| Message ID | 20201127144631.1256613-1-ptikhomirov@virtuozzo.com |
|---|---|
| State | New |
| Series | "venetdev: check ve_ns is not null before dereferencing" |
| Headers | show
Delivered-To: criupatchwork@gmail.com Received: from imap.gmail.com [108.177.119.109] by patchwork.criu.org with IMAP (fetchmail-6.4.8) for <root@localhost> (single-drop); Fri, 27 Nov 2020 15:47:32 +0100 (CET) Received: by 2002:a9a:4d14:0:b029:97:cf3a:849f with SMTP id h20csp2421274lko; Fri, 27 Nov 2020 06:47:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJwTRde/HkfYGPXRTE4sY8Csc125uyjLPMSAkSHVUeGx1TaQI91v67MMVoE42DzBB5J54i4P X-Received: by 2002:a2e:885a:: with SMTP id z26mr1657172ljj.58.1606488446261; Fri, 27 Nov 2020 06:47:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606488446; cv=none; d=google.com; s=arc-20160816; b=gLqNZ4kj8AxChr3m0n5lsjblYk7IAXrYdynI8VrOocaEI4NhZe2ydw3jiMW6d8bmz0 NwroX8jW9YCNmC7IQSrG8X0gwL0KbnHe5DMnNeREL2WmbZSHOIUbpwkCmx5g/G94S1zP CO75BgO1sf//dDWYMDegIHjDybMMADVl6EyXRrRvi6nMmW1nnJQ4gjMCCPl8Z0FeFyZm YauH4iQ0oJDaEITJ8cW0ZsCQpxdcqF5+Pmn5aeWvx1/rAWxoPWYkFcVW9QjDSUcM0gxK 13BtRHVLFM+T6K4g8o/wWci9J9n+gNJ9Yz9hCLZuKrymDjuRFGntUstO/LIEMHi7s7pF hUBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:message-id:date:to:from; bh=CfCiBp5G2hfeJGvFF8km0VJlq8u0bzyRxNE/8FbB7gQ=; b=YVzURAzsQB7CjIus7bgD2wx/HlrVoo8lpCW8y8uypNVU50kwUNEJbDCbKMORI9Z2L5 BKT5FM5/1ocieeIo4NZ/Pv5Ce5IVr6g/WR7dAZFD3BVzuiLV6/bcJFXSkrud0EsuTkeG +HQaXsG3Y2zTQ+5q9lNdOG9L1lJIFQWiZgbV3AvevbKELsnlGCyV/3MeduM+k2pKbwC9 SjZ6pqQgbL6CxZFBre1Q2U0C4+s1uH88W9NTEIonsenEYOGfNvWxbRcOs+JtmJXhoXfK f0o1IGOfGAEYPcOV0GYTzpqLDoh5GbPnQm5yxSVaW/616xLlCZwawtmoKTj9ArxE4N35 7cpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by mx.google.com with ESMTPS id x6si4150027lji.363.2020.11.27.06.47.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Nov 2020 06:47:26 -0800 (PST) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: from localhost.localdomain (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 0AREkpSX009043; Fri, 27 Nov 2020 17:46:54 +0300 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04lp2059.outbound.protection.outlook.com [104.47.14.59]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 0AREknOf009040 for <devel@openvz.org>; Fri, 27 Nov 2020 17:46:49 +0300 Authentication-Results: virtuozzo.com; dkim=none (message not signed) header.d=none;virtuozzo.com; dmarc=none action=none header.from=virtuozzo.com; Received: from AM6PR08MB4756.eurprd08.prod.outlook.com (2603:10a6:20b:cd::17) by AM6PR08MB2949.eurprd08.prod.outlook.com (2603:10a6:209:4d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.28; Fri, 27 Nov 2020 14:46:54 +0000 Received: from AM6PR08MB4756.eurprd08.prod.outlook.com ([fe80::79d7:5554:9b6f:14ac]) by AM6PR08MB4756.eurprd08.prod.outlook.com ([fe80::79d7:5554:9b6f:14ac%4]) with mapi id 15.20.3589.032; Fri, 27 Nov 2020 14:46:54 +0000 From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> To: Konstantin Khorenko <khorenko@virtuozzo.com> Date: Fri, 27 Nov 2020 17:46:31 +0300 Message-Id: <20201127144631.1256613-1-ptikhomirov@virtuozzo.com> X-Mailer: git-send-email 2.26.2 X-Originating-IP: [46.39.230.109] X-ClientProxiedBy: FR2P281CA0034.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:14::21) To AM6PR08MB4756.eurprd08.prod.outlook.com (2603:10a6:20b:cd::17) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from snorch.sw.ru (46.39.230.109) by FR2P281CA0034.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:14::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.8 via Frontend Transport; Fri, 27 Nov 2020 14:46:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f6648700-aceb-47e7-9e76-08d892e34826 X-MS-TrafficTypeDiagnostic: AM6PR08MB2949: X-MS-Exchange-Transport-Forked: True X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xsV4aKjoVf49vU2wDE+0hCRgxoAwEM6sxINjR+NAIkh809j7GiN5IrZFvj+C+rapQs5fzAEfe+GL1lE9jjUWN3H9Y+3Do3ABNuizq2o6OHeZCxdmwIyAilr57CuWDTf94EIjIwUIv4c/v2pWiMpfpyyGF/rSVNlhNyNlMiFyWlze/d/2vcpbXA2KeuQ+SekgT6iGXCNzlw5/KGfUeNSMJmMiq5wNnPiTgE49LVVju8suA/hol0CjgDVxlvr7Aokt1yynPIAqusjbUw1taOF1SMg/w+gpWhTrFs/MuRRbcc712n6ljAW2YbgcVPvpW+cUye2Df+3khq05zcVahhbN7loX5YGd8wmeHAhUm10S6Hg= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:-1; SRV:; IPV:NLI; SFV:SKI; H:AM6PR08MB4756.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:; DIR:INB; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?LhVNGKq+Xgc0YxVEHhvl2CnbTYUC7J/T4dVC12fY2Q9D6+0oFNs6+6f7Qh5K?= =?us-ascii?Q?dx8ii0myXMphIkEmg8EayuAKP+LVSEH+InhsunknTYeq0DE++IwbE79EGM8h?= =?us-ascii?Q?x9daUWTvnvUqTfE6NTEt+pOGaR6i3uellDFuwFjfEAwoAWDaoiVsb+MA8GJi?= =?us-ascii?Q?DxdHDJ53kCfzE12yt852yozEP39D3wdHiEUru0GfcyevhPVBLa9lZfkPhWsr?= =?us-ascii?Q?au5o27+KUlvG/LQw0lylxkQWTOqr5tVmjN3n8GWPoxporjcJMv7+LYiu6yJ5?= =?us-ascii?Q?C63/K3Z49JQwLSCdnT3g+892uPvubw2qX9+Bpmci2EkcoT874V+IHLPG3ZO5?= =?us-ascii?Q?rkJjLx5541DNRoCukmLifA+iGnVCXMX5rh7f5UFkb5gO3gn1R/EVTfOg1n0e?= =?us-ascii?Q?NbSRCKCr0hCca7+jdWNEVeRrmZtuJpUXECD0/Jx+vnz2VzFrdFv5iA1mzVhC?= =?us-ascii?Q?UDUsWKc4zDNGRDZ6ctAvY6P26avoGo/orTeJfUknfQzJIjSYcfFEGbTJg1XW?= =?us-ascii?Q?666CECZRs0Hx3GI3s3jQJLC7DDTlPDWuiYWZ6b2O+rxBIwuenICnw5iRam/J?= =?us-ascii?Q?GDdf67d/7VyeoKStD8HMtDsNPHi3rohAX7hnwoA+lw/B2puD1ZG/0Ijf3X6J?= =?us-ascii?Q?b0eR9QqE7pJwEPaJKzRi/NuvzEzVP9y5EYClkhMrBpQ7j1maIb9dzkbMBbF5?= =?us-ascii?Q?mlBJU+nZbO2NuQhBRihfmQH8VtpVtRp6399gz6icvQ9KrLztw1ojIwOUIjGl?= =?us-ascii?Q?Tp6ZlsrVuk7TB2YTKpHN328QlCopk6jKeNbFS/Zas/QUIXa+eiAXPwNsZFj1?= =?us-ascii?Q?pS13xCwoZmOgL/nVhsDBwG/CEiKDi+2NzurRfMhRCuDXX5aNJl1jFlJYgzX9?= =?us-ascii?Q?K/49RaX77tZgnU1bMF3Cbm3yVgurgNZQTcaeUIOvxx9czmb/4K9hwpsNOK9b?= =?us-ascii?Q?PQY2ba0ir6FvH6D6fFApN8YtxuJw1sjP6jUGh5sXRQVTtIBNsA+mbf+x37PS?= =?us-ascii?Q?8Qlm?= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-Network-Message-Id: f6648700-aceb-47e7-9e76-08d892e34826 X-MS-Exchange-CrossTenant-AuthSource: AM6PR08MB4756.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Nov 2020 14:46:54.1195 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: aDjgJpUZzZ0hFXqYj3KM99SIx4lziTLyazTT+Yp+nWULDjH4J7xuq8NS/oVFLWJOEXtGCBwk0i9EfpeOxMSRDKXOY0T/Mm2pFQ4ah61Vwhc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB2949 X-MS-Exchange-CrossPremises-AuthSource: AM6PR08MB4756.eurprd08.prod.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Internal X-MS-Exchange-CrossPremises-AuthMechanism: 06 X-MS-Exchange-CrossPremises-Mapi-Admin-Submission: X-MS-Exchange-CrossPremises-MessageSource: StoreDriver X-MS-Exchange-CrossPremises-BCC: X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 46.39.230.109 X-MS-Exchange-CrossPremises-TransportTrafficType: Email X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKI; SKIP:0; X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: AM6PR08MB2949.eurprd08.prod.outlook.com Cc: devel@openvz.org Subject: [Devel] [PATCH VZ8] venetdev: check ve_ns is not null before dereferencing X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/drivers/net/venetdev.c b/drivers/net/venetdev.c index b5b3f7e16c58d..cdf56b9e7ec13 100644 --- a/drivers/net/venetdev.c +++ b/drivers/net/venetdev.c @@ -7,6 +7,7 @@ #include <linux/proc_fs.h> #include <linux/inet.h> +#include <linux/nsproxy.h> #include <net/ip.h> #include <linux/venet.h> @@ -733,6 +734,7 @@ static int venet_newlink(struct net *src_net, struct netlink_ext_ack *extack) { struct ve_struct *ve = src_net->owner_ve; + struct nsproxy *ve_ns; struct net *net; int err = 0; @@ -741,7 +743,10 @@ static int venet_newlink(struct net *src_net, * also referenced on assignment => ve won't die => * rcu_read_lock()/unlock not needed here. */ - net = rcu_dereference_check(ve->ve_ns, 1)->net_ns; + ve_ns = rcu_dereference_check(ve->ve_ns, 1); + if (!ve_ns) + return -EBUSY; + net = ve_ns->net_ns; if (!net) return -EBUSY;
When testing criu on vz8 I got crash in venet_newlink on dereferencing zero ve_ns: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 PGD 8000000136ceb067 P4D 8000000136ceb067 PUD 137624067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 6853 Comm: criu ve: ad7d77df-8614-42b4-8bf4-c9313fcb2a17 Kdump: loaded Not tainted 4.18.0-193.6.3.vz8.4.18 #1 4.18 Hardware name: Virtuozzo KVM, BIOS 1.11.0-2.vz7.2 04/01/2014 RIP: 0010:venet_newlink+0x18/0xc0 [vznetdev] Small reproducer: # term 1 echo $$ # 407283 # term 2 mkdir /sys/fs/cgroup/ve/my_new_ve echo 666 > /sys/fs/cgroup/ve/my_new_ve/ve.veid echo 407283 > /sys/fs/cgroup/ve/my_new_ve/tasks # term 1 unshare -n ip link add venet0 type venet If we create venet in network namespace which is owned by ve which is not started yet - we crash. Note on vz7 we are safe as there is no ve_ns. https://jira.sw.ru/browse/PSBM-123077 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> --- drivers/net/venetdev.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)