From: Baoquan He <bhe@redhat.com>
To: Xiang Gao <gxxa03070307@gmail.com>
Cc: brauner@kernel.org, viro@zeniv.linux.org.uk, rostedt@goodmis.org,
amir73il@gmail.com, joel.granados@kernel.org,
linux-kernel@vger.kernel.org, gaoxiang17 <gaoxiang17@xiaomi.com>
Subject: Re: [PATCH] pid: Add a judgment for ns null in pid_nr_ns
Date: Tue, 11 Feb 2025 14:49:18 +0800 [thread overview]
Message-ID: <Z6ry7vfpNe5/mFnT@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20250211061712.3234465-1-gxxa03070307@gmail.com>
On 02/11/25 at 02:17pm, Xiang Gao wrote:
> From: gaoxiang17 <gaoxiang17@xiaomi.com>
>
> __task_pid_nr_ns
> ns = task_active_pid_ns(current);
> pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);
> if (pid && ns->level <= pid->level) {
>
> Sometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.
>
> For example:
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058
> Mem abort info:
> ESR = 0x0000000096000007
> EC = 0x25: DABT (current EL), IL = 32 bits
> SET = 0, FnV = 0
> EA = 0, S1PTW = 0
> FSC = 0x07: level 3 translation fault
> Data abort info:
> ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000
> CM = 0, WnR = 0, TnD = 0, TagAccess = 0
> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> user pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000
> [0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000
> pstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
> pc : __task_pid_nr_ns+0x74/0xd0
> lr : __task_pid_nr_ns+0x24/0xd0
> sp : ffffffc08001bd10
> x29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001
> x26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31
> x23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0
> x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000
> x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc
> x14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800
> x11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001
> x8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449
> x5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc
> x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0
> Call trace:
> __task_pid_nr_ns+0x74/0xd0
> ...
> __handle_irq_event_percpu+0xd4/0x284
> handle_irq_event+0x48/0xb0
> handle_fasteoi_irq+0x160/0x2d8
> generic_handle_domain_irq+0x44/0x60
> gic_handle_irq+0x4c/0x114
> call_on_irq_stack+0x3c/0x74
> do_interrupt_handler+0x4c/0x84
> el1_interrupt+0x34/0x58
> el1h_64_irq_handler+0x18/0x24
> el1h_64_irq+0x68/0x6c
> account_kernel_stack+0x60/0x144
> exit_task_stack_account+0x1c/0x80
> do_exit+0x7e4/0xaf8
> ...
> get_signal+0x7bc/0x8d8
> do_notify_resume+0x128/0x828
> el0_svc+0x6c/0x70
> el0t_64_sync_handler+0x68/0xbc
> el0t_64_sync+0x1a8/0x1ac
> Code: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)
> ---[ end trace 0000000000000000 ]---
> Kernel panic - not syncing: Oops: Fatal exception in interrupt
>
> Signed-off-by: gaoxiang17 <gaoxiang17@xiaomi.com>
> ---
> kernel/pid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
I didn't contribute to this area, not sure why I am in CC. While, this
fix looks good to me. FWIW,
Reviewed-by: Baoquan He <bhe@redhat.com>
>
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 924084713be8..2f73f5d13164 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -487,7 +487,7 @@ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
> struct upid *upid;
> pid_t nr = 0;
>
> - if (pid && ns->level <= pid->level) {
> + if (pid && ns && ns->level <= pid->level) {
> upid = &pid->numbers[ns->level];
> if (upid->ns == ns)
> nr = upid->nr;
> --
> 2.34.1
>
next prev parent reply other threads:[~2025-02-11 6:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 6:17 [PATCH] pid: Add a judgment for ns null in pid_nr_ns Xiang Gao
2025-02-11 6:49 ` Baoquan He [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-08-02 2:21 Xiang Gao
2025-08-02 2:25 ` Al Viro
2025-08-02 8:43 ` Oleg Nesterov
[not found] ` <15b18541f37447dd8d5dbd8012662f67@xiaomi.com>
2025-08-02 8:45 ` 答复: [External Mail]Re: " Oleg Nesterov
[not found] ` <80be47cb31d14ffc9f9a7d8d4408ab0a@xiaomi.com>
2025-08-04 11:49 ` Oleg Nesterov
2025-08-04 12:14 ` Christian Brauner
2025-08-04 12:44 ` Oleg Nesterov
2025-08-05 12:43 ` Oleg Nesterov
2025-08-08 14:56 ` Christian Brauner
2025-08-10 15:42 ` Oleg Nesterov
2025-08-19 11:40 ` Christian Brauner
2025-08-19 14:25 ` Oleg Nesterov
2025-09-01 15:30 ` Oleg Nesterov
2025-09-01 15:44 ` Mateusz Guzik
2025-09-01 15:55 ` Mateusz Guzik
2025-09-02 14:37 ` Oleg Nesterov
2026-01-04 7:25 ` Qing Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6ry7vfpNe5/mFnT@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=gaoxiang17@xiaomi.com \
--cc=gxxa03070307@gmail.com \
--cc=joel.granados@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.