From: Patrick McHardy <kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org,
Matias Zabaljauregui
<zabaljauregui-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
virtualization-qjLDD68F18O7TbgM5vRIOg@public.gmane.org
Subject: Re: [PATCH 4/5] lguest: use KVM hypercalls
Date: Thu, 09 Apr 2009 15:20:20 +0200 [thread overview]
Message-ID: <49DDF614.1060909@trash.net> (raw)
In-Reply-To: <49DDE91A.8060603-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1029 bytes --]
Patrick McHardy wrote:
> which goes away by turning of CONFIG_STACKPROTECTOR. Now it seems
> to work, but the host crashes before the guests are fully up somewhere
> in the tun-device. I couldn't capture the oops yet, but I'll try
> to fix it myself.
This was caused by a local change of mine to attach to existing
tun-devices, combined with a bug in the tun driver, which looks
like it was introduced by this patch:
commit c70f182940f988448f3c12a209d18b1edc276e33
Author: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Date: Tue Jan 20 11:07:17 2009 +0000
tun: Fix races between tun_net_close and free_netdev.
When creating the device using tunctl the sk->sk_sleep poiner is
set to the read_wait completion of the file opened by tunctl, but
it is not refreshed when attaching to lguest or released when
closing the file, causing a stale pointer dereference in
tun_sock_write_space().
Eric, please review. Thanks.
Signed-off-by: Patrick McHardy <kaber-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
[-- Attachment #2: tun.diff --]
[-- Type: text/x-patch, Size: 589 bytes --]
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index a1b0697..0af7ceb 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -173,6 +173,8 @@ static void __tun_detach(struct tun_struct *tun)
tun->tfile = NULL;
netif_tx_unlock_bh(tun->dev);
+ tun->sk->sk_sleep = NULL;
+
/* Drop read queue */
skb_queue_purge(&tun->readq);
@@ -873,6 +875,9 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
else
return -EINVAL;
+ sk = tun->sk;
+ sk->sk_sleep = &tfile->read_wait;
+
err = tun_attach(tun, file);
if (err < 0)
return err;
[-- Attachment #3: Type: text/plain, Size: 158 bytes --]
_______________________________________________
Lguest mailing list
Lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org
https://ozlabs.org/mailman/listinfo/lguest
next prev parent reply other threads:[~2009-04-09 13:20 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-26 23:52 [PATCH 4/5] lguest: use KVM hypercalls Rusty Russell
2009-04-02 21:55 ` [Lguest] " Simon Holm Thøgersen
[not found] ` <1238709324.5823.8.camel-78RDdhuQolGs1BDpvl8NfQ@public.gmane.org>
2009-04-02 23:37 ` Matias Zabaljauregui
2009-04-03 9:28 ` Simon Holm Thøgersen
2009-04-05 13:04 ` Rusty Russell
[not found] ` <200904052234.48483.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2009-04-06 6:56 ` Simon Holm Thøgersen
2009-04-08 16:24 ` [Lguest] " Patrick McHardy
[not found] ` <1239043798.27826.93.camel@zetabook>
[not found] ` <200904081021.39877.rusty@rustcorp.com.au>
[not found] ` <200904081021.39877.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2009-04-08 20:58 ` Matias Zabaljauregui
2009-04-09 10:32 ` Simon Holm Thøgersen
[not found] ` <1239273165.5687.10.camel-78RDdhuQolGs1BDpvl8NfQ@public.gmane.org>
2009-04-13 16:25 ` Matias Zabaljauregui
2009-04-15 8:42 ` Rusty Russell
[not found] ` <200904151812.23318.rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>
2009-04-15 14:55 ` Matias Zabaljauregui
2009-04-09 12:24 ` Patrick McHardy
[not found] ` <49DDE91A.8060603-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
2009-04-09 13:20 ` Patrick McHardy [this message]
2009-04-09 13:59 ` [Lguest] " Eric W. Biederman
[not found] ` <m1bpr6hqrm.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-14 11:54 ` Patrick McHardy
[not found] ` <49E47976.8020005-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
2009-04-14 17:10 ` Eric W. Biederman
2009-04-15 8:36 ` [Lguest] " Herbert Xu
[not found] ` <20090415083610.GA8579-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 8:47 ` Herbert Xu
2009-04-15 9:07 ` [Lguest] " Christian Borntraeger
2009-04-15 11:07 ` Patrick McHardy
2009-04-15 13:23 ` Eric W. Biederman
[not found] ` <m18wm2rqy6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 13:28 ` Herbert Xu
[not found] ` <20090415132802.GA11408-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 13:35 ` Eric W. Biederman
[not found] ` <m1skkaox8h.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 13:46 ` Herbert Xu
[not found] ` <20090415134610.GA11683-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 13:55 ` Herbert Xu
[not found] ` <20090415135502.GA11827-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 14:10 ` Eric W. Biederman
[not found] ` <m1ocuynh2f.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 14:12 ` Herbert Xu
2009-04-15 14:06 ` [Lguest] " Eric W. Biederman
[not found] ` <m11vruovu5.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 14:08 ` Herbert Xu
[not found] ` <20090415140819.GA11991-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 14:18 ` Eric W. Biederman
[not found] ` <m1iql6m24b.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 14:23 ` Herbert Xu
2009-04-15 14:38 ` Herbert Xu
[not found] ` <20090415143834.GA12384-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-15 14:56 ` Eric W. Biederman
[not found] ` <m1zleiklsl.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-04-15 22:27 ` Herbert Xu
2009-04-16 11:08 ` [1/2] tun: Only free a netdev when all tun descriptors are closed Herbert Xu
[not found] ` <20090416110818.GA20950-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-16 11:09 ` [2/2] tun: Fix sk_sleep races when attaching/detaching Herbert Xu
[not found] ` <20090416110952.GB20950-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-20 8:35 ` Herbert Xu
2009-04-20 9:26 ` David Miller
2009-04-20 9:35 ` Herbert Xu
2009-04-20 10:02 ` David Miller
2009-04-24 8:55 ` [1/2] tun: Only free a netdev when all tun descriptors are closed Christian Borntraeger
[not found] ` <200904241055.49794.borntraeger-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>
2009-04-24 12:11 ` Herbert Xu
[not found] ` <20090424121156.GA28039-lOAM2aK0SrRLBo1qDEOMRrpzq4S04n8Q@public.gmane.org>
2009-04-24 12:40 ` Christian Borntraeger
[not found] ` <49DDF614.1060909-dcUjhNyLwpNeoWH0uzbU5w@public.gmane.org>
2009-04-13 16:29 ` [PATCH 4/5] lguest: use KVM hypercalls Matias Zabaljauregui
2009-04-14 11:55 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49DDF614.1060909@trash.net \
--to=kaber-dcujhnylwpneowh0uzbu5w@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=lguest-mnsaURCQ41sdnm+yROfE0A@public.gmane.org \
--cc=virtualization-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=zabaljauregui-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).