On Fri, 3 Nov 2017 11:26:47 -0700 Ben Pfaff <[email protected]> wrote: > On Thu, Nov 02, 2017 at 05:05:02PM -0200, Flavio Leitner wrote: > > The netlink notification's ancillary data contains the network > > namespace id (netnsid) needed to identify the device correctly. > > (ifindex and netnsid). > > > > Signed-off-by: Flavio Leitner <[email protected]> > > Thanks a lot for working on this. > > I did not fully review this patch, but one thing that would make me more > comfortable with cmsg handling is if the code would identify SCM_RIGHTS > cmsgs and close the fds that they contain. I don't know currently > whether the kernel ever sends fds to userspace over netlink cmsgs, but > for unix domain socket messages sent between user processes it is risky > to accept cmsg data without closing any received fds: it makes the > receiving process prone to fd leaks.
It seems that kernel doesn't send any fds through netlink messages, not sure on Windows though. But I agree OVS could be on the defensive side and close if it finds fds. Let's see if there are other comments today, otherwise I will respin the patchset including the fix. Thanks Ben! -- Flavio _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
