Re: [PATCH net] xfrm: route MIGRATE notifications to caller's netns

[Steffen Klassert]

On Mon, May 04, 2026 at 10:27:36PM +0800, Maoyi Xie wrote:
> xfrm_send_migrate() in net/xfrm/xfrm_user.c and pfkey_send_migrate()
> in net/key/af_key.c both hardcode &init_net for the multicast that
> announces a successful XFRM_MSG_MIGRATE / SADB_X_MIGRATE.
> 
> XFRM_MSG_MIGRATE arrives on a per-netns NETLINK_XFRM socket, and the
> rest of the xfrm/af_key netlink path was made netns-aware in 2008.
> The other 14 multicast paths in xfrm_user.c route their event using
> xs_net(x), xp_net(xp) or sock_net(skb->sk); only the migrate path
> was missed.
> 
> Two consequences of the init_net hardcoding:
> 
>   1. The notification (selector, old/new endpoint addresses, and the
>      km_address) is delivered to listeners on init_net's
>      XFRMNLGRP_MIGRATE / pfkey BROADCAST_ALL groups rather than on
>      the issuing netns. An IKE daemon running in init_net therefore
>      receives migration notifications originating from any other
>      netns on the host.
> 
>   2. An IKE daemon running inside a non-init netns and subscribed
>      to its own XFRMNLGRP_MIGRATE / pfkey groups never receives the
>      notification of its own migration. IKEv2 MOBIKE / address-update
>      handling inside a netns is silently broken.
> 
> Thread struct net through km_migrate() and the xfrm_mgr.migrate
> function pointer, drop the &init_net override in xfrm_send_migrate()
> and pfkey_send_migrate(), and pass the caller's net (already in
> scope in xfrm_migrate() via sock_net(skb->sk)) all the way down.
> struct xfrm_mgr is in-tree only and not exported as a stable API,
> so the function-pointer signature change is internal.
> 
> pfkey_broadcast() is already netns-aware via net_generic(net,
> pfkey_net_id) since the pernet conversion. The five other
> pfkey_broadcast() callers in af_key.c already pass xs_net(x),
> sock_net(sk) or a per-netns net, so this only removes the
> &init_net outlier.
> 
> Fixes: 5c79de6e79cd ("[XFRM]: User interface for handling XFRM_MSG_MIGRATE")
> Cc: stable@xxxxxxxxxxxxxxx # v5.15+
> Signed-off-by: Maoyi Xie <maoyi.xie@xxxxxxxxxx>

Applied, thanks a lot!