lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2025101604-filing-plenty-ec86@gregkh>
Date: Thu, 16 Oct 2025 16:46:31 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Fernando Fernandez Mancera <fmancera@...e.de>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, kuba@...nel.org,
	cynthia@...mx.dev, rafael@...nel.org, dakr@...nel.org,
	christian.brauner@...ntu.com, edumazet@...gle.com,
	pabeni@...hat.com, davem@...emloft.net, horms@...nel.org
Subject: Re: [PATCH] sysfs: check visibility before changing group attribute
 ownership

On Thu, Oct 16, 2025 at 12:14:56PM +0200, Fernando Fernandez Mancera wrote:
> Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for
> phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can
> hit WARN_ON() when trying to change owner of a file that isn't visible.
> See the trace below:
> 
>  WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __dev_change_net_namespace+0xb89/0xc30
>  CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-mainline #1 PREEMPT(full)  4b783b4a638669fb644857f484487d17cb45ed1f
>  Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.07 02/19/2025
>  RIP: 0010:__dev_change_net_namespace+0xb89/0xc30
>  [...]
>  Call Trace:
>   <TASK>
>   ? if6_seq_show+0x30/0x50
>   do_setlink.isra.0+0xc7/0x1270
>   ? __nla_validate_parse+0x5c/0xcc0
>   ? security_capable+0x94/0x1a0
>   rtnl_newlink+0x858/0xc20
>   ? update_curr+0x8e/0x1c0
>   ? update_entity_lag+0x71/0x80
>   ? sched_balance_newidle+0x358/0x450
>   ? psi_task_switch+0x113/0x2a0
>   ? __pfx_rtnl_newlink+0x10/0x10
>   rtnetlink_rcv_msg+0x346/0x3e0
>   ? sched_clock+0x10/0x30
>   ? __pfx_rtnetlink_rcv_msg+0x10/0x10
>   netlink_rcv_skb+0x59/0x110
>   netlink_unicast+0x285/0x3c0
>   ? __alloc_skb+0xdb/0x1a0
>   netlink_sendmsg+0x20d/0x430
>   ____sys_sendmsg+0x39f/0x3d0
>   ? import_iovec+0x2f/0x40
>   ___sys_sendmsg+0x99/0xe0
>   __sys_sendmsg+0x8a/0xf0
>   do_syscall_64+0x81/0x970
>   ? __sys_bind+0xe3/0x110
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? sock_alloc_file+0x63/0xc0
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? alloc_fd+0x12e/0x190
>   ? put_unused_fd+0x2a/0x70
>   ? do_sys_openat2+0xa2/0xe0
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? exc_page_fault+0x7e/0x1a0
>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>  [...]
>   </TASK>
> 
> Fix this by checking is_visible() before trying to touch the attribute.
> 
> Fixes: 303a42769c4c ("sysfs: add sysfs_group{s}_change_owner()")
> Reported-by: Cynthia <cynthia@...mx.dev>
> Closes: https://lore.kernel.org/netdev/01070199e22de7f8-28f711ab-d3f1-46d9-b9a0-048ab05eb09b-000000@eu-central-1.amazonses.com/
> Signed-off-by: Fernando Fernandez Mancera <fmancera@...e.de>
> ---
>  fs/sysfs/group.c | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)

Nice, thanks!  This has been tested, right?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ