lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 4 Jan 2019 14:09:33 +0300
From:   Alexey Dobriyan <adobriyan@...il.com>
To:     Mateusz Stępień <mateusz.stepien@...rounds.com>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: PROBLEM: Old content of /proc/net after switching network
 namespace

On Fri, Jan 04, 2019 at 09:21:23AM +0100, Mateusz Stępień wrote:
> After changing network namespace using setns, the content of /proc/net 
> still represents the original namespace.
> It looks like procfs dentries are not invalidated in dcache properly 
> after the namespace switch.
> It happens only, when you read content of /proc/net before changing 
> namespace
> The problem is reproducible in 4.19.13 but not in 4.14.X.
> Bisecting the stable kernel tree shows that the commit
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1da4d377f943fe4194ffb9fb9c26cc58fad4dd24 
> introduced the problem.
> Reverting mentioned commit resolves it.
> 
> MCVE (slightly modified example from [man 2 setns]):

	open /proc/net/dev
	read
	close

	setns

	open /proc/net/dev
	read
	close

This bug was discussed recently and Al even posted how to fix it
properly.

Try this horror patch meanwhile:

--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -219,19 +219,30 @@ void proc_free_inum(unsigned int inum)
 	ida_simple_remove(&proc_inum_ida, inum - PROC_DYNAMIC_FIRST);
 }
 
+static bool net_root(const struct proc_dir_entry *pde)
+{
+	return pde->parent == &proc_root && pde->mode == 0;
+}
+
 static int proc_misc_d_revalidate(struct dentry *dentry, unsigned int flags)
 {
+	const struct proc_dir_entry *pde;
+
 	if (flags & LOOKUP_RCU)
 		return -ECHILD;
 
-	if (atomic_read(&PDE(d_inode(dentry))->in_use) < 0)
+	pde = PDE(d_inode(dentry));
+
+	if (atomic_read(&pde->in_use) < 0 || net_root(pde))
 		return 0; /* revalidate */
 	return 1;
 }
 
 static int proc_misc_d_delete(const struct dentry *dentry)
 {
-	return atomic_read(&PDE(d_inode(dentry))->in_use) < 0;
+	const struct proc_dir_entry *pde = PDE(d_inode(dentry));
+
+	return atomic_read(&pde->in_use) < 0 || net_root(pde);
 }
 
 static const struct dentry_operations proc_misc_dentry_ops = {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ