tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

net: hsr: prevent creation of HSR device with slaves from another netns

HSR/PRP driver does not handle correctly having slaves/interlink devices
in a different net namespace. Currently, it is possible to create a HSR
link in a different net namespace than the slaves/interlink with the
following command:

ip link add hsr0 netns hsr-ns type hsr slave1 eth1 slave2 eth2

As there is no use-case on supporting this scenario, enforce that HSR
device link matches netns defined by IFLA_LINK_NETNSID.

The iproute2 command mentioned above will throw the following error:

Error: hsr: HSR slaves/interlink must be on the same net namespace than HSR link.

Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Link: https://patch.msgid.link/20251020135533.9373-1-fmancera@suse.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Fernando Fernandez Mancera and committed by
Jakub Kicinski c0178eec 441f0647

+7 -1
+7 -1
net/hsr/hsr_netlink.c
··· 34 34 struct netlink_ext_ack *extack) 35 35 { 36 36 struct net *link_net = rtnl_newlink_link_net(params); 37 + struct net_device *link[2], *interlink = NULL; 37 38 struct nlattr **data = params->data; 38 39 enum hsr_version proto_version; 39 40 unsigned char multicast_spec; 40 41 u8 proto = HSR_PROTOCOL_HSR; 41 42 42 - struct net_device *link[2], *interlink = NULL; 43 + if (!net_eq(link_net, dev_net(dev))) { 44 + NL_SET_ERR_MSG_MOD(extack, 45 + "HSR slaves/interlink must be on the same net namespace than HSR link"); 46 + return -EINVAL; 47 + } 48 + 43 49 if (!data) { 44 50 NL_SET_ERR_MSG_MOD(extack, "No slave devices specified"); 45 51 return -EINVAL;