netlink: Propagate errors for "set" operations

Currently if anything goes wrong while we're configuring the namespace
network with --config-net, we'll just ignore it and carry on.  This might
lead to a silently unconfigured or misconfigured namespace environment.

For simple "set" operations based on nl_do() we can now detect failures
reported via netlink.  Propagate those errors up to pasta_ns_conf() and
report them usefully.

Link: https://bugs.passt.top/show_bug.cgi?id=60
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Minor formatting changes in pasta_ns_conf()]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

netlink.c

@@ -354,8 +354,10 @@ void nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw)
  * @ifi:	Interface index in target namespace
  * @af:		Address family
  * @gw:		Default gateway to set
+ *
+ * Return: 0 on success, negative error code on failure
  */
-void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw)
+int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw)
 {
 	struct req_t {
 		struct nlmsghdr nlh;
@@ -413,7 +415,7 @@ void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw)
 		req.set.r4.rta_gw.rta_len = rta_len;
 	}
 
-	nl_do(s, &req, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, len);
+	return nl_do(s, &req, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, len);
 }
 
 /**
@@ -558,8 +560,10 @@ void nl_addr_get(int s, unsigned int ifi, sa_family_t af,
  * @af:		Address family
  * @addr:	Global address to set
  * @prefix_len:	Mask or prefix length to set
+ *
+ * Return: 0 on success, negative error code on failure
  */
-void nl_addr_set(int s, unsigned int ifi, sa_family_t af,
+int nl_addr_set(int s, unsigned int ifi, sa_family_t af,
 		void *addr, int prefix_len)
 {
 	struct req_t {
@@ -613,7 +617,7 @@ void nl_addr_set(int s, unsigned int ifi, sa_family_t af,
 		req.set.a4.rta_a.rta_type = IFA_ADDRESS;
 	}
 
-	nl_do(s, &req, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, len);
+	return nl_do(s, &req, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, len);
 }
 
 /**
@@ -713,8 +717,10 @@ void nl_link_get_mac(int s, unsigned int ifi, void *mac)
  * @ns:		Use netlink socket in namespace
  * @ifi:	Interface index
  * @mac:	MAC address to set
+ *
+ * Return: 0 on success, negative error code on failure
  */
-void nl_link_set_mac(int s, unsigned int ifi, void *mac)
+int nl_link_set_mac(int s, unsigned int ifi, void *mac)
 {
 	struct req_t {
 		struct nlmsghdr nlh;
@@ -730,7 +736,7 @@ void nl_link_set_mac(int s, unsigned int ifi, void *mac)
 
 	memcpy(req.mac, mac, ETH_ALEN);
 
-	nl_do(s, &req, RTM_NEWLINK, 0, sizeof(req));
+	return nl_do(s, &req, RTM_NEWLINK, 0, sizeof(req));
 }
 
 /**
@@ -738,8 +744,10 @@ void nl_link_set_mac(int s, unsigned int ifi, void *mac)
  * @s:		Netlink socket
  * @ifi:	Interface index
  * @mtu:	If non-zero, set interface MTU
+ *
+ * Return: 0 on success, negative error code on failure
  */
-void nl_link_up(int s, unsigned int ifi, int mtu)
+int nl_link_up(int s, unsigned int ifi, int mtu)
 {
 	struct req_t {
 		struct nlmsghdr nlh;
@@ -761,5 +769,5 @@ void nl_link_up(int s, unsigned int ifi, int mtu)
 		/* Shorten request to drop MTU attribute */
 		len = offsetof(struct req_t, rta);
 
-	nl_do(s, &req, RTM_NEWLINK, 0, len);
+	return nl_do(s, &req, RTM_NEWLINK, 0, len);
 }

netlink.h

@@ -12,17 +12,17 @@ extern int nl_sock_ns;
 void nl_sock_init(const struct ctx *c, bool ns);
 unsigned int nl_get_ext_if(int s, sa_family_t af);
 void nl_route_get_def(int s, unsigned int ifi, sa_family_t af, void *gw);
-void nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw);
+int nl_route_set_def(int s, unsigned int ifi, sa_family_t af, void *gw);
 void nl_route_dup(int s_src, unsigned int ifi_src,
 		  int s_dst, unsigned int ifi_dst, sa_family_t af);
 void nl_addr_get(int s, unsigned int ifi, sa_family_t af,
 		 void *addr, int *prefix_len, void *addr_l);
-void nl_addr_set(int s, unsigned int ifi, sa_family_t af,
+int nl_addr_set(int s, unsigned int ifi, sa_family_t af,
 		void *addr, int prefix_len);
 void nl_addr_dup(int s_src, unsigned int ifi_src,
 		 int s_dst, unsigned int ifi_dst, sa_family_t af);
 void nl_link_get_mac(int s, unsigned int ifi, void *mac);
-void nl_link_set_mac(int s, unsigned int ifi, void *mac);
+int nl_link_set_mac(int s, unsigned int ifi, void *mac);
-void nl_link_up(int s, unsigned int ifi, int mtu);
+int nl_link_up(int s, unsigned int ifi, int mtu);
 
 #endif /* NETLINK_H */

pasta.c

@@ -272,38 +272,58 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid,
  */
 void pasta_ns_conf(struct ctx *c)
 {
-	nl_link_up(nl_sock_ns, 1 /* lo */, 0);
+	int rc = 0;
+
+	rc = nl_link_up(nl_sock_ns, 1 /* lo */, 0);
+	if (rc < 0)
+		die("Couldn't bring up loopback interface in namespace: %s",
+		    strerror(-rc));
 
 	/* Get or set MAC in target namespace */
 	if (MAC_IS_ZERO(c->mac_guest))
 		nl_link_get_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest);
 	else
-		nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest);
+		rc = nl_link_set_mac(nl_sock_ns, c->pasta_ifi, c->mac_guest);
+	if (rc < 0)
+		die("Couldn't set MAC address in namespace: %s",
+		    strerror(-rc));
 
 	if (c->pasta_conf_ns) {
 		nl_link_up(nl_sock_ns, c->pasta_ifi, c->mtu);
 
 		if (c->ifi4) {
 			if (c->no_copy_addrs) {
-				nl_addr_set(nl_sock_ns, c->pasta_ifi, AF_INET,
+				rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
-					    &c->ip4.addr, c->ip4.prefix_len);
+						 AF_INET,
+						 &c->ip4.addr,
+						 c->ip4.prefix_len);
 			} else {
 				nl_addr_dup(nl_sock, c->ifi4,
 					    nl_sock_ns, c->pasta_ifi, AF_INET);
 			}
 
+			if (rc < 0) {
+				die("Couldn't set IPv4 address(es) in namespace: %s",
+				    strerror(-rc));
+			}
+
 			if (c->no_copy_routes) {
-				nl_route_set_def(nl_sock_ns, c->pasta_ifi,
+				rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
 						      AF_INET, &c->ip4.gw);
 			} else {
 				nl_route_dup(nl_sock, c->ifi4, nl_sock_ns,
 					     c->pasta_ifi, AF_INET);
 			}
+
+			if (rc < 0) {
+				die("Couldn't set IPv4 route(s) in guest: %s",
+				    strerror(-rc));
+			}
 		}
 
 		if (c->ifi6) {
 			if (c->no_copy_addrs) {
-				nl_addr_set(nl_sock_ns, c->pasta_ifi,
+				rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
 						 AF_INET6, &c->ip6.addr, 64);
 			} else {
 				nl_addr_dup(nl_sock, c->ifi6,
@@ -311,14 +331,24 @@ void pasta_ns_conf(struct ctx *c)
 					    AF_INET6);
 			}
 
+			if (rc < 0) {
+				die("Couldn't set IPv6 address(es) in namespace: %s",
+				    strerror(-rc));
+			}
+
 			if (c->no_copy_routes) {
-				nl_route_set_def(nl_sock_ns, c->pasta_ifi,
+				rc = nl_route_set_def(nl_sock_ns, c->pasta_ifi,
 						      AF_INET6, &c->ip6.gw);
 			} else {
 				nl_route_dup(nl_sock, c->ifi6,
 					     nl_sock_ns, c->pasta_ifi,
 					     AF_INET6);
 			}
+
+			if (rc < 0) {
+				die("Couldn't set IPv6 route(s) in guest: %s",
+				    strerror(-rc));
+			}
 		}
 	}