Re: [PATCH] sysfs: check visibility before changing group attribute ownership

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Fernando Fernandez Mancera <fmancera@suse.de>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	kuba@kernel.org, cynthia@kosmx.dev, rafael@kernel.org,
	dakr@kernel.org, christian.brauner@ubuntu.com,
	edumazet@google.com, pabeni@redhat.com, davem@davemloft.net,
	horms@kernel.org
Subject: Re: [PATCH] sysfs: check visibility before changing group attribute ownership
Date: Thu, 16 Oct 2025 16:46:31 +0200	[thread overview]
Message-ID: <2025101604-filing-plenty-ec86@gregkh> (raw)
In-Reply-To: <20251016101456.4087-1-fmancera@suse.de>

On Thu, Oct 16, 2025 at 12:14:56PM +0200, Fernando Fernandez Mancera wrote:
> Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for
> phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can
> hit WARN_ON() when trying to change owner of a file that isn't visible.
> See the trace below:
> 
>  WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __dev_change_net_namespace+0xb89/0xc30
>  CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-mainline #1 PREEMPT(full)  4b783b4a638669fb644857f484487d17cb45ed1f
>  Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.07 02/19/2025
>  RIP: 0010:__dev_change_net_namespace+0xb89/0xc30
>  [...]
>  Call Trace:
>   <TASK>
>   ? if6_seq_show+0x30/0x50
>   do_setlink.isra.0+0xc7/0x1270
>   ? __nla_validate_parse+0x5c/0xcc0
>   ? security_capable+0x94/0x1a0
>   rtnl_newlink+0x858/0xc20
>   ? update_curr+0x8e/0x1c0
>   ? update_entity_lag+0x71/0x80
>   ? sched_balance_newidle+0x358/0x450
>   ? psi_task_switch+0x113/0x2a0
>   ? __pfx_rtnl_newlink+0x10/0x10
>   rtnetlink_rcv_msg+0x346/0x3e0
>   ? sched_clock+0x10/0x30
>   ? __pfx_rtnetlink_rcv_msg+0x10/0x10
>   netlink_rcv_skb+0x59/0x110
>   netlink_unicast+0x285/0x3c0
>   ? __alloc_skb+0xdb/0x1a0
>   netlink_sendmsg+0x20d/0x430
>   ____sys_sendmsg+0x39f/0x3d0
>   ? import_iovec+0x2f/0x40
>   ___sys_sendmsg+0x99/0xe0
>   __sys_sendmsg+0x8a/0xf0
>   do_syscall_64+0x81/0x970
>   ? __sys_bind+0xe3/0x110
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? sock_alloc_file+0x63/0xc0
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? alloc_fd+0x12e/0x190
>   ? put_unused_fd+0x2a/0x70
>   ? do_sys_openat2+0xa2/0xe0
>   ? syscall_exit_work+0x143/0x1b0
>   ? do_syscall_64+0x244/0x970
>   ? exc_page_fault+0x7e/0x1a0
>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>  [...]
>   </TASK>
> 
> Fix this by checking is_visible() before trying to touch the attribute.
> 
> Fixes: 303a42769c4c ("sysfs: add sysfs_group{s}_change_owner()")
> Reported-by: Cynthia <cynthia@kosmx.dev>
> Closes: https://lore.kernel.org/netdev/01070199e22de7f8-28f711ab-d3f1-46d9-b9a0-048ab05eb09b-000000@eu-central-1.amazonses.com/
> Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
> ---
>  fs/sysfs/group.c | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)

Nice, thanks!  This has been tested, right?

thanks,

greg k-h

next prev parent reply	other threads:[~2025-10-16 14:46 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-16 10:14 [PATCH] sysfs: check visibility before changing group attribute ownership Fernando Fernandez Mancera
2025-10-16 14:46 ` Greg KH [this message]
2025-10-16 15:31   ` Cynthia
2025-10-16 23:17     ` Fernando Fernandez Mancera
2025-10-16 15:38 ` Jakub Kicinski
2025-10-16 23:30   ` Fernando Fernandez Mancera

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2025101604-filing-plenty-ec86@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=cynthia@kosmx.dev \
    --cc=dakr@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fmancera@suse.de \
    --cc=horms@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=rafael@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).