Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1377622pxj; Sat, 29 May 2021 11:28:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZ/XlWNcPEWYoiZRuDhHhMFhUmGQpRhNkdrwCeoIpbhO/mBjhcz/KdMKLE4tb6fAiBj7au X-Received: by 2002:aa7:d30d:: with SMTP id p13mr16250252edq.46.1622312931058; Sat, 29 May 2021 11:28:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622312931; cv=none; d=google.com; s=arc-20160816; b=FOvb/haY7RAfS/0sLSj+NzBLL/UPrPuQnV4otaEfxIrJc7dMy9CxcIw44bQgycrKW4 jmuvcCWec95KS751cSGW7miuMR6H8Iyt282X6aW/icJMY5bqAZmhHlbv9jkiHLPRvBKI QuO/w+MlAuwXau6llJFLycZtiVzWfgx3QCnPKuiaHrO91ARCH0oP9GZxpJ3Uk3vVtHNe CekqdImgNBQ30tkw3Sm+RC/oXjw5e0NrYxLlivttc26xqXBU4XI87c+ZIYGJHFQ3RjcM VbpDYdR2XXnZUyFyKAtm2S2gl/aOU8ehm+7cHkZAT0TBqBMxAFp/mDK8Zc9f+uAE9I5z l0BQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=C4ESO1WeVUwo1VFLiREz1rCPleVU4NbqseV0RKYYnxo=; b=TzRuRLidE1EFOS342LJpsn1Dc7t3P/IjMQyK41uNlZyE8HB9GAZ4GsbYoIa3ng1KoG 7606FmP4Y2j9QzsMkAsB4uePzfSISGfvqHpgQArKSG83fAypqyvjoGnIWVaJTRZl1i0y mI8Dh09wHgQQqOwA+8DMpKMDqrLpJLJ1nKXBXxHrPy3bp161UJgL0m7gsStZXDvgnuvi IlQ+SFqkyIRFm7BI0xYPJFuymo8MMiXWQifHHH1dKTMxWVzdbcPyIUMswGdF+m/3trjw 5jE5SAfB1K3/OJVxHXmHMLcvuURly7SqIboGcS1achjAGGAgZCl1PntQj1OJNeq4OJ0C 8qXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=c3ATEZye; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ho39si7980259ejc.563.2021.05.29.11.28.27; Sat, 29 May 2021 11:28:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=c3ATEZye; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229809AbhE2S3N (ORCPT + 99 others); Sat, 29 May 2021 14:29:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:43606 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229734AbhE2S3N (ORCPT ); Sat, 29 May 2021 14:29:13 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7B8A56112F; Sat, 29 May 2021 18:27:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622312856; bh=Da53OQw4As5KKqSGeJ8Dz/T5K+i/k/2kHpMjJUuJK6I=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=c3ATEZyeQaWJbesWkEd+w587Dfm4j1MAsHmB6uLQG8Id7hDVJflnOZWA7yXASX5Be NZ4v2RFfI/sDvTf6tDZv3hUdyP1JcdHMi0bujevzrfJfYooKXRH1IXHQbdDAnLFxre jL5C7VEW1ZiKclbd0CBP5UWHcPsnTsCQZFOMhaZ44iwDS70lvTSij5aReZdfWwkzvL DPrXTlsl68m2rrVhFH41HT8jRGiiMhwqkV+yMFAXTXsXfFBRfoH1YrxDyjgWAbzuRR zKyJrMhuBE9vluAnK7FsNS5+nEqNFHnYqdfdcqtv03MCv75BLqgeZDI66INBccFP9K Teto/kPDW+2rA== Date: Sat, 29 May 2021 11:27:35 -0700 From: Jakub Kicinski To: Changbin Du Cc: "David S. Miller" , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] net: fix oops in socket ioctl cmd SIOCGSKNS when NET_NS is disabled Message-ID: <20210529112735.22bdc153@kicinski-fedora-PC1C0HJN.hsd1.ca.comcast.net> In-Reply-To: <20210529060526.422987-1-changbin.du@gmail.com> References: <20210529060526.422987-1-changbin.du@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 29 May 2021 14:05:26 +0800 Changbin Du wrote: > When NET_NS is not enabled, socket ioctl cmd SIOCGSKNS should do nothing > but acknowledge userspace it is not supported. Otherwise, kernel would > panic wherever nsfs trys to access ns->ops since the proc_ns_operations > is not implemented in this case. > > [7.670023] Unable to handle kernel NULL pointer dereference at virtual address 00000010 > [7.670268] pgd = 32b54000 > [7.670544] [00000010] *pgd=00000000 > [7.671861] Internal error: Oops: 5 [#1] SMP ARM > [7.672315] Modules linked in: > [7.672918] CPU: 0 PID: 1 Comm: systemd Not tainted 5.13.0-rc3-00375-g6799d4f2da49 #16 > [7.673309] Hardware name: Generic DT based system > [7.673642] PC is at nsfs_evict+0x24/0x30 > [7.674486] LR is at clear_inode+0x20/0x9c > > Signed-off-by: Changbin Du > Cc: # v4.9 Please provide a Fixes tag. > diff --git a/net/socket.c b/net/socket.c > index 27e3e7d53f8e..644b46112d35 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -1149,11 +1149,15 @@ static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg) > mutex_unlock(&vlan_ioctl_mutex); > break; > case SIOCGSKNS: > +#ifdef CONFIG_NET_NS > err = -EPERM; > if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) > break; > > err = open_related_ns(&net->ns, get_net_ns); There's a few more places with this exact code. Can we please add the check in get_net_ns? That should fix all callers. > +#else > + err = -ENOTSUPP; EOPNOTSUPP, you shouldn't return ENOTSUPP to user space. > +#endif > break; > case SIOCGSTAMP_OLD: > case SIOCGSTAMPNS_OLD: