From patchwork Wed Jan 8 15:34:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931182 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05713259497; Wed, 8 Jan 2025 15:35:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350511; cv=none; b=E+dd2KcTtNXauaJ2ODTuozWJ3gcyeilpUL9kU7md1Ko3Oxd4Jjwv+lQVhIxHeZ6Fvi9bR3lCiMOTI1DLLBcTlVBYuS86BZaExieUazHPnAale/yqurpydB9/iQfZbOBCt0ddXRjbGUwkXACVegWChvpXDfc2LPhJS3ics4PqvGs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350511; c=relaxed/simple; bh=hIueIUZaxmfqgKEY/FmottlVw/0rUVh36j7Ej9VoLM8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XnepIbOtdVfEmX+5AxQGSkfTYLRT6tnKNkE8NYyzv3P4n02UHsKUUbYN1O3VKM6mXqAnVQ/lTobbXswrCy7SfIA2h6lKK6HANE9f1LTQSSomRfOgXil37j4xpumJfC3+CSZFDjbDUPuPeXv6Y+dwBtVzlV3b1uccCqxeiXAF+Fs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=shEHDZtY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="shEHDZtY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72C50C4CEE3; Wed, 8 Jan 2025 15:35:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350510; bh=hIueIUZaxmfqgKEY/FmottlVw/0rUVh36j7Ej9VoLM8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=shEHDZtYNWfyW4JudNaIOaUbvPSgS6JTAc/wW3s8PseALXtnJ4SoxcJm2pd7InOar iKUKM4Fn738sH6Hn3tlNeugOYdof9mAfAPYuud/qLVpItMi0S4eSYfG1Uc1cZuof/6 OLbCKu++rXqWZoikJ/I+rAcQ4/3cHAbFo21kWrrXPItPZT8g8XakrSrX47qay5IiFF 5B/eS7Pjp8xEtr1qs6XjRCDjMHsTLPILPFXV0h0WphmEDJ4SP2QQGvfyKmjPHMBcqw 0Z5VJI3yo7kP/zffyxI474iDcLa4p2BhI53yB7pajhJg+/DCCLHhPt2Encz7hiZp36 UvrHO7Majpsxw== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:29 +0100 Subject: [PATCH net 1/9] mptcp: sysctl: avail sched: remove write access Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-1-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1016; i=matttbe@kernel.org; h=from:subject:message-id; bh=hIueIUZaxmfqgKEY/FmottlVw/0rUVh36j7Ej9VoLM8=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsiX4/l17Z7l01UKCkmrIDO8CxYVFp7jJn5c 2F45JJHuP2JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIgAKCRD2t4JPQmmg c0l1EAC8OTeXe1Zwwsh4/vjLo0Bxad6vISYLRAo11hH08jUlq/PXUXCXPJgIIEal9zJyeeUfQJR 2vuN0sX5wX1EF99+VlCe8suASxn2fV+ffaUMSsFTNe+dxTZA/GIHqjhCpQIzRuOrvndw2Pk2zNN XdhuRfmbdsRxrJ2XgzNS5maV/UFbrfmdwedbF6lGTX6S9qnDKfi88gYWJle0+TpMVMcLwRxRFW7 3mvNyjY5+5hr7BXZgFHJl3BTHhOamqtYvQEwddnqeamRl931htkEwhRmwp806+qcKV41nzmcKjY 0Z1chFTuNombDRNBhxVUri7yXSM/88i6HUQAZZH+Bi81CEEwctgRktiPobgMh4hnG8nZNHIvZmm adUuTN8N+fd8SgN6MGKJmHnnqO7/T/JmGj4d+BAJvHtm3xYjHTwZMEdHIilTTTs2dozTMlX5WqU vvhmkSiev1khcdTnMKUNtZ17Iz40opR6yzG6qIGR5deJSWVxGQkn7KECOBrkbATcsOcLnN9+P43 SxcjWRcEquRXzmqNI1gvruXWeFGuDEgmECC7rUtkJMRJxAzIQ2QpgmFAuQV3jcbLbFq5Vmm4vYK x2aCfqWajQdSAxpbwcrAeECrTCJ87dWnMSCKMMy3mvRDZq7Q5YfC8obnyuomKVGUG/5g8AHA/9W drK5uks9iDK7AFg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 'net.mptcp.available_schedulers' sysctl knob is there to list available schedulers, not to modify this list. There are then no reasons to give write access to it. Nothing would have been written anyway, but no errors would have been returned, which is unexpected. Fixes: 73c900aa3660 ("mptcp: add net.mptcp.available_schedulers") Cc: stable@vger.kernel.org Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Eric Dumazet --- net/mptcp/ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 38d8121331d4a981d4a60ebd8f6cd9482fc2b50c..d9b57fab2a13e64b6c8585e821ed5212f59f8651 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -228,7 +228,7 @@ static struct ctl_table mptcp_sysctl_table[] = { { .procname = "available_schedulers", .maxlen = MPTCP_SCHED_BUF_MAX, - .mode = 0644, + .mode = 0444, .proc_handler = proc_available_schedulers, }, { From patchwork Wed Jan 8 15:34:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931183 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED850259497; Wed, 8 Jan 2025 15:35:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350518; cv=none; b=DvR+BAT8vwMvq+HZEgzU8pUCipn2hSmBjiNGgMKBGqFPtgCXlzkLXn+7VY9kqNWTuwnIOigfIPvBag8lNPMeT1m4gE2PwxokOC+LIe3GB+gA468NctkO1+ZxNmrtSHQUHI7JIKSu0Nwt8JfU2dXgaI4VNWTTDulaShccyo8QEQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350518; c=relaxed/simple; bh=WwnRjI/8/iw1OFb2VHnT5gO6pqS+HzJirrR+KnF87m4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RDpH+Te1IHFOQ8SW43U69h3yL4XemLZVv32RkU4k4bNZNzP/3fNllvQNu7zxozkJVK0dXoqFrBk6TrwRpOsGqu/CoUerkBlu5paJNVVL4ejohk2q0V75Ouc8OJ6EucNmiECM6VBGAn25ZFoiq+m49NyEJxaryc/RoJpcSmrNcEE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jH6+06AS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jH6+06AS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 06512C4CEE0; Wed, 8 Jan 2025 15:35:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350516; bh=WwnRjI/8/iw1OFb2VHnT5gO6pqS+HzJirrR+KnF87m4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=jH6+06AS0OGJFkxIo8C0AdmMl9hGCe2WjR8aokttVZT5ABdZEiAOhbhNi9Hvf2Oc9 Vhj8Za+zyU07taeXAiu0jPdu5VpJM3Sbri35NOrH20+9MANEyDeWu0XtAno7bc/P8t anWJq0Fj/6g98CETEtTG8u45xzcQmQeTjOIjTO/6d3ii3yYQ1Kp7SOaSLh8MQiuxBA RqVk2hEsBFkqpYX74Ja6VFLyn1ajv3AElJDWTkvmKi268ThJfwFyVQ9hd/VjUE0xSh 4K456QddI92JuajuRvamPPquo9ydAHQuDAr/+kjddYvZQ3lReaqE788ex9iDnGDFwJ rwEFgDqw5a5qw== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:30 +0100 Subject: [PATCH net 2/9] mptcp: sysctl: sched: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-2-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org, syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=8026; i=matttbe@kernel.org; h=from:subject:message-id; bh=WwnRjI/8/iw1OFb2VHnT5gO6pqS+HzJirrR+KnF87m4=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsixzVlWSJc7W3+DiXQbOeuPWYmxtlalL9cY aNraDupi/+JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIgAKCRD2t4JPQmmg c2pPEADK0/j23gnw3Xa9ZPzBVlwodZLcGIupRhenNXzpJQsdQAhzuL4qQD1YuUX4GACboGodjaW I82T3P8LTpeQKwyYdbXvGolIGlKNqz1ySAfsFKifdHOoOByplEz6SLqXmoElJl7NxfATfRIwVFa UNwercmhNgZo4a528gdBpvoTgAlq1ZYSzint4cOXunSxN3UXJ/jMt8/8y8yb+JDRNG0cOnZOu3q LnKhXUpEbZzaZwaFJK2bbQHCrYvvs3KMhc06cb2liGxT6z7J4sardbawtk0PrJb8T01p3CQ6gLI To+FNv7WF1n16OWRzXXrjOpB6vfkPsy25XsQAbJ0HAx4Zt4S6EPOXg0BIBzfBgTJnfPv1hzXlAk pJh5EU2rarWokt+YbpHSUV/dVxAo47YhYkSqzPx8dIio6pu/seY/S0mlvuFS55RN8E2fNE+0U2x OBjDWDDr/k6CUUpTm4hz6KSYerRR6dXLPSlzDDVnWV8ykvE0brnseXZN3voQNt+hBCVnRJsEZOT phmOTByFA8kvL0+1huKfzAi50NBWYjUG6dybPNuyoMv//sie/uLbvOec8sI42G8OBgmgkXbO+Il kjQCJChAX6VChbM7qPr/zMYyoD7OksF8lW9HFhfE+HkOxI4Txvak9x1R4tUPdi8+Z4E8b1QaKFE m/ZwZhf0D1Ay8UQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how the "generic" sysctl entries are doing: directly by only using pointers set to the table entry, e.g. table->data. Linked to that, the per-netns data should always be obtained from the table linked to the netns it had been created for, which may not coincide with the reader's or writer's netns. Another reason is that access to current->nsproxy->netns can oops if attempted when current->nsproxy had been dropped when the current task is exiting. This is what syzbot found, when using acct(2): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601 __kernel_write_iter+0x318/0xa80 fs/read_write.c:612 __kernel_write+0xf6/0x140 fs/read_write.c:632 do_acct_process+0xcb0/0x14a0 kernel/acct.c:539 acct_pin_kill+0x2d/0x100 kernel/acct.c:192 pin_kill+0x194/0x7c0 fs/fs_pin.c:44 mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81 cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366 task_work_run+0x14e/0x250 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 get_signal+0x2576/0x2610 kernel/signal.c:3017 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fee3cb87a6a Code: Unable to access opcode bytes at 0x7fee3cb87a40. RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7 R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500 R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 5: 0f 85 fe 02 00 00 jne 0x309 b: 4d 8b a4 24 08 09 00 mov 0x908(%r12),%r12 12: 00 13: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1a: fc ff df 1d: 49 8d 7c 24 28 lea 0x28(%r12),%rdi 22: 48 89 fa mov %rdi,%rdx 25: 48 c1 ea 03 shr $0x3,%rdx * 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2d: 0f 85 cc 02 00 00 jne 0x2ff 33: 4d 8b 7c 24 28 mov 0x28(%r12),%r15 38: 48 rex.W 39: 8d .byte 0x8d 3a: 84 24 c8 test %ah,(%rax,%rcx,8) Here with 'net.mptcp.scheduler', the 'net' structure is not really needed, because the table->data already has a pointer to the current scheduler, the only thing needed from the per-netns data. Simply use 'data', instead of getting (most of the time) the same thing, but from a longer and indirect way. Fixes: 6963c508fd7a ("mptcp: only allow set existing scheduler for net.mptcp.scheduler") Cc: stable@vger.kernel.org Reported-by: syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com Closes: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com Suggested-by: Al Viro Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/ctrl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index d9b57fab2a13e64b6c8585e821ed5212f59f8651..81c30aa02196d69c55799e5963f6591e416c8831 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -102,16 +102,15 @@ static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) } #ifdef CONFIG_SYSCTL -static int mptcp_set_scheduler(const struct net *net, const char *name) +static int mptcp_set_scheduler(char *scheduler, const char *name) { - struct mptcp_pernet *pernet = mptcp_get_pernet(net); struct mptcp_sched_ops *sched; int ret = 0; rcu_read_lock(); sched = mptcp_sched_find(name); if (sched) - strscpy(pernet->scheduler, name, MPTCP_SCHED_NAME_MAX); + strscpy(scheduler, name, MPTCP_SCHED_NAME_MAX); else ret = -ENOENT; rcu_read_unlock(); @@ -122,7 +121,7 @@ static int mptcp_set_scheduler(const struct net *net, const char *name) static int proc_scheduler(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - const struct net *net = current->nsproxy->net_ns; + char (*scheduler)[MPTCP_SCHED_NAME_MAX] = ctl->data; char val[MPTCP_SCHED_NAME_MAX]; struct ctl_table tbl = { .data = val, @@ -130,11 +129,11 @@ static int proc_scheduler(const struct ctl_table *ctl, int write, }; int ret; - strscpy(val, mptcp_get_scheduler(net), MPTCP_SCHED_NAME_MAX); + strscpy(val, *scheduler, MPTCP_SCHED_NAME_MAX); ret = proc_dostring(&tbl, write, buffer, lenp, ppos); if (write && ret == 0) - ret = mptcp_set_scheduler(net, val); + ret = mptcp_set_scheduler(*scheduler, val); return ret; } From patchwork Wed Jan 8 15:34:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931184 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89065259497; Wed, 8 Jan 2025 15:35:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350522; cv=none; b=IDaAghyGqIzcVt9m+z6NX240FTI+LqP9X25doXQqRaikWzCqsvzbYVzzbtviB2G9HLhMdOA/esbMgdUHUiJpPiNMkGV3/fZkcPw7mQ5o5FbeZPcGfn16chk0Q6UwEcwUiScEHWnN8/DzT06qJqhQ0kpbiiZVSLqtR3B13EHf7ns= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350522; c=relaxed/simple; bh=Xrd3zdWiR9VxG1TSMB2lMdIXir8zfBFIexCulLIIR54=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=N76Nr+ljPaZdFCgYK3Qx8NwGTMwMKwi3kv5Xs5eMbHTx1B+QiaG16VVNs/IbhOEVISmtdXgR8agBl3jOqXhApI1rgZfBrJyFHxBfYNfaPclklR89Ahshb6jF8UXxLF//KDaBh/2IZCZL9g9X/eCBiH/pS7/omdOkigDWgkptuCM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lWyPt9lQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lWyPt9lQ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC2FEC4CEDF; Wed, 8 Jan 2025 15:35:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350522; bh=Xrd3zdWiR9VxG1TSMB2lMdIXir8zfBFIexCulLIIR54=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lWyPt9lQBfKiiXQtLJvl+eNbiuQz3572B4KAsTxSrBOyIAgHC0GLUMYa4bbO9wMeS 6zJZJqycXC768jeDn19OHsTHgQB9Ba4SMQ84vaXjInK9LNvhtByF6RiAyNwA8h2FuL UP9dwQQtWn0rzl6Rn+Y0aJNSnQMxMDsUMO2P5u3BX9nnOa3B87Z5CpG0NJ9+Bbmlv6 G81RbZ91PK/2H5gPIMJ5gmU1PNWw50GXDrh8jyhxaLuHf2TAkKHm04NvO4+K0AiYwR NBtPs0aOpH/hEzQwrOvNKsKZvdwiXWFoRyNAn7xDdnrtEBDrm5y9U66H04wxkBk3Ly kreVgN0d2/L7w== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:31 +0100 Subject: [PATCH net 3/9] mptcp: sysctl: blackhole timeout: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-3-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1567; i=matttbe@kernel.org; h=from:subject:message-id; bh=Xrd3zdWiR9VxG1TSMB2lMdIXir8zfBFIexCulLIIR54=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjNDmbEGyWaVM7w9ArB+i15s5uX0WvUCClM RpwdkTsUamJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c5SJEADg1tojmkDUSYGZHbgXVr86QyBhtcFmSnE+UeD8Vr02jNuI3L8VFitr0C8EOSGjnvD35X+ +TYA7s5XptukAXjDtN3wuskxp2zjhyhBy7UXxMiw8fqu8hufbnCgyI1iz+KPJf9WZ4xKiV+oCy0 27D1OQTAY73w5U4n3DdOau9/IWZV8tvtK+nod/rpdGLAx69pq/hZNObfKRMtfVP8Ha6vZ4vVm5P dZfkWdPBVv0SlK1YlObEAhCRnGR9sIGatnKB17UJ4ZOxct0PjnNxCG/CdfymmrcI+U9LTjL5xBX EzoD5UjqX5Bq5KeXWtkmCs9Tt9SN51+K9KFjqe8rvHdS57JN/HP9ZCsVeA1KU0/8NWG2XwGcsFm 0J+SUnABR47DbiEESAtZiaUKC/Ku/QYehT90bS+d7FfXXz5foglMeiXUxqCxUIBq9v6pPN5dgyQ Yn4V1YgDxp8ggZV3+0sADZ3mkKOG9cCmFtIIdpzhPUbWhqwjug0CiCTzBGUEYj6ZykNvNF3iL1l ErkpW+86vc8/P0zLLXr+d5842DDMFZZ7RpxQ/6MgVfYnu5i9ZtpOl0y1/4LygG1enDjQL3EPHSr lH60lH1gBV61PhRWa3fSowQD/7tu1qM1BJwHqdWXkVQFeZrtTkqk6iMeTp7qwLkJg9TDoOA10T1 QJdsljuErW04AIQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'pernet' structure can be obtained from the table->data using container_of(). Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/ctrl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 81c30aa02196d69c55799e5963f6591e416c8831..b0dd008e2114bce65ee3906bbdc19a5a4316cefa 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -160,7 +160,9 @@ static int proc_blackhole_detect_timeout(const struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct mptcp_pernet *pernet = mptcp_get_pernet(current->nsproxy->net_ns); + struct mptcp_pernet *pernet = container_of(table->data, + struct mptcp_pernet, + blackhole_timeout); int ret; ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); From patchwork Wed Jan 8 15:34:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931185 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D10BC1FECAE; Wed, 8 Jan 2025 15:35:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350528; cv=none; b=m3peyxKcPad6D/YFl59wFBve3+nq43VUKWHlTMEFFzvwtwNtyNYcY+LnEYZmH87QWl3u3ZQKWt03HoAMU/TmUQtogz6uhBbXXl8dS4X7qtj7UeI0IDQs7JXsdmEVfafSwzU//J6TiexS5WB0E00dmjtF7N0Akn4OQKhaQjUDXt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350528; c=relaxed/simple; bh=RzoX/Mfle45ycBTiE07FhU2G1d2ZCr++/wDZPC4Mtns=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Fozf2GV4OVEOWhpEBvjuUJ7I98gkuxlrxs1JK6Y7MQhRpdDa+vGmkVRkLP6JrGuV7RofrDzv+rTh0jLl6gs6rSyZUsri8QP5wBZ+4wOJSlqox+tsihcRZfrw4H0Xf3EjV5qs9j96nTDHoqfr1BJ9ncAJdBVr1kGJC+KwwXWIeyw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dTk92jOY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dTk92jOY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8029BC4CEE4; Wed, 8 Jan 2025 15:35:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350527; bh=RzoX/Mfle45ycBTiE07FhU2G1d2ZCr++/wDZPC4Mtns=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dTk92jOYIjjH2J0dsNf99k8RJ2AzanZtaYpSHqdSGpweraXigfKEv+0upv1IT8A7z KqJikdqcS2pHx7faYDewkPpCBwy5EmrdXszocdpK3WIHs49iYYThLf/06hLpPTkvc1 9HnUaohqRu962XNQNPByHTOBMhjSBhBTQdMsNWt3rMwFS7knScEYIIScoh0J9LnU9b h1L3i8IA12uqNWKeWx9JFGER2Ojr7bcpKm1+hpX8sF9/10pT0hflfPUL23WUCKmEZi E9b9eQEznxkTdQFG4dDTst+0DqLb0uxxMZxEHJzYUTMhKwjHb7bqrL5yBruKbN4AQg SujQBQzFnl/FQ== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:32 +0100 Subject: [PATCH net 4/9] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-4-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1732; i=matttbe@kernel.org; h=from:subject:message-id; bh=RzoX/Mfle45ycBTiE07FhU2G1d2ZCr++/wDZPC4Mtns=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjYAQXsZVHp54/bDIS4iqUYc/+zC1BDbk13 KVDDIjqTMuJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c8ghEACnStxbiJgevWI5Jgt6h5657fEy3C6jSyanXQXC8RxV8wHWDHoZzNFs4hw25GFas1qxJU7 Vr8/95j23s+r4XRrBdReCL7+uWOWyOVvUTz7k5rym28GHc3qZ/Cg285HyQK2lJAlQUEZR27WH5f 8rkM/6PTloThkqBdTb7Be0MQyRxTiq9CVKUUDDYzTu/gSstQ8T3iG18vfY7q2kVjNyo/9D0+Q/W Z23oDxIT3MQqqyLIplZaQxiLHfuo4zE8J8haW2+RFzeq05aAuXxjMw90TiYOBod8uqRaS/4kaET oRoK2QOIBoqoub5Pt7MWFigHWv+fUVLRD9aJ3ADbzlG4V9mnLi70GLMQpBLYMy/3GyVzrwnrt0A dPSaxFKbF3iF49NPMn1oDIS0e+SlRz6F4/FLxIuCFuuK4g4BJdY1dW+Zx4wg/FKQAmFiBhhONIK l+C4/ZxYCoVpAIUilJYOL52a4Eg5PdfRTgQWUuhMl51s3qw7IcrTKmuQr9J3kW5hGtcvajbQLpS y5IRblgIVwYnHH3gy/fvvr8J3KGrQKKrp/FTFQlNWk7CtOBDxzsGmddhsM1Wk9JHivL/xKhJGof ResKkg4zExSNS6IssvctlTutR/hxZ/TCnjDXjgI0w8yEMG/gwBXGCuBERrTXneS3KnT5vv1EvfQ novUbpb9ZiTk8cg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used. Fixes: 3c68198e7511 ("sctp: Make hmac algorithm selection for cookie generation dynamic") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/sctp/sysctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index e5a5af343c4c98de1afb27359c104f5030583ac4..9848d19630a4f760238a3a2abd3ec823f012d34a 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -387,7 +387,8 @@ static struct ctl_table sctp_net_table[] = { static int proc_sctp_do_hmac_alg(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, + sctp.sctp_hmac_alg); struct ctl_table tbl; bool changed = false; char *none = "none"; From patchwork Wed Jan 8 15:34:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931186 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEEDC1FFC68; Wed, 8 Jan 2025 15:35:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350533; cv=none; b=raqu1TYc0Wuq3c4YRG4DP4HfsDkMFVfr/1W5mgdbeMWYCex1deZFp1JpchDsrKPuBlwYfnDsY8Pixvu8/64PFo7fSvps+06R5Ja9JuzJrddREiOtHsCttSXqknyFZDR+IfZs8UBl/OeXhidIzsHHao6UUKip+vqMtA48MB3667M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350533; c=relaxed/simple; bh=ayV3wzrEF51iGpmrpDx//XVLQY2a3A5Dl5YwOxyjoc4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XlBRqfnxsbQwGJtxc2vUOcCTQH3SfCWDZXbHmiumCNHU9tvhg6xTs6lMkTnkJiDs4REjUT2FseGlJjjS+K8PWG6u98gcMBp6TRkxyJkGgpSpIk69cYX9HCqUd/gI+P7VfnBmRJvHKOcc1lXH+OWd6eLY8fB8CiOejOpZJWxOKMg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UUm8bROV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UUm8bROV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BFEEC4CEE3; Wed, 8 Jan 2025 15:35:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350533; bh=ayV3wzrEF51iGpmrpDx//XVLQY2a3A5Dl5YwOxyjoc4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UUm8bROVSesTFjcICdqH95oLdhDDpmuf3VnnM8PRJGauOz1ko2glctmoMKJk3h4rd 3bKFgY0fgwH8EY9ghOnJp2sRDn/dhr0dQmnpPqCu36QvBFEVvaVlGAstzUkw+EJN3N /nCL0/ppURULhAkBwvp2PTm19nCri6ZriWta4Dzk6HoE0mE+ojdEYHFae2xrYhQovq cD//tmHu2LVONpeYtMnhvAeIyTcD2oqvZEpr5v9f5/IvRbnPUf2ph16ow9PSvUcgUt FLjs7bhji0OcD7a1RgBCnn+dzK7wz6pNjm0OIB8Mgu5UJJuRRrycytjY3UcaBqcoQ9 9+SC+joUEZlaA== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:33 +0100 Subject: [PATCH net 5/9] sctp: sysctl: rto_min/max: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-5-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2244; i=matttbe@kernel.org; h=from:subject:message-id; bh=ayV3wzrEF51iGpmrpDx//XVLQY2a3A5Dl5YwOxyjoc4=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjKGaEE29cJY8jZk9VxvV177Cxn7ythD79l qQJXxOtVZ+JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c0WIEACibXRVeRZTRpD7TX1zf5fLoc3vz2KC9nbsZmyUDM6hLKBkTg+CwzD/H9XDnTCpwFWAqM8 d/nLyNtJrVUWGNb65WXelZg+a3kngwzQeXs6sOPyVG8RNaOJe2yzMp/2np5nReRtLqZrPeO5XVZ 6akIfby1VCWGdlxLvOyelwNWHRHm3DYgbbUK7foncQiJktnXUYijsy4pEqrFQeOjsjpONoM9E4E ehfRwoTaYmkHjSI3w4CsMtSeIrID9Xo8A1vKvKnr+h2eRF8DBu2MP01jjfQM4CjsLc/f421u76e 9JDndty81Br5Wh884T8GMQwfFcxVDCcS1Dh1EX/UoT1Bszbon2mQn2uyFzxhO4Q+wvU0UDcizv4 l93nK6hz2SXthsD1wQQ/XpCyfnqWc0m6xylIPXhPimvhmIOzVSIMJWOO7XnZOa9tUjDwcshXHCE 7KuAzYurIP5DTa7r47MaZxOtdo5+8/ueyDssb/oAQ7LBktATwEGPHnQ955Y03Sc8wHEo79V77pu yVbcOmCCOymfo+r/BenN0GBsMnbuGM01g9plN1mWDYJ7E61G9RTc/ot/paCEx0tPEWGQkUJd7J8 UqJoLnmQg9ndoiyW9/QhimjCktjVad0tS6Vsyh0p1L/iBiy458OR/qddNsFvKoh0YXjiDgRRr6u 6ByAZleuGoeW9hQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used. Fixes: 4f3fdf3bc59c ("sctp: add check rto_min and rto_max in sysctl") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/sctp/sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 9848d19630a4f760238a3a2abd3ec823f012d34a..a5285815264dfa9d88d1d71244f309448e97a506 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -433,7 +433,7 @@ static int proc_sctp_do_hmac_alg(const struct ctl_table *ctl, int write, static int proc_sctp_do_rto_min(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, sctp.rto_min); unsigned int min = *(unsigned int *) ctl->extra1; unsigned int max = *(unsigned int *) ctl->extra2; struct ctl_table tbl; @@ -461,7 +461,7 @@ static int proc_sctp_do_rto_min(const struct ctl_table *ctl, int write, static int proc_sctp_do_rto_max(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, sctp.rto_max); unsigned int min = *(unsigned int *) ctl->extra1; unsigned int max = *(unsigned int *) ctl->extra2; struct ctl_table tbl; From patchwork Wed Jan 8 15:34:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931187 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 427561FECD0; Wed, 8 Jan 2025 15:35:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350539; cv=none; b=dr6O7UT9CMGErFAAjyL9Bc54wSlHajyTeC36RGVMMTeraEhmr+woQLmoxMrxDvLmQAYY2iDwUZZakOV3xabVTPPo7cfR+Qsrq0bqFJ/th08A2w9PjEN1rouf62DYG/B/Ko31mhxP1thCE/JLaefH2Xgy5HvMnns7UgwcVQK7Djc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350539; c=relaxed/simple; bh=GtD13rz6CUq4cx2jxPDigJz1ycwU6vRnNISdtqEgmsk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=X9xrwsPEBL+gCy8uDujTrdx+h9w3Gsyd1z6Fr0wKyQlUqgCzUI7Dj6g7vi24WvpTSZQNwK2tco4Cw+vnT5s0JQKtYlNd/VZowRux5o+nuL1TMUOFDtNIyX76gkoEPwWA58XbTILtXmDT1ff5Dd+3QUM8Sq4N7p2GU3T0crMstYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cKoie9YQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cKoie9YQ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A3395C4CED3; Wed, 8 Jan 2025 15:35:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350538; bh=GtD13rz6CUq4cx2jxPDigJz1ycwU6vRnNISdtqEgmsk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cKoie9YQGfESjtvNWpnYGBrKoIBtcln+htnzvlgnSc/y4stD80RdGpZZonZNsOy6i Sl3Ma5yOLkB0xgxIr6qsCElkmvJFZjTVYLEz5soK9fl/lwjXe/G1KaGqSC+9TNK7w8 xHcU33q/crWQAnDxD3qEPmjOFJdtY5k8N4bOZWhKtbEkQmPM995/GS3gTwsVYgSz5h tyrSd39pCM8plyHN6tabi6JhUl02NdhlZMOLr3B9wOD/sd+DALI73MIkLO3doT8p/x dY3Ghzra76JILAEuTXwb2mylLKIAhaP6pNR/oW8sSzqbLt1yhZOdYWxUWSuA2uf7mo safongD8y7EmQ== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:34 +0100 Subject: [PATCH net 6/9] sctp: sysctl: auth_enable: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-6-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1647; i=matttbe@kernel.org; h=from:subject:message-id; bh=GtD13rz6CUq4cx2jxPDigJz1ycwU6vRnNISdtqEgmsk=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjb7qb1AcTm3VoJxHCWqJ24AOe8+8WyLgkf UMdW7nFiy2JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c1h8D/0Q/ESUg8goIbYyWiYTOKiDMMAKoIny5mVEwBGkzXzB/rd4jpLvV9ls8nk42pXOBSBnu/P L2bq7QEDA4uI1C7nkdZMHgcRyHAhcNBz0L+rzAjpFkqGqrnFWDPTXBdgC/rlTh4Ue2JXfhMDwCU /wC6fGxjqIMh3EUCow7WyIwQGD5pboo4YzIlhJpr9B24IfBKVVAwdttZnl44tCEGbCn0ydbdamF d1ZEPSveXA5klTqYfIK8DwGKbNdxcfZBZ7nIukr6GxY4iVghQAD88Gv0ZNqoKeXvNa+VIjiWJNb ZFMjZ68tmsK9pN7E5qgdovWywRFeKruhzRHb2jFoA2Oh0kw0Ra0B20Zx0gxY/6H8SEOkP1q4vbh UOvFsGecDlWR+uIPG2gZfMwRY8ouRMtVV1NbMbOC4SshSKbxnBuZ759oLXHhod246VwVo882V0r Mp1gWQBFJwIDdQglORaBtNGmmTNeO07nGrSxoacbi8BXU4dqDolZtVWOv0La+xz0ANvZy1LmIwS wDcgv5kyIJQyGiMeZv1QfbDpfnJ8IgTgMlOVqTLlUvnV1AA9bPi4Ei6/W74OB4yZo+CU2wjq4xr 2aQdFkwRu8GryNoS+HQLTEW2sdp2/r+aUX6A6qhnfVeotKZp9+yRaUjSBi/5BhJXpo4Q+kLboNV UFhuuiYfMqhzJWw== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. Fixes: b14878ccb7fa ("net: sctp: cache auth_enable per endpoint") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/sctp/sysctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index a5285815264dfa9d88d1d71244f309448e97a506..9d29611621feaf0d2e8d7c923601ab374515563b 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -499,7 +499,7 @@ static int proc_sctp_do_alpha_beta(const struct ctl_table *ctl, int write, static int proc_sctp_do_auth(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, sctp.auth_enable); struct ctl_table tbl; int new_value, ret; From patchwork Wed Jan 8 15:34:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931188 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2323192D66; Wed, 8 Jan 2025 15:35:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350544; cv=none; b=F/DjITWp5s/GPAWnzsnrHmhzL/20B5/1OOGKtXRpd9cHJgUwBVnq/jGHG0n2UQCTeVO5TOsltiUDEF8lo7Q9scyQ/iTK9xqx7DbflS/JJG717AGnJYjC69Jk82Ek9L3Ixym+nhxSz3xFLs/vo3CzbIXv/FuMlUHN+q8y1kEZ/u0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350544; c=relaxed/simple; bh=yu42qnw1nNAsokR/WO64E0Ffx8R6+FXxDkFWZffqNA0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TJDr5wxubLWoph38b9S1ZD7nhauzq/9RAVZ1FIOd8FBhWX9B504k2rHboHe4ovANUnBHmIbjoXiHcOBcvSTwXlpmGUG3j1UGTmq2Q30dj51+Xl3a+LEe7LPZVT5lt60OSCdWvHKedmDSQ8/AwbGX9Sp8pHDbFamTI1VneuOSo4w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hjQKbcpj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hjQKbcpj" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3634DC4CEE3; Wed, 8 Jan 2025 15:35:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350544; bh=yu42qnw1nNAsokR/WO64E0Ffx8R6+FXxDkFWZffqNA0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hjQKbcpjwC12EhLPftrMJQyB2ZRcxVmnP73gHYwli7DGvFiLKFF4ztm3Qfa7RBeoE f4fR7oGeqvmmPo8wRcpQonWNmC9sLCrUvs3zrBSf9hzm+FnO/WRvApT+qLSsaj51Dy LsngVqqhfOCU4twJF8BRn/PnlskZBjWDJFY50Ku061lBMSupMaSLDzAV2TRatf+h4/ 1IpwyTMUNyqpmNGTqD//0vYJut2PkOr/FS1HjL+M57VbUNDJt1bL3CraqXghTAFcKE 82/1DLTnyE1h5ggFIPqR1CU0wthw35yoyjq/lGcaS0LIEu4MjTJ7SaRVFKctiToDNv dIOaC7ISrM8Lg== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:35 +0100 Subject: [PATCH net 7/9] sctp: sysctl: udp_port: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-7-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1708; i=matttbe@kernel.org; h=from:subject:message-id; bh=yu42qnw1nNAsokR/WO64E0Ffx8R6+FXxDkFWZffqNA0=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjteJFxAGcvm3BfPK4WDy8tgZSdrpA0YYGu dt2TbToOKKJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c5oUD/4yBuIMw9JQg42vpGQrv/esWRLzvypsiMX91nZrH1Hlm7Tj/d39nXjqe25DRSGQL/Wx0re 5se7ItBbXQ3W0yKK9ER4EyE0Zrgec1W1ZcCsN5kA9hCCvuo0LHhxwJQBa+S0WT9+GBNUovMtqqt 0JIqQ4IB6raPkgYJcwK2YEeDjDtDTWHPZdY+PNqFkv92FT/bF+6TDjBlritqSGa06a90JJ8Re0x fh/LwhnHNUpOxj6JsI+tO6V+KwVuBt/w/Z8fXzkRKdC04Cj/8PyPGH36/KDtefXpLWWJXsWL1t9 yOuCcmCLTZ0ScNFfTiFrgKpqDBi/taP33tGTPGo1s9jXQ0FFx7h2KnBcbbNX0XZe7JZ0C1sLDhF egL0i7yhRlTW06MljLYBMXUuTjophlwjkK1HS7vKjyhMED9saU8tQpJiBwM9hdh85ncHrew5RSN ZnRj+m0dgDypwn82vh42d94sAZANfodeHvorNZ3CtQPiXS6fRbOXSam3IvzdabKbwc/qz+GC2+N xieMr0md0RosdGw4gT97jee+YeD8gYWaDHO7fd47DAglZVpl7O2cf98HgxPa4132I+DgK4Kr62Q YAntsAT45wb+sjXwVMsQsifnO0XWvaqY+OLPEIiIN8Q2BOs7WxOCFBYvkYD7KtzLE2V8u+1Etf+ tWWBA3uUnsbnJFw== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. Fixes: 046c052b475e ("sctp: enable udp tunneling socks") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/sctp/sysctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 9d29611621feaf0d2e8d7c923601ab374515563b..18fa4f44e8ec8c86f8415b1251ef8a2979c7f823 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -528,7 +528,7 @@ static int proc_sctp_do_auth(const struct ctl_table *ctl, int write, static int proc_sctp_do_udp_port(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, sctp.udp_port); unsigned int min = *(unsigned int *)ctl->extra1; unsigned int max = *(unsigned int *)ctl->extra2; struct ctl_table tbl; From patchwork Wed Jan 8 15:34:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931189 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D4F8192D66; Wed, 8 Jan 2025 15:35:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350550; cv=none; b=pQ9vEWHiSvFrJ8yPyQhBeeHOAaDQp1AxOUGZ2c8tdfEF/30nAbsIzNjE70Qz9MPyM00pjN1u7cfHaFGsNSgRy16+0sxdlh5xYrMiPTX42nwGzEoFwF4hxYzBXVj7gfzOVWs78e7YkisncNtxVPUrhV8B++ebCT5xaZXCN9sH+Kk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350550; c=relaxed/simple; bh=mlZQdwHebIpNYItwXgOB6fIb3H+q/rwlaNvaWmrUCp0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Nc6KIi3ni20Y2h895semvhjOrQffVyuR9H8H7uOswVVTgRxnSnI2RR899K1imfZKb0JjBWfZpVP7Q0smzWJNg5/eYjTgHsEY2DvxT5ihQI+YDh02ttt74/8M0P9JctQXHoT0nfJgDGuK/X4f4VPDq7uXZ+fF6nhJShtgJAPPwJc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ft2rBaGm; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ft2rBaGm" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BFA87C4CEDD; Wed, 8 Jan 2025 15:35:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350549; bh=mlZQdwHebIpNYItwXgOB6fIb3H+q/rwlaNvaWmrUCp0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ft2rBaGmWGwjHOuawnbWCzVbrc6HEv5s7wTbPshkn5ymzI2TjOP5c3WjPAKJXGVuS dWkTY3EqsoYhgI1RqmJYmxuu61Q893gkYflc8UonbetimwUWZcO7cUMUmNja9aLSPb 2b16I7amCi9x0vZu8Sc4dlcAGl6Cf02RyLFFCj2MBJuHEzUshQKTh6vGZio60Qo/PE 6IygesGE5K487f7RFS++E9bQITiygQ0B0k4SaSMUXgxIt/dmU4zs89vKsYzhVcgj3l ppZxAZqlmGo53O3Gl8bPdNSUebG5UH0LxbHUOuV/pW701IeHr0tKQmsOYOfwnHAQ+O vOZCAJf662FQw== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:36 +0100 Subject: [PATCH net 8/9] sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-8-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1744; i=matttbe@kernel.org; h=from:subject:message-id; bh=mlZQdwHebIpNYItwXgOB6fIb3H+q/rwlaNvaWmrUCp0=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjJ4HDkogKorT9L2En4dE4/eoq5wRMAUMX8 XcyRyZziQuJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c5MxD/0UlJL1Vxt2/RFbALPdO8hQ83HfKXTCikWNSpxu/Q8B7RYAC8Vp28XV4/dqXH9t/wxsgjo 54qWRgFINZ/v3CX5weT0TNhoUe3VyVB5Tam9GtX80/5PViZs7+l/UMYN5hzrGliITiup2ScRPW4 QOqTRAujq1/E4rIsw8w2wfSkHo+xpVNgs1qWIXIVB6+7fN0v7jMGsoj4XZHkvT/AWyIiOW/e9VY gwQDgEC0V4S3wBjJodyol5J58HWPbc3RWfOfwy8ILVJsW++47g5Mxm1LUrjpjXjXfn9BYpDu92/ KfS2HDiSJbjlMJS6gPIKdcqmNzMFwYrRbk7Ws0um8HE9nyD4AaWEij7e1tyJAfEfsStzQCT5TDh QagYdQSa5nwM3gyYua3dYmyQ+FeXTUPMqYhz1aSdQLrziyqszXmgsfhvzlxzIT0WnF3r3AKzmTk YE26nMUouupRs+Hm7IZjBEga/3GYB131QMqi+n7CuJF6yzviBWqTC7FT/C92jZq7eXX2wqwZvkJ M2bVWAlqOGXdLuOGK9nninX97e5wBU0eCBuYADm04VbOfVdGUzTgVh1dCCjX+ZqiX2otFVaPFAn r4IqW/2cRNUR5CKbRXtSp2Nz2T6KHWhHJkiofFUgocGsE8B5ten9kPgG3qJvvzFDuWlsYBppxKT spVRKA7ZQVqdDMg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.probe_interval' is used. Fixes: d1e462a7a5f3 ("sctp: add probe_interval in sysctl and sock/asoc/transport") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/sctp/sysctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 18fa4f44e8ec8c86f8415b1251ef8a2979c7f823..8e1e97be4df79f3245e2bbbeb0a75841abc67f58 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -569,7 +569,8 @@ static int proc_sctp_do_udp_port(const struct ctl_table *ctl, int write, static int proc_sctp_do_probe_interval(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net = current->nsproxy->net_ns; + struct net *net = container_of(ctl->data, struct net, + sctp.probe_interval); struct ctl_table tbl; int ret, new_value; From patchwork Wed Jan 8 15:34:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13931190 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5AA11FE454; Wed, 8 Jan 2025 15:35:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350556; cv=none; b=gPxvllgRzzjRkcqWjIXjsHRU1Z3Rj5g1W+1RA/8BZk55k+baoXwitsbgFuqIjVGm2UkdVPQGCxcwmKm2Ph1uqS2b1hYBgvm1RAc9rVi3GM25neLDvcYLE1feftMyvUNeyZcZekc7lsIkqwsgnH8om3h3Ez10/ThPGyyoIO8cq1U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736350556; c=relaxed/simple; bh=6UzWyJD5k/BZPXrLXm62UJznPkVz16sX1azoNHjlPRY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=i2CvX1/HLf1lmDrLl9hwAtK9xP0esP7zkTzw2vQ0gJZn2eNB1AMCy3CPZfeHSWZPIGMZtWMPC7tFOHCWeXoR+GqVQEfUe++zg/P1NPoNc2B08PyNo3a04ZvdlvFiSGjUyJ0Bc/jffZeukWbWIgnDx+5yA/Dd6AGzshqX8j1cjdo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TCFD0GKG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TCFD0GKG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52193C4CEE0; Wed, 8 Jan 2025 15:35:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736350555; bh=6UzWyJD5k/BZPXrLXm62UJznPkVz16sX1azoNHjlPRY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=TCFD0GKGpQBqKBoeYZA6miC+mu2aq73PDaKOCZjJth0ZikHkjSJDZvpFewT5H9c5S 8qT7BAgjGA2IaDy5pxygjx3wYZWmqeK38Uv+l+mvbRiXsTQ9AbTdvifLdJZnNtqDSJ +jdnJ8gA6q+MtBv4VJnFIMcjkP89E7AtMQzCOaKCsgMX9kKfoEECVhgPIL1S2DhttN 5nMacj0+39+FWpiOoWXMFupRK7PT2Zr3EuvuF15XnOwO3qFjc3Nl1iA0rEFaWGY/YB KB2xOpixtbQOhsTdrP8YhDs2wyfK7Mg69rBJxmnJxhKALksB13bbVEvGmxlbaw1fHU 7RKBbFBmUZMRg== From: "Matthieu Baerts (NGI0)" Date: Wed, 08 Jan 2025 16:34:37 +0100 Subject: [PATCH net 9/9] rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-9-5df34b2083e8@kernel.org> References: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> In-Reply-To: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Gregory Detal , Marcelo Ricardo Leitner , Xin Long , Vlad Yasevich , Neil Horman , wangweidong , Daniel Borkmann , Vlad Yasevich , Allison Henderson , Sowmini Varadhan , Al Viro Cc: Joel Granados , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3972; i=matttbe@kernel.org; h=from:subject:message-id; bh=6UzWyJD5k/BZPXrLXm62UJznPkVz16sX1azoNHjlPRY=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfpsjsigDTWjvabNfWuiC8vV+Sr7cw/S773XtG iutmd/3sLSJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ36bIwAKCRD2t4JPQmmg c9l0EACooxxFewKnetGy8rXlXDUsrRWWtWLgJDUUjg9nUQE/mSJf5BYxjHeesoggO+kYmd9l2WE 3TIIf8+yBwbG+eXhv+cAusbArYMFWgAmaa4vfS+D2YkqlqXZM9DxuqmCX9cGfyUiyZECtmAsFmE 5mLbQv2rCUyfQBf3HAn47Z4QViRUZEBFaFjbdNBQ4bmvB5EjxepiPJe5UuAZURzsety9E8J5wxX ZyqjTypLrHVY8L1HEs6YTC789QwlaQGYpy6TKr8c1ddeIvDUtom9d+7v7tJ2Jo0YxKtLFUoQRHS LjGrFCNl/+UaZcVHrk496VNoyULJ9G9F/mZRjQvgX3765oOMFWZ54LMdsXYbZnSkIxGkhJHxml1 pYjEaTewczrL/3v+/XbNFj/pliE1NsZiXYSp3b4ASbqPBaglD/yZGksaw2z2cSajApxgZxPayoD h/NcUQH3PrQLpB+5hcZcP11MQ/FlYeUf1TgILJ/Ae4legY1GCVNo3OWjd7/tzKh5Nq3d0wU3M+A rBKqIEVuU5q26LC4sgdSQNTFDErq3JBO5gsobQDUl84xeYXrtkfIahCRfFuj4t4qW2Sl5sYFRwF 3JcrTUfc5MnGOvX/ncuJ2ZiU2fGeIAg9FcoOn2YV6FBgRenlZdYsp0cjrMcxLadM61VRhf+sLyZ wBv58USMlMmb/fg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The per-netns structure can be obtained from the table->data using container_of(), then the 'net' one can be retrieved from the listen socket (if available). Fixes: c6a58ffed536 ("RDS: TCP: Add sysctl tunables for sndbuf/rcvbuf on rds-tcp socket") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) --- net/rds/tcp.c | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/net/rds/tcp.c b/net/rds/tcp.c index 351ac1747224a3a1c8b0e297ba53cdbbcbc55401..0581c53e6517043ad6c2ad4207b26ab169989ed8 100644 --- a/net/rds/tcp.c +++ b/net/rds/tcp.c @@ -61,8 +61,10 @@ static atomic_t rds_tcp_unloading = ATOMIC_INIT(0); static struct kmem_cache *rds_tcp_conn_slab; -static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write, - void *buffer, size_t *lenp, loff_t *fpos); +static int rds_tcp_sndbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos); +static int rds_tcp_rcvbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos); static int rds_tcp_min_sndbuf = SOCK_MIN_SNDBUF; static int rds_tcp_min_rcvbuf = SOCK_MIN_RCVBUF; @@ -74,7 +76,7 @@ static struct ctl_table rds_tcp_sysctl_table[] = { /* data is per-net pointer */ .maxlen = sizeof(int), .mode = 0644, - .proc_handler = rds_tcp_skbuf_handler, + .proc_handler = rds_tcp_sndbuf_handler, .extra1 = &rds_tcp_min_sndbuf, }, #define RDS_TCP_RCVBUF 1 @@ -83,7 +85,7 @@ static struct ctl_table rds_tcp_sysctl_table[] = { /* data is per-net pointer */ .maxlen = sizeof(int), .mode = 0644, - .proc_handler = rds_tcp_skbuf_handler, + .proc_handler = rds_tcp_rcvbuf_handler, .extra1 = &rds_tcp_min_rcvbuf, }, }; @@ -682,10 +684,10 @@ static void rds_tcp_sysctl_reset(struct net *net) spin_unlock_irq(&rds_tcp_conn_lock); } -static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write, +static int rds_tcp_skbuf_handler(struct rds_tcp_net *rtn, + const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *fpos) { - struct net *net = current->nsproxy->net_ns; int err; err = proc_dointvec_minmax(ctl, write, buffer, lenp, fpos); @@ -694,11 +696,34 @@ static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write, *(int *)(ctl->extra1)); return err; } - if (write) + + if (write && rtn->rds_tcp_listen_sock && rtn->rds_tcp_listen_sock->sk) { + struct net *net = sock_net(rtn->rds_tcp_listen_sock->sk); + rds_tcp_sysctl_reset(net); + } + return 0; } +static int rds_tcp_sndbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos) +{ + struct rds_tcp_net *rtn = container_of(ctl->data, struct rds_tcp_net, + sndbuf_size); + + return rds_tcp_skbuf_handler(rtn, ctl, write, buffer, lenp, fpos); +} + +static int rds_tcp_rcvbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos) +{ + struct rds_tcp_net *rtn = container_of(ctl->data, struct rds_tcp_net, + rcvbuf_size); + + return rds_tcp_skbuf_handler(rtn, ctl, write, buffer, lenp, fpos); +} + static void rds_tcp_exit(void) { rds_tcp_set_unloading();