[CRIU] [PATCH 0/4] c/r non-dev net syctls

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Wed Jul 13 08:38:36 PDT 2016 


On 07/13/2016 06:31 PM, Andrei Vagin wrote:
> On Wed, Jul 13, 2016 at 7:51 AM, Pavel Tikhomirov
> <ptikhomirov at virtuozzo.com> wrote:
>> Ok I found the problem:
>>
>> In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local
>> [avagin at laptop linux-task-diag]$ git describe 87a8a2ae65b7
> v4.5-rc2-377-g87a8a2a
> multicast groups") sysctl igmp_link_local_mcast_reports was introduced in
>> ipv4_net_table.
>>
>> And in ipv4_net_table it's data was initialized to point on
>> sysctl_igmp_llm_reports variable. That was so before commit 87a8a2ae65b7
>> ("igmp: Namespaceify igmp_llm_reports sysctl knob").
>>
>> So next it's data pointer is shifted to the offset of current netnamespace
>> relative to init_net in ipv4_sysctl_init_net function. But that is
>> completely wrong if variable is not net-namespaced, so we get random kernel
>> address and can write/read to/from it one int, that can lead to memory
>> corruption and crashes in random places in kernel.
>>
>> So conclusion is: we can not touch
>> /proc/sys/net/ipv4/igmp_link_local_mcast_reports in v4.3-v4.5 between those
>> two patches. So we need to drop its c/r and test if kernel is pre-v4.6.
>
> [avagin at laptop linux-task-diag]$ git describe 87a8a2ae65b7
> v4.5-rc2-377-g87a8a2a
>
> It was fixed in 4.5, wasn't it?

I don't think so:

git describe --contains 87a8a2ae65b7721893c7922f963502be8fa01c94
v4.6-rc1~91^2~279^2~1

[snorch at dhcp-10-30-24-224 linux]$ git log v4.5 --pretty=format:"%h %s" | 
grep 87a8a2a
[snorch at dhcp-10-30-24-224 linux]$

>
>>
>> to @xemul: I do not know another way to check if the sysctl is alright
>> except checking kernel version, is that acceptable?
>>
>> Simple reproduction:
>> while :; do unshare -n echo 1999999 >
>> /proc/sys/net/ipv4/igmp_link_local_mcast_reports; done
>>
>> --
>> Best regards, Tikhomirov Pavel
>> Software Developer, Virtuozzo.
>> _______________________________________________
>> CRIU mailing list
>> CRIU at openvz.org
>> https://lists.openvz.org/mailman/listinfo/criu

-- 
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

More information about the CRIU mailing list