From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
To: mptcp@lists.linux.dev, Mat Martineau <martineau@kernel.org>,
Geliang Tang <geliang@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Gregory Detal <gregory.detal@gmail.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Xin Long <lucien.xin@gmail.com>,
Vlad Yasevich <vyasevich@gmail.com>,
Neil Horman <nhorman@tuxdriver.com>,
wangweidong <wangweidong1@huawei.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Vlad Yasevich <vyasevic@redhat.com>,
Allison Henderson <allison.henderson@oracle.com>,
Sowmini Varadhan <sowmini.varadhan@oracle.com>,
Al Viro <viro@zeniv.linux.org.uk>
Cc: Joel Granados <joel.granados@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org,
rds-devel@oss.oracle.com,
"Matthieu Baerts (NGI0)" <matttbe@kernel.org>,
stable@vger.kernel.org,
syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com
Subject: [PATCH net 0/9] net: sysctl: avoid using current->nsproxy
Date: Wed, 08 Jan 2025 16:34:28 +0100 [thread overview]
Message-ID: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> (raw)
As pointed out by Al Viro and Eric Dumazet in [1], using the 'net'
structure via 'current' is not recommended for different reasons:
- Inconsistency: getting info from the reader's/writer's netns vs only
from the opener's netns as it is usually done. This could cause
unexpected issues when other operations are done on the wrong netns.
- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
(null-ptr-deref), e.g. when the current task is exiting, as spotted by
syzbot [1] using acct(2).
The 'net' or 'pernet' structure can be obtained from the table->data
using container_of().
Note that table->data could also be used directly in more places, but
that would increase the size of this fix to replace all accesses via
'net'. Probably best to avoid that for fixes.
Patches 2-9 remove access of net via current->nsproxy in sysfs handlers
in MPTCP, SCTP and RDS. There are multiple patches doing almost the same
thing, but the reason is to ease the backports.
Patch 1 is not directly linked to this, but it is a small fix for MPTCP
available_schedulers sysctl knob to explicitly mark it as read-only.
Please note that this series does not address Al's comment [2]. In SCTP,
some sysctl knobs set other sysfs-exposed variables for the min/max: two
processes could then write two linked values at the same time, resulting
in new values being outside the new boundaries. It would be great if
SCTP developers can look at this problem.
Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
Link: https://lore.kernel.org/netdev/20250105211158.GL1977892@ZenIV/ [2]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Matthieu Baerts (NGI0) (9):
mptcp: sysctl: avail sched: remove write access
mptcp: sysctl: sched: avoid using current->nsproxy
mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
sctp: sysctl: rto_min/max: avoid using current->nsproxy
sctp: sysctl: auth_enable: avoid using current->nsproxy
sctp: sysctl: udp_port: avoid using current->nsproxy
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
net/mptcp/ctrl.c | 17 +++++++++--------
net/rds/tcp.c | 39 ++++++++++++++++++++++++++++++++-------
net/sctp/sysctl.c | 14 ++++++++------
3 files changed, 49 insertions(+), 21 deletions(-)
---
base-commit: db78475ba0d3c66d430f7ded2388cc041078a542
change-id: 20250108-net-sysctl-current-nsproxy-672ae21a873f
Best regards,
--
Matthieu Baerts (NGI0) <matttbe@kernel.org>
next reply other threads:[~2025-01-08 15:35 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-08 15:34 Matthieu Baerts (NGI0) [this message]
2025-01-08 15:34 ` [PATCH net 1/9] mptcp: sysctl: avail sched: remove write access Matthieu Baerts (NGI0)
2025-01-08 16:25 ` Eric Dumazet
2025-01-08 15:34 ` [PATCH net 2/9] mptcp: sysctl: sched: avoid using current->nsproxy Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 3/9] mptcp: sysctl: blackhole timeout: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 4/9] sctp: sysctl: cookie_hmac_alg: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 5/9] sctp: sysctl: rto_min/max: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 6/9] sctp: sysctl: auth_enable: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 7/9] sctp: sysctl: udp_port: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 8/9] sctp: sysctl: plpmtud_probe_interval: " Matthieu Baerts (NGI0)
2025-01-08 15:34 ` [PATCH net 9/9] rds: sysctl: rds_tcp_{rcv,snd}buf: " Matthieu Baerts (NGI0)
2025-01-09 17:00 ` [PATCH net 0/9] net: sysctl: " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org \
--to=matttbe@kernel.org \
--cc=allison.henderson@oracle.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=geliang@kernel.org \
--cc=gregory.detal@gmail.com \
--cc=horms@kernel.org \
--cc=joel.granados@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=martineau@kernel.org \
--cc=mptcp@lists.linux.dev \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=pabeni@redhat.com \
--cc=rds-devel@oss.oracle.com \
--cc=sowmini.varadhan@oracle.com \
--cc=stable@vger.kernel.org \
--cc=syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=vyasevic@redhat.com \
--cc=vyasevich@gmail.com \
--cc=wangweidong1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).