Re: [PATCH net v6] ipv6: flowlabel: enforce per-netns limit for unprivileged callers

Next message: Laurent Pinchart: "Re: [PATCH v2 2/6] media: i2c: mt9p031: Rewrite a bitwise mask"
Previous message: Simon Horman: "Re: [PATCH 0/3] net: mana: Fix mana_destroy_rxq() cleanup for partial RXQ init"
In reply to: Maoyi Xie: "[PATCH net v6] ipv6: flowlabel: enforce per-netns limit for unprivileged callers"
Next in thread: Maoyi Xie: "Re: [PATCH net v6] ipv6: flowlabel: enforce per-netns limit for unprivileged callers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jakub Kicinski

Date: Sat May 02 2026 - 12:54:06 EST

On Sat, 2 May 2026 23:09:18 +0800 Maoyi Xie wrote:
> fl_size, fl_ht and ip6_fl_lock in net/ipv6/ip6_flowlabel.c are file
> scope and shared across netns. mem_check() reads fl_size to decide
> whether to deny non-CAP_NET_ADMIN callers; capable() runs against
> init_user_ns, so an unprivileged user in any non-init userns can
> push fl_size past FL_MAX_SIZE - FL_MAX_SIZE/4 and starve every
> other unprivileged userns on the host.

You're getting emailed over and over by the bot telling you not to send
new version of your patches before 24h passed. Do you not understand
that message? If you keep violating the rules your patches will get
automatically discarded.