[64/66] Phonet: disable network namespace support
diff mbox series

Message ID 20101022183601.910822183@clark.site
State New, archived
Headers show
Series
  • 2.6.32.25-stable review
Related show

Commit Message

Greg KH Oct. 22, 2010, 6:35 p.m. UTC
2.6.32-stable review patch.  If anyone has any objections, please let us know.

------------------

From: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>

[Solved differently upstream]

Network namespace in the Phonet socket stack causes an OOPS when a
namespace is destroyed. This occurs as the loopback exit_net handler is
called after the Phonet exit_net handler, and re-enters the Phonet
stack. I cannot think of any nice way to fix this in kernel <= 2.6.32.

For lack of a better solution, disable namespace support completely.
If you need that, upgrade to a newer kernel.

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Acked-by: David S. Miller <davem@davemloft.net>

---
 net/phonet/af_phonet.c  |    4 ++++
 net/phonet/pn_dev.c     |   12 ++++++++++--
 net/phonet/pn_netlink.c |    9 ++++++++-
 3 files changed, 22 insertions(+), 3 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Comments

Ben Hutchings Oct. 22, 2010, 9:22 p.m. UTC | #1
On Fri, 2010-10-22 at 11:35 -0700, Greg KH wrote:
> 2.6.32-stable review patch.  If anyone has any objections, please let us know.
> 
> ------------------
> 
> From: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
> 
> [Solved differently upstream]
> 
> Network namespace in the Phonet socket stack causes an OOPS when a
> namespace is destroyed. This occurs as the loopback exit_net handler is
> called after the Phonet exit_net handler, and re-enters the Phonet
> stack. I cannot think of any nice way to fix this in kernel <= 2.6.32.
> 
> For lack of a better solution, disable namespace support completely.
> If you need that, upgrade to a newer kernel.
[...]

I've had one report today that the bug is still reproducible in the
current Debian kernel, which includes this change.  Rémi, how have you
tested this fix?

Ben.
Rémi Denis-Courmont Oct. 25, 2010, 7:43 a.m. UTC | #2
On Saturday 23 October 2010 00:22:33 ext Ben Hutchings, you wrote:
> On Fri, 2010-10-22 at 11:35 -0700, Greg KH wrote:
> I've had one report today that the bug is still reproducible in the
> current Debian kernel, which includes this change.  Rémi, how have you
> tested this fix?

I don´t actually remember, but I obviously missed something :-(
With similar problem reports in Nokia/MeeGo, that´ s what I added last week:

From: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Subject: [PATCH] Phonet: device notifier only runs on initial namespace

This should really fix the OOPS when doing:

  unshare(CLONE_NEWNET);
  exit(0);

while the phonet module is loaded.

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
---
 net/phonet/pn_dev.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
index 5a2275c..d94ca91 100644
--- a/net/phonet/pn_dev.c
+++ b/net/phonet/pn_dev.c
@@ -225,6 +225,9 @@ static int phonet_device_notify(struct notifier_block *me, unsigned long what,
 {
 	struct net_device *dev = arg;
 
+	if (!net_eq(dev_net(dev), &init_net))
+		return 0;
+
 	switch (what) {
 	case NETDEV_REGISTER:
 		if (dev->type == ARPHRD_PHONET)

Patch
diff mbox series

--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -67,6 +67,8 @@  static int pn_socket_create(struct net *
 	struct phonet_protocol *pnp;
 	int err;
 
+	if (!net_eq(net, &init_net))
+		return -EAFNOSUPPORT;
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
@@ -353,6 +355,8 @@  static int phonet_rcv(struct sk_buff *sk
 	struct sockaddr_pn sa;
 	u16 len;
 
+	if (!net_eq(net, &init_net))
+		goto out;
 	/* check we have at least a full Phonet header */
 	if (!pskb_pull(skb, sizeof(struct phonethdr)))
 		goto out;
--- a/net/phonet/pn_dev.c
+++ b/net/phonet/pn_dev.c
@@ -246,7 +246,11 @@  static struct notifier_block phonet_devi
 /* Per-namespace Phonet devices handling */
 static int phonet_init_net(struct net *net)
 {
-	struct phonet_net *pnn = kmalloc(sizeof(*pnn), GFP_KERNEL);
+	struct phonet_net *pnn;
+
+	if (!net_eq(net, &init_net))
+		return 0;
+	pnn = kmalloc(sizeof(*pnn), GFP_KERNEL);
 	if (!pnn)
 		return -ENOMEM;
 
@@ -263,9 +267,13 @@  static int phonet_init_net(struct net *n
 
 static void phonet_exit_net(struct net *net)
 {
-	struct phonet_net *pnn = net_generic(net, phonet_net_id);
+	struct phonet_net *pnn;
 	struct net_device *dev;
 
+	if (!net_eq(net, &init_net))
+		return;
+	pnn = net_generic(net, phonet_net_id);
+
 	rtnl_lock();
 	for_each_netdev(net, dev)
 		phonet_device_destroy(dev);
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -68,6 +68,8 @@  static int addr_doit(struct sk_buff *skb
 	int err;
 	u8 pnaddr;
 
+	if (!net_eq(net, &init_net))
+		return -EOPNOTSUPP;
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
@@ -124,12 +126,16 @@  nla_put_failure:
 
 static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 {
+	struct net *net = sock_net(skb->sk);
 	struct phonet_device_list *pndevs;
 	struct phonet_device *pnd;
 	int dev_idx = 0, dev_start_idx = cb->args[0];
 	int addr_idx = 0, addr_start_idx = cb->args[1];
 
-	pndevs = phonet_device_list(sock_net(skb->sk));
+	if (!net_eq(net, &init_net))
+		goto skip;
+
+	pndevs = phonet_device_list(net);
 	spin_lock_bh(&pndevs->lock);
 	list_for_each_entry(pnd, &pndevs->list, list) {
 		u8 addr;
@@ -154,6 +160,7 @@  static int getaddr_dumpit(struct sk_buff
 
 out:
 	spin_unlock_bh(&pndevs->lock);
+skip:
 	cb->args[0] = dev_idx;
 	cb->args[1] = addr_idx;