After set fb_tunnels_only_for_init_net to 1, the itn->fb_tunnel_dev will
be NULL and will cause following crash:
[ 2742.849298] BUG: unable to handle kernel NULL pointer dereference at 0000000000000941
[ 2742.851380] PGD 800000042c21a067 P4D 800000042c21a067 PUD 42aaed067 PMD 0
[ 2742.852818] Oops: 0002 [#1] SMP PTI
[ 2742.853570] CPU: 7 PID: 2484 Comm: unshare Kdump: loaded Not tainted 4.18.0-rc8+ #2
[ 2742.855163] Hardware name: Fedora Project OpenStack Nova, BIOS seabios-1.7.5-11.el7 04/01/2014
[ 2742.856970] RIP: 0010:vti_init_net+0x3a/0x50 [ip_vti]
[ 2742.858034] Code: 90 83 c0 48 c7 c2 20 a1 83 c0 48 89 fb e8 6e 3b f6 ff 85 c0 75 22 8b 0d f4 19 00 00 48 8b 93 00 14 00 00 48 8b 14 ca 48 8b 12 <c6> 82 41 09 00 00 04 c6 82 38 09 00 00 45 5b c3 66 0f 1f 44 00 00
[ 2742.861940] RSP: 0018:ffff9be28207fde0 EFLAGS: 00010246
[ 2742.863044] RAX: 0000000000000000 RBX: ffff8a71ebed4980 RCX: 0000000000000013
[ 2742.864540] RDX: 0000000000000000 RSI: 0000000000000013 RDI: ffff8a71ebed4980
[ 2742.866020] RBP: ffff8a71ea717000 R08: ffffffffc083903c R09: ffff8a71ea717000
[ 2742.867505] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8a71ebed4980
[ 2742.868987] R13: 0000000000000013 R14: ffff8a71ea5b49c0 R15: 0000000000000000
[ 2742.870473] FS: 00007f02266c9740(0000) GS:ffff8a71ffdc0000(0000) knlGS:0000000000000000
[ 2742.872143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2742.873340] CR2: 0000000000000941 CR3: 000000042bc20006 CR4: 00000000001606e0
[ 2742.874821] Call Trace:
[ 2742.875358] ops_init+0x38/0xf0
[ 2742.876078] setup_net+0xd9/0x1f0
[ 2742.876789] copy_net_ns+0xb7/0x130
[ 2742.877538] create_new_namespaces+0x11a/0x1d0
[ 2742.878525] unshare_nsproxy_namespaces+0x55/0xa0
[ 2742.879526] ksys_unshare+0x1a7/0x330
[ 2742.880313] __x64_sys_unshare+0xe/0x20
[ 2742.881131] do_syscall_64+0x5b/0x180
[ 2742.881933] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reproduce:
echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
modprobe ip_vti
unshare -n
Fixes: 79134e6ce2c9 (net: do not create fallback tunnels for non-default
namespaces)
Cc: Eric Dumazet <[email protected]>
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv4/ip_vti.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 3f091cc..f38cb21 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -438,7 +438,8 @@ static int __net_init vti_init_net(struct net *net)
if (err)
return err;
itn = net_generic(net, vti_net_id);
- vti_fb_tunnel_init(itn->fb_tunnel_dev);
+ if (itn->fb_tunnel_dev)
+ vti_fb_tunnel_init(itn->fb_tunnel_dev);
return 0;
}
--
1.8.3.1
When set fb_tunnels_only_for_init_net to 1, don't create fallback tunnel
device for vti6 when a new namespace is created.
Tested:
[root@builder2 ~]# modprobe ip6_tunnel
[root@builder2 ~]# modprobe ip6_vti
[root@builder2 ~]# echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
[root@builder2 ~]# unshare -n
[root@builder2 ~]# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv6/ip6_vti.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index c72ae3a..3b9f39f 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -1114,6 +1114,8 @@ static int __net_init vti6_init_net(struct net *net)
ip6n->tnls[0] = ip6n->tnls_wc;
ip6n->tnls[1] = ip6n->tnls_r_l;
+ if (!net_has_fallback_tunnels(net))
+ return 0;
err = -ENOMEM;
ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
NET_NAME_UNKNOWN, vti6_dev_setup);
--
1.8.3.1
From: Haishuang Yan <[email protected]>
Date: Sun, 19 Aug 2018 15:05:05 +0800
> When set fb_tunnels_only_for_init_net to 1, don't create fallback tunnel
> device for vti6 when a new namespace is created.
>
> Tested:
> [root@builder2 ~]# modprobe ip6_tunnel
> [root@builder2 ~]# modprobe ip6_vti
> [root@builder2 ~]# echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
> [root@builder2 ~]# unshare -n
> [root@builder2 ~]# ip link
> 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> Signed-off-by: Haishuang Yan <[email protected]>
Applied.
From: Haishuang Yan <[email protected]>
Date: Sun, 19 Aug 2018 15:05:04 +0800
> After set fb_tunnels_only_for_init_net to 1, the itn->fb_tunnel_dev will
> be NULL and will cause following crash:
...
> Reproduce:
> echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
> modprobe ip_vti
> unshare -n
>
> Fixes: 79134e6ce2c9 (net: do not create fallback tunnels for non-default
> namespaces)
> Cc: Eric Dumazet <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>
Applied, but please format your Fixes: tag properly next time.
Do not split up a Fixes tag into multiple lines, no matter how long it
is. And enclose the commit header text in both parenthesis and double
quotes, not just parenthesis. Like ("blah blah blah"), thank you.
> On 2018??8??20??, at ????2:27, David Miller <[email protected]> wrote:
>
> From: Haishuang Yan <[email protected]>
> Date: Sun, 19 Aug 2018 15:05:04 +0800
>
>> After set fb_tunnels_only_for_init_net to 1, the itn->fb_tunnel_dev will
>> be NULL and will cause following crash:
> ...
>> Reproduce:
>> echo 1 > /proc/sys/net/core/fb_tunnels_only_for_init_net
>> modprobe ip_vti
>> unshare -n
>>
>> Fixes: 79134e6ce2c9 (net: do not create fallback tunnels for non-default
>> namespaces)
>> Cc: Eric Dumazet <[email protected]>
>> Signed-off-by: Haishuang Yan <[email protected]>
>
> Applied, but please format your Fixes: tag properly next time.
>
> Do not split up a Fixes tag into multiple lines, no matter how long it
> is. And enclose the commit header text in both parenthesis and double
> quotes, not just parenthesis. Like ("blah blah blah"), thank you.
>
Okay, thanks for reviewing.