From: Changbin Du <changbin.du@gmail.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: "David S. Miller" <davem@davemloft.net>,
Jakub Kici nski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
Changbin Du <changbin.du@gmail.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
David Laight <David.Laight@ACULAB.COM>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH v2] net: do not invoke open_related_ns when NET_NS is disabled
Date: Wed, 9 Jun 2021 23:46:35 +0800 [thread overview]
Message-ID: <20210609154635.46792-1-changbin.du@gmail.com> (raw)
When NET_NS is not enabled, socket ioctl cmd SIOCGSKNS should do nothing
but acknowledge userspace it is not supported. Otherwise, kernel would
panic wherever nsfs trys to access ns->ops since the proc_ns_operations
is not implemented in this case.
[7.670023] Unable to handle kernel NULL pointer dereference at virtual address 00000010
[7.670268] pgd = 32b54000
[7.670544] [00000010] *pgd=00000000
[7.671861] Internal error: Oops: 5 [#1] SMP ARM
[7.672315] Modules linked in:
[7.672918] CPU: 0 PID: 1 Comm: systemd Not tainted 5.13.0-rc3-00375-g6799d4f2da49 #16
[7.673309] Hardware name: Generic DT based system
[7.673642] PC is at nsfs_evict+0x24/0x30
[7.674486] LR is at clear_inode+0x20/0x9c
The same to tun SIOCGSKNS command.
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
---
drivers/net/tun.c | 4 ++++
net/socket.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 84f832806313..8ec5977d2f34 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -3003,9 +3003,13 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
} else if (cmd == TUNSETQUEUE) {
return tun_set_queue(file, &ifr);
} else if (cmd == SIOCGSKNS) {
+#ifdef CONFIG_NET_NS
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
return -EPERM;
return open_related_ns(&net->ns, get_net_ns);
+#else
+ return -EOPNOTSUPP;
+#endif
}
rtnl_lock();
diff --git a/net/socket.c b/net/socket.c
index 27e3e7d53f8e..bc644030d2e8 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1149,11 +1149,15 @@ static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
mutex_unlock(&vlan_ioctl_mutex);
break;
case SIOCGSKNS:
+#ifdef CONFIG_NET_NS
err = -EPERM;
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
break;
err = open_related_ns(&net->ns, get_net_ns);
+#else
+ err = -EOPNOTSUPP;
+#endif
break;
case SIOCGSTAMP_OLD:
case SIOCGSTAMPNS_OLD:
--
2.30.2
next reply other threads:[~2021-06-09 15:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-09 15:46 Changbin Du [this message]
2021-06-09 23:08 ` [PATCH v2] net: do not invoke open_related_ns when NET_NS is disabled Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210609154635.46792-1-changbin.du@gmail.com \
--to=changbin.du@gmail.com \
--cc=David.Laight@ACULAB.COM \
--cc=christian.brauner@ubuntu.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.