[CRIU] [PATCH v3 2/5] net/sysctl: add sysctl_igmp_link_local_mcast_reports_safe check

Pavel Emelyanov xemul at virtuozzo.com
Thu Jul 21 07:55:10 PDT 2016 

On 07/18/2016 11:45 AM, Pavel Tikhomirov wrote:
> 
> 
> On 07/15/2016 08:36 PM, Pavel Emelyanov wrote:
>> On 07/14/2016 04:51 PM, Pavel Tikhomirov wrote:
>>> In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local
>>> multicast groups") sysctl igmp_link_local_mcast_reports was introduced
>>> in ipv4_net_table.
>>>
>>> And in ipv4_net_table it's data was initialized to point on
>>> sysctl_igmp_llm_reports variable. That was so before commit
>>> 87a8a2ae65b7 ("igmp: Namespaceify igmp_llm_reports sysctl knob").
>>>
>>> So next it's data pointer is shifted to the offset of current
>>> netnamespace relative to init_net in ipv4_sysctl_init_net function.
>>> But that is completely wrong if variable is not net-namespaced, so we
>>> get random kernel address and can write/read to/from it one int, that
>>> can lead to memory corruption and crashes in random places in kernel.
>>>
>>> So conclusion is: we can not touch
>>> /proc/sys/net/ipv4/igmp_link_local_mcast_reports in v4.3-v4.5 between
>>> those two patches.
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1352177
>>
>> This looks like a workaround for a known and fixed bug in the kernel
>> which is not criu-specific. Is it? If so, I don't see much point in
>> the patch, if someone drives into this problem, we just suggest one
>> to add the fixing patch to kernel.
> 
> Ok but that mean criu will make F23 crash as latest kernel there is 
> 4.5.7-202.fc23. Men from redhat seem do not want to fix it in F23.

I see.

I don't want to introduce the kernel version checker just for this
little problem. What if we make config option that doesn't C/R
this sysctl that will only be turned on by Fedora? Adrian, what
do you think?

-- Pavel

>>
>>> https://jira.sw.ru/browse/PSBM-48397
>>>
>>> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>>> ---
>>>  criu/include/kerndat.h |  1 +
>>>  criu/kerndat.c         | 40 ++++++++++++++++++++++++++++++++++++++++
>>>  2 files changed, 41 insertions(+)
>>>
>>> diff --git a/criu/include/kerndat.h b/criu/include/kerndat.h
>>> index 0a5cd4b..9bd1625 100644
>>> --- a/criu/include/kerndat.h
>>> +++ b/criu/include/kerndat.h
>>> @@ -37,6 +37,7 @@ struct kerndat_s {
>>>  	bool has_compat_sigreturn;
>>>  	enum pagemap_func pmap;
>>>  	unsigned int has_xtlocks;
>>> +	bool sysctl_igmp_link_local_mcast_reports_safe;
>>>  };
>>>
>>>  extern struct kerndat_s kdat;
>>> diff --git a/criu/kerndat.c b/criu/kerndat.c
>>> index 04a355b..2a02678 100644
>>> --- a/criu/kerndat.c
>>> +++ b/criu/kerndat.c
>>> @@ -7,6 +7,7 @@
>>>  #include <sys/mman.h>
>>>  #include <errno.h>
>>>  #include <sys/syscall.h>
>>> +#include <sys/utsname.h>
>>>
>>>  #include "log.h"
>>>  #include "bug.h"
>>> @@ -460,6 +461,41 @@ static int kerndat_compat_restore(void)
>>>  	return 0;
>>>  }
>>>
>>> +static int kerndat_sysctl_igmp_link_local_mcast_reports_safe(void)
>>> +{
>>> +	int ret;
>>> +	struct utsname buf;
>>> +	char smajor[10], sminor[10];
>>> +	int major, minor;
>>> +
>>> +	kdat.sysctl_igmp_link_local_mcast_reports_safe = false;
>>> +
>>> +	ret = uname(&buf);
>>> +	if (ret) {
>>> +		pr_perror("Failed uname syscall");
>>> +		return 1;
>>> +	}
>>> +
>>> +	ret = sscanf(buf.release, "%[^'.'].%[^'.']", smajor, sminor);
>>> +	if (ret != 2) {
>>> +		pr_perror("Failed to parse major/minor from uname");
>>> +		return 1;
>>> +	}
>>> +
>>> +	major = atoi(smajor);
>>> +	minor = atoi(sminor);
>>> +
>>> +	if (!(major == 4 && minor >= 3 && minor <= 5))
>>> +		/*
>>> +		 * In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local multicast groups")
>>> +		 * buggy sysctl is added, it allows to write at random memory offsets from netns
>>> +		 * In Linux v4.6 commit 87a8a2ae65b7 ("igmp: Namespaceify igmp_llm_reports sysctl knob") it is fixed.
>>> +		 */
>>> +		kdat.sysctl_igmp_link_local_mcast_reports_safe = true;
>>> +
>>> +	return 0;
>>> +}
>>> +
>>>  int kerndat_init(void)
>>>  {
>>>  	int ret;
>>> @@ -485,6 +521,8 @@ int kerndat_init(void)
>>>  		ret = kerndat_iptables_has_xtlocks();
>>>  	if (!ret)
>>>  		ret = kerndat_compat_restore();
>>> +	if (!ret)
>>> +		ret = kerndat_sysctl_igmp_link_local_mcast_reports_safe();
>>>
>>>  	kerndat_lsm();
>>>
>>> @@ -516,6 +554,8 @@ int kerndat_init_rst(void)
>>>  		ret = kerndat_iptables_has_xtlocks();
>>>  	if (!ret)
>>>  		ret = kerndat_compat_restore();
>>> +	if (!ret)
>>> +		ret = kerndat_sysctl_igmp_link_local_mcast_reports_safe();
>>>
>>>  	kerndat_lsm();
>>>
>>>
>>
>

More information about the CRIU mailing list