aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-09-12 07:02:17 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:49:09 -0400
commite9dc86534051b78e41e5b746cccc291b57a3a311 (patch)
tree1cd4a1dde4c51b6311749428a22cc8a8f5436825
parente730c15519d09ea528b4d2f1103681fa5937c0e6 (diff)
[NET]: Make device event notification network namespace safe
Every user of the network device notifiers is either a protocol stack or a pseudo device. If a protocol stack that does not have support for multiple network namespaces receives an event for a device that is not in the initial network namespace it quite possibly can get confused and do the wrong thing. To avoid problems until all of the protocol stacks are converted this patch modifies all netdev event handlers to ignore events on devices that are not in the initial network namespace. As the rest of the code is made network namespace aware these checks can be removed. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--arch/ia64/hp/sim/simeth.c3
-rw-r--r--drivers/net/bonding/bond_main.c3
-rw-r--r--drivers/net/hamradio/bpqether.c3
-rw-r--r--drivers/net/pppoe.c3
-rw-r--r--drivers/net/wan/dlci.c3
-rw-r--r--drivers/net/wan/hdlc.c3
-rw-r--r--drivers/net/wan/lapbether.c3
-rw-r--r--net/8021q/vlan.c4
-rw-r--r--net/appletalk/aarp.c3
-rw-r--r--net/appletalk/ddp.c3
-rw-r--r--net/atm/clip.c3
-rw-r--r--net/atm/mpc.c4
-rw-r--r--net/ax25/af_ax25.c3
-rw-r--r--net/bridge/br_notify.c4
-rw-r--r--net/core/dst.c4
-rw-r--r--net/core/fib_rules.c4
-rw-r--r--net/core/pktgen.c3
-rw-r--r--net/core/rtnetlink.c4
-rw-r--r--net/decnet/af_decnet.c3
-rw-r--r--net/econet/af_econet.c3
-rw-r--r--net/ipv4/arp.c3
-rw-r--r--net/ipv4/devinet.c3
-rw-r--r--net/ipv4/fib_frontend.c3
-rw-r--r--net/ipv4/ipmr.c7
-rw-r--r--net/ipv4/netfilter/ip_queue.c3
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c3
-rw-r--r--net/ipv6/addrconf.c3
-rw-r--r--net/ipv6/ndisc.c3
-rw-r--r--net/ipv6/netfilter/ip6_queue.c3
-rw-r--r--net/ipx/af_ipx.c3
-rw-r--r--net/netfilter/nfnetlink_queue.c3
-rw-r--r--net/netrom/af_netrom.c3
-rw-r--r--net/packet/af_packet.c3
-rw-r--r--net/rose/af_rose.c3
-rw-r--r--net/tipc/eth_media.c3
-rw-r--r--net/x25/af_x25.c3
-rw-r--r--net/xfrm/xfrm_policy.c5
-rw-r--r--security/selinux/netif.c4
38 files changed, 126 insertions, 1 deletions
diff --git a/arch/ia64/hp/sim/simeth.c b/arch/ia64/hp/sim/simeth.c
index 4017696ada6..08b117e2c54 100644
--- a/arch/ia64/hp/sim/simeth.c
+++ b/arch/ia64/hp/sim/simeth.c
@@ -294,6 +294,9 @@ simeth_device_event(struct notifier_block *this,unsigned long event, void *ptr)
294 return NOTIFY_DONE; 294 return NOTIFY_DONE;
295 } 295 }
296 296
297 if (dev->nd_net != &init_net)
298 return NOTIFY_DONE;
299
297 if ( event != NETDEV_UP && event != NETDEV_DOWN ) return NOTIFY_DONE; 300 if ( event != NETDEV_UP && event != NETDEV_DOWN ) return NOTIFY_DONE;
298 301
299 /* 302 /*
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index e4e5fdc0430..cf97d8a6326 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3299,6 +3299,9 @@ static int bond_netdev_event(struct notifier_block *this, unsigned long event, v
3299{ 3299{
3300 struct net_device *event_dev = (struct net_device *)ptr; 3300 struct net_device *event_dev = (struct net_device *)ptr;
3301 3301
3302 if (event_dev->nd_net != &init_net)
3303 return NOTIFY_DONE;
3304
3302 dprintk("event_dev: %s, event: %lx\n", 3305 dprintk("event_dev: %s, event: %lx\n",
3303 (event_dev ? event_dev->name : "None"), 3306 (event_dev ? event_dev->name : "None"),
3304 event); 3307 event);
diff --git a/drivers/net/hamradio/bpqether.c b/drivers/net/hamradio/bpqether.c
index 85fb8e7efac..df09210f735 100644
--- a/drivers/net/hamradio/bpqether.c
+++ b/drivers/net/hamradio/bpqether.c
@@ -563,6 +563,9 @@ static int bpq_device_event(struct notifier_block *this,unsigned long event, voi
563{ 563{
564 struct net_device *dev = (struct net_device *)ptr; 564 struct net_device *dev = (struct net_device *)ptr;
565 565
566 if (dev->nd_net != &init_net)
567 return NOTIFY_DONE;
568
566 if (!dev_is_ethdev(dev)) 569 if (!dev_is_ethdev(dev))
567 return NOTIFY_DONE; 570 return NOTIFY_DONE;
568 571
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
index 60c0e4e1787..c5c70e4b1d3 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -301,6 +301,9 @@ static int pppoe_device_event(struct notifier_block *this,
301{ 301{
302 struct net_device *dev = (struct net_device *) ptr; 302 struct net_device *dev = (struct net_device *) ptr;
303 303
304 if (dev->nd_net != &init_net)
305 return NOTIFY_DONE;
306
304 /* Only look at sockets that are using this specific device. */ 307 /* Only look at sockets that are using this specific device. */
305 switch (event) { 308 switch (event) {
306 case NETDEV_CHANGEMTU: 309 case NETDEV_CHANGEMTU:
diff --git a/drivers/net/wan/dlci.c b/drivers/net/wan/dlci.c
index 66be20c292b..61041d5186a 100644
--- a/drivers/net/wan/dlci.c
+++ b/drivers/net/wan/dlci.c
@@ -513,6 +513,9 @@ static int dlci_dev_event(struct notifier_block *unused,
513{ 513{
514 struct net_device *dev = (struct net_device *) ptr; 514 struct net_device *dev = (struct net_device *) ptr;
515 515
516 if (dev->nd_net != &init_net)
517 return NOTIFY_DONE;
518
516 if (event == NETDEV_UNREGISTER) { 519 if (event == NETDEV_UNREGISTER) {
517 struct dlci_local *dlp; 520 struct dlci_local *dlp;
518 521
diff --git a/drivers/net/wan/hdlc.c b/drivers/net/wan/hdlc.c
index 3b57350eacc..ee23b91f23d 100644
--- a/drivers/net/wan/hdlc.c
+++ b/drivers/net/wan/hdlc.c
@@ -109,6 +109,9 @@ static int hdlc_device_event(struct notifier_block *this, unsigned long event,
109 unsigned long flags; 109 unsigned long flags;
110 int on; 110 int on;
111 111
112 if (dev->nd_net != &init_net)
113 return NOTIFY_DONE;
114
112 if (dev->get_stats != hdlc_get_stats) 115 if (dev->get_stats != hdlc_get_stats)
113 return NOTIFY_DONE; /* not an HDLC device */ 116 return NOTIFY_DONE; /* not an HDLC device */
114 117
diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
index ca8b3c3cb93..699b93406df 100644
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -394,6 +394,9 @@ static int lapbeth_device_event(struct notifier_block *this,
394 struct lapbethdev *lapbeth; 394 struct lapbethdev *lapbeth;
395 struct net_device *dev = ptr; 395 struct net_device *dev = ptr;
396 396
397 if (dev->nd_net != &init_net)
398 return NOTIFY_DONE;
399
397 if (!dev_is_ethdev(dev)) 400 if (!dev_is_ethdev(dev))
398 return NOTIFY_DONE; 401 return NOTIFY_DONE;
399 402
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
index 2a546919d6f..d0d36fdedbe 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
@@ -31,6 +31,7 @@
31#include <net/arp.h> 31#include <net/arp.h>
32#include <linux/rtnetlink.h> 32#include <linux/rtnetlink.h>
33#include <linux/notifier.h> 33#include <linux/notifier.h>
34#include <net/net_namespace.h>
34 35
35#include <linux/if_vlan.h> 36#include <linux/if_vlan.h>
36#include "vlan.h" 37#include "vlan.h"
@@ -603,6 +604,9 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event,
603 int i, flgs; 604 int i, flgs;
604 struct net_device *vlandev; 605 struct net_device *vlandev;
605 606
607 if (dev->nd_net != &init_net)
608 return NOTIFY_DONE;
609
606 if (!grp) 610 if (!grp)
607 goto out; 611 goto out;
608 612
diff --git a/net/appletalk/aarp.c b/net/appletalk/aarp.c
index 9267f481879..e9a51a69870 100644
--- a/net/appletalk/aarp.c
+++ b/net/appletalk/aarp.c
@@ -333,6 +333,9 @@ static int aarp_device_event(struct notifier_block *this, unsigned long event,
333 struct net_device *dev = ptr; 333 struct net_device *dev = ptr;
334 int ct; 334 int ct;
335 335
336 if (dev->nd_net != &init_net)
337 return NOTIFY_DONE;
338
336 if (event == NETDEV_DOWN) { 339 if (event == NETDEV_DOWN) {
337 write_lock_bh(&aarp_lock); 340 write_lock_bh(&aarp_lock);
338 341
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index c1f1367cad4..36fcdbf923c 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -649,6 +649,9 @@ static int ddp_device_event(struct notifier_block *this, unsigned long event,
649{ 649{
650 struct net_device *dev = ptr; 650 struct net_device *dev = ptr;
651 651
652 if (dev->nd_net != &init_net)
653 return NOTIFY_DONE;
654
652 if (event == NETDEV_DOWN) 655 if (event == NETDEV_DOWN)
653 /* Discard any use of this */ 656 /* Discard any use of this */
654 atalk_dev_down(dev); 657 atalk_dev_down(dev);
diff --git a/net/atm/clip.c b/net/atm/clip.c
index 806ea98567c..741742f0079 100644
--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -612,6 +612,9 @@ static int clip_device_event(struct notifier_block *this, unsigned long event,
612{ 612{
613 struct net_device *dev = arg; 613 struct net_device *dev = arg;
614 614
615 if (dev->nd_net != &init_net)
616 return NOTIFY_DONE;
617
615 if (event == NETDEV_UNREGISTER) { 618 if (event == NETDEV_UNREGISTER) {
616 neigh_ifdown(&clip_tbl, dev); 619 neigh_ifdown(&clip_tbl, dev);
617 return NOTIFY_DONE; 620 return NOTIFY_DONE;
diff --git a/net/atm/mpc.c b/net/atm/mpc.c
index 7c85aa551d5..0968430a7f5 100644
--- a/net/atm/mpc.c
+++ b/net/atm/mpc.c
@@ -956,6 +956,10 @@ static int mpoa_event_listener(struct notifier_block *mpoa_notifier, unsigned lo
956 struct lec_priv *priv; 956 struct lec_priv *priv;
957 957
958 dev = (struct net_device *)dev_ptr; 958 dev = (struct net_device *)dev_ptr;
959
960 if (dev->nd_net != &init_net)
961 return NOTIFY_DONE;
962
959 if (dev->name == NULL || strncmp(dev->name, "lec", 3)) 963 if (dev->name == NULL || strncmp(dev->name, "lec", 3))
960 return NOTIFY_DONE; /* we are only interested in lec:s */ 964 return NOTIFY_DONE; /* we are only interested in lec:s */
961 965
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index def6c42ad16..8d13a8bca0e 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -104,6 +104,9 @@ static int ax25_device_event(struct notifier_block *this, unsigned long event,
104{ 104{
105 struct net_device *dev = (struct net_device *)ptr; 105 struct net_device *dev = (struct net_device *)ptr;
106 106
107 if (dev->nd_net != &init_net)
108 return NOTIFY_DONE;
109
107 /* Reject non AX.25 devices */ 110 /* Reject non AX.25 devices */
108 if (dev->type != ARPHRD_AX25) 111 if (dev->type != ARPHRD_AX25)
109 return NOTIFY_DONE; 112 return NOTIFY_DONE;
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index c8451d3a070..07ac3ae68d8 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -15,6 +15,7 @@
15 15
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/rtnetlink.h> 17#include <linux/rtnetlink.h>
18#include <net/net_namespace.h>
18 19
19#include "br_private.h" 20#include "br_private.h"
20 21
@@ -36,6 +37,9 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
36 struct net_bridge_port *p = dev->br_port; 37 struct net_bridge_port *p = dev->br_port;
37 struct net_bridge *br; 38 struct net_bridge *br;
38 39
40 if (dev->nd_net != &init_net)
41 return NOTIFY_DONE;
42
39 /* not a port of a bridge */ 43 /* not a port of a bridge */
40 if (p == NULL) 44 if (p == NULL)
41 return NOTIFY_DONE; 45 return NOTIFY_DONE;
diff --git a/net/core/dst.c b/net/core/dst.c
index c6a05879d58..32267a16e01 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -15,6 +15,7 @@
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
16#include <linux/string.h> 16#include <linux/string.h>
17#include <linux/types.h> 17#include <linux/types.h>
18#include <net/net_namespace.h>
18 19
19#include <net/dst.h> 20#include <net/dst.h>
20 21
@@ -252,6 +253,9 @@ static int dst_dev_event(struct notifier_block *this, unsigned long event, void
252 struct net_device *dev = ptr; 253 struct net_device *dev = ptr;
253 struct dst_entry *dst; 254 struct dst_entry *dst;
254 255
256 if (dev->nd_net != &init_net)
257 return NOTIFY_DONE;
258
255 switch (event) { 259 switch (event) {
256 case NETDEV_UNREGISTER: 260 case NETDEV_UNREGISTER:
257 case NETDEV_DOWN: 261 case NETDEV_DOWN:
diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 8c5474e1668..9eabe1ae01d 100644
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -11,6 +11,7 @@
11#include <linux/types.h> 11#include <linux/types.h>
12#include <linux/kernel.h> 12#include <linux/kernel.h>
13#include <linux/list.h> 13#include <linux/list.h>
14#include <net/net_namespace.h>
14#include <net/fib_rules.h> 15#include <net/fib_rules.h>
15 16
16static LIST_HEAD(rules_ops); 17static LIST_HEAD(rules_ops);
@@ -596,6 +597,9 @@ static int fib_rules_event(struct notifier_block *this, unsigned long event,
596 struct net_device *dev = ptr; 597 struct net_device *dev = ptr;
597 struct fib_rules_ops *ops; 598 struct fib_rules_ops *ops;
598 599
600 if (dev->nd_net != &init_net)
601 return NOTIFY_DONE;
602
599 ASSERT_RTNL(); 603 ASSERT_RTNL();
600 rcu_read_lock(); 604 rcu_read_lock();
601 605
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 33d7247fb19..d7c30ce095a 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -1975,6 +1975,9 @@ static int pktgen_device_event(struct notifier_block *unused,
1975{ 1975{
1976 struct net_device *dev = ptr; 1976 struct net_device *dev = ptr;
1977 1977
1978 if (dev->nd_net != &init_net)
1979 return NOTIFY_DONE;
1980
1978 /* It is OK that we do not hold the group lock right now, 1981 /* It is OK that we do not hold the group lock right now,
1979 * as we run under the RTNL lock. 1982 * as we run under the RTNL lock.
1980 */ 1983 */
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index dca9e80ba57..41859508bed 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -1286,6 +1286,10 @@ static void rtnetlink_rcv(struct sock *sk, int len)
1286static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr) 1286static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr)
1287{ 1287{
1288 struct net_device *dev = ptr; 1288 struct net_device *dev = ptr;
1289
1290 if (dev->nd_net != &init_net)
1291 return NOTIFY_DONE;
1292
1289 switch (event) { 1293 switch (event) {
1290 case NETDEV_UNREGISTER: 1294 case NETDEV_UNREGISTER:
1291 rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); 1295 rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index aca4c4930eb..83398da5d76 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -2089,6 +2089,9 @@ static int dn_device_event(struct notifier_block *this, unsigned long event,
2089{ 2089{
2090 struct net_device *dev = (struct net_device *)ptr; 2090 struct net_device *dev = (struct net_device *)ptr;
2091 2091
2092 if (dev->nd_net != &init_net)
2093 return NOTIFY_DONE;
2094
2092 switch(event) { 2095 switch(event) {
2093 case NETDEV_UP: 2096 case NETDEV_UP:
2094 dn_dev_up(dev); 2097 dn_dev_up(dev);
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 7de3006af20..f877f3b5c72 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -1122,6 +1122,9 @@ static int econet_notifier(struct notifier_block *this, unsigned long msg, void
1122 struct net_device *dev = (struct net_device *)data; 1122 struct net_device *dev = (struct net_device *)data;
1123 struct ec_device *edev; 1123 struct ec_device *edev;
1124 1124
1125 if (dev->nd_net != &init_net)
1126 return NOTIFY_DONE;
1127
1125 switch (msg) { 1128 switch (msg) {
1126 case NETDEV_UNREGISTER: 1129 case NETDEV_UNREGISTER:
1127 /* A device has gone down - kill any data we hold for it. */ 1130 /* A device has gone down - kill any data we hold for it. */
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index bde129708e2..a11e7a5c1da 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1205,6 +1205,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
1205{ 1205{
1206 struct net_device *dev = ptr; 1206 struct net_device *dev = ptr;
1207 1207
1208 if (dev->nd_net != &init_net)
1209 return NOTIFY_DONE;
1210
1208 switch (event) { 1211 switch (event) {
1209 case NETDEV_CHANGEADDR: 1212 case NETDEV_CHANGEADDR:
1210 neigh_changeaddr(&arp_tbl, dev); 1213 neigh_changeaddr(&arp_tbl, dev);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5dbe5803b7d..c5eb1a29a5c 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1051,6 +1051,9 @@ static int inetdev_event(struct notifier_block *this, unsigned long event,
1051 struct net_device *dev = ptr; 1051 struct net_device *dev = ptr;
1052 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1052 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1053 1053
1054 if (dev->nd_net != &init_net)
1055 return NOTIFY_DONE;
1056
1054 ASSERT_RTNL(); 1057 ASSERT_RTNL();
1055 1058
1056 if (!in_dev) { 1059 if (!in_dev) {
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index eff6bce453e..cefb55ec3d6 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -860,6 +860,9 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
860 struct net_device *dev = ptr; 860 struct net_device *dev = ptr;
861 struct in_device *in_dev = __in_dev_get_rtnl(dev); 861 struct in_device *in_dev = __in_dev_get_rtnl(dev);
862 862
863 if (dev->nd_net != &init_net)
864 return NOTIFY_DONE;
865
863 if (event == NETDEV_UNREGISTER) { 866 if (event == NETDEV_UNREGISTER) {
864 fib_disable_ip(dev, 2); 867 fib_disable_ip(dev, 2);
865 return NOTIFY_DONE; 868 return NOTIFY_DONE;
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 35683e1a42e..036598835c6 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1083,13 +1083,18 @@ int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
1083 1083
1084static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr) 1084static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
1085{ 1085{
1086 struct net_device *dev = ptr;
1086 struct vif_device *v; 1087 struct vif_device *v;
1087 int ct; 1088 int ct;
1089
1090 if (dev->nd_net != &init_net)
1091 return NOTIFY_DONE;
1092
1088 if (event != NETDEV_UNREGISTER) 1093 if (event != NETDEV_UNREGISTER)
1089 return NOTIFY_DONE; 1094 return NOTIFY_DONE;
1090 v=&vif_table[0]; 1095 v=&vif_table[0];
1091 for (ct=0;ct<maxvif;ct++,v++) { 1096 for (ct=0;ct<maxvif;ct++,v++) {
1092 if (v->dev==ptr) 1097 if (v->dev==dev)
1093 vif_delete(ct); 1098 vif_delete(ct);
1094 } 1099 }
1095 return NOTIFY_DONE; 1100 return NOTIFY_DONE;
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index cb5e61a1d7a..d91856097f2 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -557,6 +557,9 @@ ipq_rcv_dev_event(struct notifier_block *this,
557{ 557{
558 struct net_device *dev = ptr; 558 struct net_device *dev = ptr;
559 559
560 if (dev->nd_net != &init_net)
561 return NOTIFY_DONE;
562
560 /* Drop any packets associated with the downed device */ 563 /* Drop any packets associated with the downed device */
561 if (event == NETDEV_DOWN) 564 if (event == NETDEV_DOWN)
562 ipq_dev_drop(dev->ifindex); 565 ipq_dev_drop(dev->ifindex);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 7c4e4be7c8b..3e0b562b2db 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -125,6 +125,9 @@ static int masq_device_event(struct notifier_block *this,
125{ 125{
126 const struct net_device *dev = ptr; 126 const struct net_device *dev = ptr;
127 127
128 if (dev->nd_net != &init_net)
129 return NOTIFY_DONE;
130
128 if (event == NETDEV_DOWN) { 131 if (event == NETDEV_DOWN) {
129 /* Device was downed. Search entire table for 132 /* Device was downed. Search entire table for
130 conntracks which were associated with that device, 133 conntracks which were associated with that device,
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index cd2db728d18..1a678364652 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2259,6 +2259,9 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
2259 int run_pending = 0; 2259 int run_pending = 0;
2260 int err; 2260 int err;
2261 2261
2262 if (dev->nd_net != &init_net)
2263 return NOTIFY_DONE;
2264
2262 switch(event) { 2265 switch(event) {
2263 case NETDEV_REGISTER: 2266 case NETDEV_REGISTER:
2264 if (!idev && dev->mtu >= IPV6_MIN_MTU) { 2267 if (!idev && dev->mtu >= IPV6_MIN_MTU) {
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 5b596659177..d2d44dc22f1 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1525,6 +1525,9 @@ static int ndisc_netdev_event(struct notifier_block *this, unsigned long event,
1525{ 1525{
1526 struct net_device *dev = ptr; 1526 struct net_device *dev = ptr;
1527 1527
1528 if (dev->nd_net != &init_net)
1529 return NOTIFY_DONE;
1530
1528 switch (event) { 1531 switch (event) {
1529 case NETDEV_CHANGEADDR: 1532 case NETDEV_CHANGEADDR:
1530 neigh_changeaddr(&nd_tbl, dev); 1533 neigh_changeaddr(&nd_tbl, dev);
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index dfc58fbdb68..64536a3ef2f 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -547,6 +547,9 @@ ipq_rcv_dev_event(struct notifier_block *this,
547{ 547{
548 struct net_device *dev = ptr; 548 struct net_device *dev = ptr;
549 549
550 if (dev->nd_net != &init_net)
551 return NOTIFY_DONE;
552
550 /* Drop any packets associated with the downed device */ 553 /* Drop any packets associated with the downed device */
551 if (event == NETDEV_DOWN) 554 if (event == NETDEV_DOWN)
552 ipq_dev_drop(dev->ifindex); 555 ipq_dev_drop(dev->ifindex);
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index f7b4d383c60..24921f12e9a 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -347,6 +347,9 @@ static int ipxitf_device_event(struct notifier_block *notifier,
347 struct net_device *dev = ptr; 347 struct net_device *dev = ptr;
348 struct ipx_interface *i, *tmp; 348 struct ipx_interface *i, *tmp;
349 349
350 if (dev->nd_net != &init_net)
351 return NOTIFY_DONE;
352
350 if (event != NETDEV_DOWN && event != NETDEV_UP) 353 if (event != NETDEV_DOWN && event != NETDEV_UP)
351 goto out; 354 goto out;
352 355
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index bb65a38c816..5a8e8ff7664 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -734,6 +734,9 @@ nfqnl_rcv_dev_event(struct notifier_block *this,
734{ 734{
735 struct net_device *dev = ptr; 735 struct net_device *dev = ptr;
736 736
737 if (dev->nd_net != &init_net)
738 return NOTIFY_DONE;
739
737 /* Drop any packets associated with the downed device */ 740 /* Drop any packets associated with the downed device */
738 if (event == NETDEV_DOWN) 741 if (event == NETDEV_DOWN)
739 nfqnl_dev_drop(dev->ifindex); 742 nfqnl_dev_drop(dev->ifindex);
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index e969d1bc765..3a4d479ea64 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -106,6 +106,9 @@ static int nr_device_event(struct notifier_block *this, unsigned long event, voi
106{ 106{
107 struct net_device *dev = (struct net_device *)ptr; 107 struct net_device *dev = (struct net_device *)ptr;
108 108
109 if (dev->nd_net != &init_net)
110 return NOTIFY_DONE;
111
109 if (event != NETDEV_DOWN) 112 if (event != NETDEV_DOWN)
110 return NOTIFY_DONE; 113 return NOTIFY_DONE;
111 114
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index cae1ee4f2ad..ad0052524e8 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1477,6 +1477,9 @@ static int packet_notifier(struct notifier_block *this, unsigned long msg, void
1477 struct hlist_node *node; 1477 struct hlist_node *node;
1478 struct net_device *dev = data; 1478 struct net_device *dev = data;
1479 1479
1480 if (dev->nd_net != &init_net)
1481 return NOTIFY_DONE;
1482
1480 read_lock(&packet_sklist_lock); 1483 read_lock(&packet_sklist_lock);
1481 sk_for_each(sk, node, &packet_sklist) { 1484 sk_for_each(sk, node, &packet_sklist) {
1482 struct packet_sock *po = pkt_sk(sk); 1485 struct packet_sock *po = pkt_sk(sk);
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 67e06ab7f85..509defe53ee 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -197,6 +197,9 @@ static int rose_device_event(struct notifier_block *this, unsigned long event,
197{ 197{
198 struct net_device *dev = (struct net_device *)ptr; 198 struct net_device *dev = (struct net_device *)ptr;
199 199
200 if (dev->nd_net != &init_net)
201 return NOTIFY_DONE;
202
200 if (event != NETDEV_DOWN) 203 if (event != NETDEV_DOWN)
201 return NOTIFY_DONE; 204 return NOTIFY_DONE;
202 205
diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c
index d2ed2370418..406f0d26fa8 100644
--- a/net/tipc/eth_media.c
+++ b/net/tipc/eth_media.c
@@ -198,6 +198,9 @@ static int recv_notification(struct notifier_block *nb, unsigned long evt,
198 struct eth_bearer *eb_ptr = &eth_bearers[0]; 198 struct eth_bearer *eb_ptr = &eth_bearers[0];
199 struct eth_bearer *stop = &eth_bearers[MAX_ETH_BEARERS]; 199 struct eth_bearer *stop = &eth_bearers[MAX_ETH_BEARERS];
200 200
201 if (dev->nd_net != &init_net)
202 return NOTIFY_DONE;
203
201 while ((eb_ptr->dev != dev)) { 204 while ((eb_ptr->dev != dev)) {
202 if (++eb_ptr == stop) 205 if (++eb_ptr == stop)
203 return NOTIFY_DONE; /* couldn't find device */ 206 return NOTIFY_DONE; /* couldn't find device */
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 2e9931571a4..fc416f9606a 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -191,6 +191,9 @@ static int x25_device_event(struct notifier_block *this, unsigned long event,
191 struct net_device *dev = ptr; 191 struct net_device *dev = ptr;
192 struct x25_neigh *nb; 192 struct x25_neigh *nb;
193 193
194 if (dev->nd_net != &init_net)
195 return NOTIFY_DONE;
196
194 if (dev->type == ARPHRD_X25 197 if (dev->type == ARPHRD_X25
195#if defined(CONFIG_LLC) || defined(CONFIG_LLC_MODULE) 198#if defined(CONFIG_LLC) || defined(CONFIG_LLC_MODULE)
196 || dev->type == ARPHRD_ETHER 199 || dev->type == ARPHRD_ETHER
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 36dd31c40f4..50682d3cd7a 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2236,6 +2236,11 @@ static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo)
2236 2236
2237static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr) 2237static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
2238{ 2238{
2239 struct net_device *dev = ptr;
2240
2241 if (dev->nd_net != &init_net)
2242 return NOTIFY_DONE;
2243
2239 switch (event) { 2244 switch (event) {
2240 case NETDEV_DOWN: 2245 case NETDEV_DOWN:
2241 xfrm_flush_bundles(); 2246 xfrm_flush_bundles();
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index b10c34e8a74..e87ab948104 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -20,6 +20,7 @@
20#include <linux/notifier.h> 20#include <linux/notifier.h>
21#include <linux/netdevice.h> 21#include <linux/netdevice.h>
22#include <linux/rcupdate.h> 22#include <linux/rcupdate.h>
23#include <net/net_namespace.h>
23 24
24#include "security.h" 25#include "security.h"
25#include "objsec.h" 26#include "objsec.h"
@@ -234,6 +235,9 @@ static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
234{ 235{
235 struct net_device *dev = ptr; 236 struct net_device *dev = ptr;
236 237
238 if (dev->nd_net != &init_net)
239 return NOTIFY_DONE;
240
237 if (event == NETDEV_DOWN) 241 if (event == NETDEV_DOWN)
238 sel_netif_kill(dev); 242 sel_netif_kill(dev);
239 243