Re: [PATCH net v2 2/4] net: netlink: don't set nsid on local notifications

[Nicolas Dichtel]

Le 21/05/2026 à 18:01, Ilya Maximets a écrit :
> On 5/21/26 4:25 PM, Nicolas Dichtel wrote:
>> Le 21/05/2026 à 16:00, Jiri Benc a écrit :
>>> On Thu, 21 May 2026 14:36:12 +0200, Nicolas Dichtel wrote:
>>>> I still don't think that this is the right "fix". The app is broken. Even after
>>>> this patch, the bug could be easily triggered again by a third party.
>>>> There is nothing wrong with assigning a self-nsid. It would be a lot more robust
>>>> for the app to assign itself a self-nsid when it starts.
>>>
>>> On the other hand, does the patch break anything in practice (as
>>> opposed to in theory)? It makes live of several apps simpler, which is
>>> not a bad goal.
>> I'm not against the patch, it just look like a workaround.
>> I'm trying to understand how NETLINK_LISTEN_ALL_NSID is used (in fact, why it is
>> used if the app doesn't "understand" NSIDs).
> 
> ovs-vswitchd works with NSIDs of remote ports.  So it does understand them, it
> just doesn't expect the self-referential ones for the local namespace.
> 
> openvswitch module has a minimal support for cross-namespace operation.  Ports can
> be added to the openvswitch datapath and then moved to a different namespace (it's
> a little weird use case, but that's beyond the point here).  ovs-vswitchd learns
> new NSIDs of those ports from the openvswitch module and then it can perform a
> limited set of cross-namespace operations on them and monitor their status changes
> through notifications on an all-nsid socket.  It never learns the NSID of the
> current local namespace, because all the local ports can be directly accessed and
> openvswitch module doesn't report an NSID for them, as it's not needed for anything.
> 
> In the end, ovs-vswitchd knows all the remote NSIDs it needs to know and can
> recognize them in notifications.  But it doesn't know the NSID of it's own local
> namespace, as the openvswitch module never reports that for local ports and
> ovs-vswitchd doesn't explicitly check its own NSID.  So, local notifications with
> NSID set get treatment of a notification from some remote namespace that we do not
> care about.
> 
> We will be putting changes into ovs-vswitch to work around this issue, simply
> because it will take time for the kernel patch to propagate to distros.  But this
> code will not be useful for anything except for working around this one specific
> case and so it would be nice to get rid of it eventually.  And it would be nice
> if future applications didn't need to care about this behavior as well.  Having
> the fix in stable will speed up the process significantly.
Ok, thanks for the details.

Regards,
Nicolas