolate seqnums to use per-netns locks
listen to uevents.
[1]: https://lkml.org/lkml/2018/4/4/739
Signed-off-by: Christian Brauner
---
lib/kobject_uevent.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index 15ea216a67ce..f5f5038787ac 100644
--- a/li
as possible even if there are a lot of uevents injected into network
namespaces not owned by the initial user namespace. In addition, each
network namespace not owned by the initial user namespace does not have to
wait on any other network namespace not sharing the same user namespace.
Sign
On Wed, Apr 18, 2018 at 11:55:52AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > Now that it's possible to have a different set of uevents in different
> > network namespaces, per-network namespace uevent sequence numbers are
> > introduced.
On Wed, Apr 18, 2018 at 11:52:47PM +0200, Christian Brauner wrote:
> On Wed, Apr 18, 2018 at 11:55:52AM -0500, Eric W. Biederman wrote:
> > Christian Brauner writes:
> >
> > > Now that it's possible to have a different set of uevents in different
> > > net
On Fri, Apr 20, 2018 at 03:56:28PM +0200, Christian Brauner wrote:
> On Wed, Apr 18, 2018 at 11:52:47PM +0200, Christian Brauner wrote:
> > On Wed, Apr 18, 2018 at 11:55:52AM -0500, Eric W. Biederman wrote:
> > > Christian Brauner writes:
> > >
> > > > Now
On Fri, Apr 20, 2018 at 06:16:44PM +0200, Christian Brauner wrote:
> On Fri, Apr 20, 2018 at 03:56:28PM +0200, Christian Brauner wrote:
> > On Wed, Apr 18, 2018 at 11:52:47PM +0200, Christian Brauner wrote:
> > > On Wed, Apr 18, 2018 at 11:55:52AM -0500, Eric W. Biederman wrote:
On Mon, Apr 23, 2018 at 10:39:50AM +0800, kbuild test robot wrote:
> Hi Christian,
>
> Thank you for the patch! Yet something to improve:
>
> [auto build test ERROR on net-next/master]
>
> url:
> https://github.com/0day-ci/linux/commits/Christian-Brauner/netns-u
8
sample estimates:
mean of x mean of y
207.2632 164.0330
Signed-off-by: Christian Brauner
---
Changelog v0->v1:
* add detailed test results to the commit message
* account for kernels compiled without CONFIG_NET
---
include/linux/kobject.h | 2 +
include/net
the global uevent
socket list from the locking for network namespaces not in the global
uevent socket list.
A very detailed rationale including performance test results is
present in the commit message for
[PATCH 2/2] netns: isolate seqnums to use per-netns locks
Thanks!
Christian
listen to uevents.
[1]: https://lkml.org/lkml/2018/4/4/739
Signed-off-by: Christian Brauner
---
Changelog v0->v1:
* patch unchanged
---
lib/kobject_uevent.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/lib/kobject_uevent.c b/lib/kobject_
8
sample estimates:
mean of x mean of y
207.2632 164.0330
Signed-off-by: Christian Brauner
---
Changelog v1->v2:
* non-functional change: fix indendation for C directives in
kernel/ksysfs.c
Changelog v0->v1:
* add detailed test results to the commit message
* ac
essage for
[PATCH 2/2] netns: isolate seqnums to use per-netns locks
Thanks!
Christian
Christian Brauner (2):
netns: restrict uevents
netns: isolate seqnums to use per-netns locks
include/linux/kobject.h | 2 +
include/net/net_namespace.h | 3 +
kernel/ksysfs.c | 11
listen to uevents.
[1]: https://lkml.org/lkml/2018/4/4/739
Signed-off-by: Christian Brauner
---
Changelog v1->v2:
* patch unchanged
Changelog v0->v1:
* patch unchanged
---
lib/kobject_uevent.c | 18 --
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/l
On Tue, Apr 24, 2018 at 03:39:25PM -0400, David Miller wrote:
> From: Christian Brauner
> Date: Mon, 23 Apr 2018 12:24:43 +0200
>
> > + #ifdef CONFIG_NET
> > + seqnum = get_ns_uevent_seqnum_by_vpid();
> > + #else
> > + seqnum = uevent_s
On Tue, Apr 24, 2018 at 04:52:20PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > Now that it's possible to have a different set of uevents in different
> > network namespaces, per-network namespace uevent sequence numbers are
> > introduced.
iltering logic to
kobj_bcast_filter(). But since we care about performance improvements as
well I can come up with a patch that moves this logic out of
kobj_bcast_filter().
Christian
[1]: https://www.spinics.net/lists/netdev/msg494487.html
>
> Eric
>
> Christian Brauner writes:
> >
On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman wrote:
> >
> > Bah. This code is obviously correct and probably wrong.
> >
> > How do we deliver uevents for
On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Wed, Apr 25, 2018, 00:41 Eric W. Bi
On Thu, Apr 26, 2018 at 12:10:30PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 26, 2018 at 11:47:19AM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Tue, Apr 24, 2018 at
On Thu, Apr 26, 2018 at 07:35:47PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 26, 2018 at 12:10:30PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Thu, Apr 26, 2018 at
On Thu, Jun 27, 2019 at 04:42:18PM -0700, Andy Lutomirski wrote:
> [sigh, I finally set up lore nntp, and I goofed some addresses. Hi
> Kees and linux-api.]
Love it or hate it but that should probably also Cc linux-security...
>
> On Thu, Jun 27, 2019 at 4:40 PM Andy Lutomirski wrote:
> >
> >
On Fri, Aug 16, 2019 at 02:45:44PM -0700, Alexei Starovoitov wrote:
> On Thu, Aug 15, 2019 at 05:54:59PM -0700, Andy Lutomirski wrote:
> >
> >
> > > On Aug 15, 2019, at 4:46 PM, Alexei Starovoitov
> > > wrote:
> >
> >
> > >>
> > >> I'm not sure why you draw the line for VMs -- they're just a
On August 17, 2019 5:08:45 PM GMT+02:00, Alexei Starovoitov
wrote:
>On Sat, Aug 17, 2019 at 12:22:53AM +0200, Christian Brauner wrote:
>>
>> (The one usecase I'd care about is to extend seccomp to do
>pointer-based
>> syscall filtering. Whether or not that'
On August 17, 2019 5:36:54 PM GMT+02:00, Alexei Starovoitov
wrote:
>On Sat, Aug 17, 2019 at 05:16:53PM +0200, Christian Brauner wrote:
>> On August 17, 2019 5:08:45 PM GMT+02:00, Alexei Starovoitov
> wrote:
>> >On Sat, Aug 17, 2019 at 12:22:53AM +0200, Christian Brauner wro
d-function]
> static int proc_dointvec_minmax_bpf_stats(struct ctl_table *table, int write,
>
> The CONFIG_BPF_SYSCALL check was already handled, but the SYSCTL check
> is needed on top.
>
> Fixes: 492ecee892c2 ("bpf: enable program stats")
> Signed-off-by: Arnd Ber
On Mon, Mar 04, 2019 at 09:38:03PM +0100, Arnd Bergmann wrote:
> When CONFIG_SYSCTL is turned off, we get a link failure for
> the newly introduced tuning knob.
>
> net/ipv6/addrconf.o: In function `addrconf_init_net':
> addrconf.c:(.text+0x31dc): undefined reference to
> `sysctl_devconf_inherit_
On Mon, Mar 04, 2019 at 10:07:17PM +0100, Arnd Bergmann wrote:
> On Mon, Mar 4, 2019 at 10:00 PM Christian Brauner
> wrote:
> >
> > On Mon, Mar 04, 2019 at 09:38:03PM +0100, Arnd Bergmann wrote:
> > > When CONFIG_SYSCTL is turned off, we get a link failure for
> &
evd version 147
2. Debian Sid with systemd-udevd version 237
3. Android 7.1.1 with ueventd
Signed-off-by: Christian Brauner
---
include/net/net_namespace.h | 1 +
lib/kobject_uevent.c| 88 -
2 files changed, 88 insertions(+), 1 deletion(-
On Thu, Mar 15, 2018 at 12:47:30PM +0300, Kirill Tkhai wrote:
> CC Andrey Vagin
Hey Kirill,
Thanks for CCing Andrey.
>
> On 15.03.2018 03:12, Christian Brauner wrote:
> > This patch adds a receive method to NETLINK_KOBJECT_UEVENT netlink sockets
> > to allow sending uev
evd version 147
2. Debian Sid with systemd-udevd version 237
3. Android 7.1.1 with ueventd
Signed-off-by: Christian Brauner
---
Changelog v0->v1:
* Hold mutex_lock() until uevent is sent to preserve uevent message
ordering. See udev and commit for reference:
commit 7b60a18da393ed70db043a
On Thu, Mar 15, 2018 at 05:14:13PM +0300, Kirill Tkhai wrote:
> On 15.03.2018 16:39, Christian Brauner wrote:
> > On Thu, Mar 15, 2018 at 12:47:30PM +0300, Kirill Tkhai wrote:
> >> CC Andrey Vagin
> >
> > Hey Kirill,
> >
> > Thanks for CCing Andrey.
>
is includes the space
needed to append the uevent sequence number.
Testing:
This patch has been tested and verified to work with the following udev
implementations:
1. CentOS 6 with udevd version 147
2. Debian Sid with systemd-udevd version 237
3. Android 7.1.1 with ueventd
Signed-off-by: Ch
On Fri, Mar 16, 2018 at 02:41:45PM -0400, David Miller wrote:
> From: Christian Brauner
> Date: Fri, 16 Mar 2018 13:50:30 +0100
>
> > +static int uevent_net_broadcast(struct sock *usk, struct sk_buff *skb,
> > + struct netlink_ext_ack *extack)
&
On Fri, Mar 16, 2018 at 11:14:31PM +0300, Kirill Tkhai wrote:
> On 16.03.2018 15:50, Christian Brauner wrote:
> > This patch adds a receive method to NETLINK_KOBJECT_UEVENT netlink sockets
> > to allow sending uevent messages into the network namespace the socket
> > belongs t
ludes the space
needed to append the uevent sequence number.
Testing:
This patch has been tested and verified to work with the following udev
implementations:
1. CentOS 6 with udevd version 147
2. Debian Sid with systemd-udevd version 237
3. Android 7.1.1 with ueventd
Signed-off-by: Ch
__list_del_entry_valid() in its call chain which
will validate that the element is a member of the list. If it isn't it will
take care that the list is not modified.
Signed-off-by: Christian Brauner
---
Changelog v2->v3:
* patch added
This patch was split out of the follow up patch
Subject: [PATC
On Mon, Mar 19, 2018 at 02:53:09PM +0300, Kirill Tkhai wrote:
> Thanks for doing this. One small comment below.
>
> On 17.03.2018 14:08, Christian Brauner wrote:
> > This commit adds struct uevent_sock to struct net. Since struct uevent_sock
> > records the position of the
__list_del_entry_valid() in its call chain which
will validate that the element is a member of the list. If it isn't it will
take care that the list is not modified.
Signed-off-by: Christian Brauner
---
Changelog v3->v4:
* non-functional change: remove return from function returning void
Changelo
ludes the space
needed to append the uevent sequence number.
Testing:
This patch has been tested and verified to work with the following udev
implementations:
1. CentOS 6 with udevd version 147
2. Debian Sid with systemd-udevd version 237
3. Android 7.1.1 with ueventd
Signed-off-by: Ch
rrying a namespace tag are now
always only sent to the initial user namespace. The regression potential
for this is near to non-existent since user namespaces can't really do
anything with interesting devices.
Signed-off-by: Christian Brauner
---
lib/kobject_uevent.c | 10 +-
1 fil
On Wed, Apr 04, 2018 at 09:48:57PM +0200, Christian Brauner wrote:
> commit 07e98962fa77 ("kobject: Send hotplug events in all network namespaces")
>
> enabled sending hotplug events into all network namespaces back in 2010.
> Over time the set of uevents that get sent into
On Wed, Apr 04, 2018 at 05:38:02PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Wed, Apr 04, 2018 at 09:48:57PM +0200, Christian Brauner wrote:
> >> commit 07e98962fa77 ("kobject: Send hotplug events in all network
> >> namespaces&q
On Thu, Apr 05, 2018 at 04:01:03PM +0300, Kirill Tkhai wrote:
> On 04.04.2018 22:48, Christian Brauner wrote:
> > commit 07e98962fa77 ("kobject: Send hotplug events in all network
> > namespaces")
> >
> > enabled sending hotplug events into all network names
On Thu, Apr 05, 2018 at 05:26:59PM +0300, Kirill Tkhai wrote:
> On 05.04.2018 17:07, Christian Brauner wrote:
> > On Thu, Apr 05, 2018 at 04:01:03PM +0300, Kirill Tkhai wrote:
> >> On 04.04.2018 22:48, Christian Brauner wrote:
> >>> commit 07e98962fa77 ("kobject:
On Thu, Apr 05, 2018 at 10:59:49PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 05, 2018 at 05:26:59PM +0300, Kirill Tkhai wrote:
> >> On 05.04.2018 17:07, Christian Brauner wrote:
> >> > On Thu, Apr 05, 2018 at 04:01:03PM +030
On Fri, Apr 06, 2018 at 09:45:41AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 05, 2018 at 10:59:49PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Thu, Apr 05, 2018 at 05:26:59PM +0300,
On Thu, Apr 05, 2018 at 10:59:49PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 05, 2018 at 05:26:59PM +0300, Kirill Tkhai wrote:
> >> On 05.04.2018 17:07, Christian Brauner wrote:
> >> > On Thu, Apr 05, 2018 at 04:01:03PM +030
On Mon, Apr 09, 2018 at 06:21:31PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Thu, Apr 05, 2018 at 10:59:49PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Thu, Apr 05, 2018 at 05:26:59PM +0300,
On Tue, Apr 10, 2018 at 10:04:46AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Mon, Apr 09, 2018 at 06:21:31PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Thu, Apr 05, 2018 at
On Wed, Apr 11, 2018 at 11:40:14AM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Tue, Apr 10, 2018 at 10:04:46AM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Mon, Apr 09, 2018 at
On Wed, Apr 11, 2018 at 01:37:18PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Wed, Apr 11, 2018 at 11:40:14AM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >> > Yeah, agreed.
> >> > But I think the pa
On Wed, Apr 11, 2018 at 02:16:23PM -0500, Eric W. Biederman wrote:
> Christian Brauner writes:
>
> > On Wed, Apr 11, 2018 at 01:37:18PM -0500, Eric W. Biederman wrote:
> >> Christian Brauner writes:
> >>
> >> > On Wed, Apr 11, 2018 at
On Thu, Aug 30, 2018 at 04:45:45PM +0200, Christian Brauner wrote:
> On Thu, Aug 30, 2018 at 11:49:31AM +0300, Kirill Tkhai wrote:
> > On 29.08.2018 21:13, Christian Brauner wrote:
> > > Hi Kirill,
> > >
> > > Thanks for the question!
> > >
> >
s/no/now/
> position, which can lead to a failure depending on the exact stack
> initialization patter. Initialize the variable to zero to make
s/patter/pattern/
> rw_verify_area happy.
>
> Fixes: 6955a76fbcd5 ("bpfilter: switch to kernel_write")
> Reported-by: Christian B
vger.kernel.org
> Fixes: 48a87cc26c13 ("net: netprio: fd passed in SCM_RIGHTS datagram not set
> correctly")
> Fixes: d84295067fc7 ("net: net_cls: fd passed in SCM_RIGHTS datagram not set
> correctly")
> Signed-off-by: Kees Cook
> ---
Thanks!
Acked-by: Christian Brauner
On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> Hi,
>
> On Wed, Nov 07, 2018 at 02:48:58PM +0100, Christian Brauner wrote:
> [...]
> > diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
> > index ca043342c0eb..eedbd1ac940e 1006
On Tue, Nov 27, 2018 at 09:23:49AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Nov 27, 2018 at 03:20:45AM +0100, Christian Brauner wrote:
> > On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> > > Hi,
> > >
> > > On Wed, Nov 07, 2018 at 02:48
On Tue, Nov 27, 2018 at 09:23:49AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Nov 27, 2018 at 03:20:45AM +0100, Christian Brauner wrote:
> > On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> > > Hi,
> > >
> > > On Wed, Nov 07, 2018 at 02:48
On Mon, Sep 24, 2018 at 09:19:06PM -0600, David Ahern wrote:
> On top of net-next I am see a dmesg error:
>
> netlink: 16 bytes leftover after parsing attributes in process `ip'.
>
> I traced it to address lists and commit:
>
> commit 6ecf4c37eb3e89b0832c9616089a5cdca3
On Tue, Sep 25, 2018 at 09:37:41AM -0600, David Ahern wrote:
> On 9/25/18 8:47 AM, Jiri Benc wrote:
> > On Tue, 25 Sep 2018 11:49:10 +0200, Christian Brauner wrote:
> >> So if people really want to hide this issue as much as we can then we
> >> can play the guessing game
On Tue, Sep 25, 2018 at 02:16:12PM +0100, Stephen Hemminger wrote:
> On Tue, 25 Sep 2018 14:34:08 +0200
> Christian Brauner wrote:
>
> > On Tue, Sep 25, 2018, 14:07 Stephen Hemminger
> > wrote:
> >
> > > On Tue, 25 Sep 2018 11:49:10 +0200
> > > Chr
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
net/decnet/dn_dev.c | 25 +++--
1 file changed, 23 insertions(+), 2 dele
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
security/selinux/nlmsgtab.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
net/ipv6/addrconf.c | 30 --
1 file changed, 24 insertions(
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
net/core/rtnetlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/rtnetlink.c
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
net/phonet/pn_netlink.c | 25 +++--
1 file changed, 23 insertions(+), 2 dele
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
net/ipv4/devinet.c | 24 +---
1 file changed, 21 insertions(+), 3 dele
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
---
include/uapi/linux/rtnetlink.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include
59
[2]: https://lists.openwall.net/netdev/2018/09/25/75
[3]: https://lists.openwall.net/netdev/2018/09/26/166
Signed-off-by: Christian Brauner
Cc: David Ahern
Cc: Jiri Benc
Cc: Stephen Hemminger
Christian Brauner (7):
rtnetlink: add RTM_GETADDR2
ipv4: add RTM_GETADDR2
ipv6: add RTM_GET
On September 27, 2018 10:24:36 PM GMT+02:00, David Ahern
wrote:
>On 9/27/18 11:58 AM, Christian Brauner wrote:
>> Various userspace programs (e.g. iproute2) have sent RTM_GETADDR
>> requests with struct ifinfomsg. This is wrong and should have been
>> struct ifaddrmsg all
On Fri, Sep 28, 2018 at 08:45:01AM -0700, dsah...@kernel.org wrote:
> From: David Ahern
>
> Update inet_dump_ifaddr to check for NLM_F_DUMP_PROPER_HDR in the netlink
> message header. If the flag is set, the dump request is expected to have
> an ifaddrmsg struct as the header potentially followed
On Fri, Sep 28, 2018 at 08:45:02AM -0700, dsah...@kernel.org wrote:
> From: David Ahern
>
> Update inet6_dump_addr to check for NLM_F_DUMP_PROPER_HDR in the netlink
> message header. If the flag is set, the dump request is expected to have
> an ifaddrmsg struct as the header potentially followed
1 - 100 of 217 matches
Mail list logo
