lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 31 May 2021 22:01:28 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Changbin Du <changbin.du@...il.com>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        stable@...r.kernel.org, Cong Wang <xiyou.wangcong@...il.com>,
        David Laight <David.Laight@...LAB.COM>
Subject: Re: [PATCH] nsfs: fix oops when ns->ops is not provided

On Mon, 31 May 2021 23:34:10 +0800 Changbin Du wrote:
> We should not create inode for disabled namespace. A disabled namespace
> sets its ns->ops to NULL. Kernel could panic if we try to create a inode
> for such namespace.
> 
> Here is an example oops in socket ioctl cmd SIOCGSKNS when NET_NS is
> disabled. Kernel panicked wherever nsfs trys to access ns->ops since the
> proc_ns_operations is not implemented in this case.
> 
> [7.670023] Unable to handle kernel NULL pointer dereference at virtual address 00000010
> [7.670268] pgd = 32b54000
> [7.670544] [00000010] *pgd=00000000
> [7.671861] Internal error: Oops: 5 [#1] SMP ARM
> [7.672315] Modules linked in:
> [7.672918] CPU: 0 PID: 1 Comm: systemd Not tainted 5.13.0-rc3-00375-g6799d4f2da49 #16
> [7.673309] Hardware name: Generic DT based system
> [7.673642] PC is at nsfs_evict+0x24/0x30
> [7.674486] LR is at clear_inode+0x20/0x9c
> 
> So let's reject such request for disabled namespace.
> 
> Signed-off-by: Changbin Du <changbin.du@...il.com>
> Cc: <stable@...r.kernel.org>
> Cc: Cong Wang <xiyou.wangcong@...il.com>
> Cc: Jakub Kicinski <kuba@...nel.org>
> Cc: David Laight <David.Laight@...LAB.COM>
> ---
>  fs/nsfs.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index 800c1d0eb0d0..6c055eb7757b 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -62,6 +62,10 @@ static int __ns_get_path(struct path *path, struct ns_common *ns)
>  	struct inode *inode;
>  	unsigned long d;
>  
> +	/* In case the namespace is not actually enabled. */
> +	if (!ns->ops)
> +		return -EOPNOTSUPP;
> +
>  	rcu_read_lock();
>  	d = atomic_long_read(&ns->stashed);
>  	if (!d)

I'm not sure why we'd pick runtime checks for something that can be
perfectly easily solved at compilation time. Networking should not
be asking for FDs for objects which don't exist.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ