[CRIU] [PATCH 0/4] c/r non-dev net syctls
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Jul 13 07:51:15 PDT 2016
Ok I found the problem:
In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local
multicast groups") sysctl igmp_link_local_mcast_reports was introduced
in ipv4_net_table.
And in ipv4_net_table it's data was initialized to point on
sysctl_igmp_llm_reports variable. That was so before commit 87a8a2ae65b7
("igmp: Namespaceify igmp_llm_reports sysctl knob").
So next it's data pointer is shifted to the offset of current
netnamespace relative to init_net in ipv4_sysctl_init_net function. But
that is completely wrong if variable is not net-namespaced, so we get
random kernel address and can write/read to/from it one int, that can
lead to memory corruption and crashes in random places in kernel.
So conclusion is: we can not touch
/proc/sys/net/ipv4/igmp_link_local_mcast_reports in v4.3-v4.5 between
those two patches. So we need to drop its c/r and test if kernel is
pre-v4.6.
to @xemul: I do not know another way to check if the sysctl is alright
except checking kernel version, is that acceptable?
Simple reproduction:
while :; do unshare -n echo 1999999 >
/proc/sys/net/ipv4/igmp_link_local_mcast_reports; done
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the CRIU
mailing list