[CRIU] [PATCH v3 2/5] net/sysctl: add sysctl_igmp_link_local_mcast_reports_safe check
Adrian Reber
areber at redhat.com
Thu Jul 21 08:18:07 PDT 2016
On Thu, Jul 21, 2016 at 05:55:10PM +0300, Pavel Emelyanov wrote:
> On 07/18/2016 11:45 AM, Pavel Tikhomirov wrote:
> >
> >
> > On 07/15/2016 08:36 PM, Pavel Emelyanov wrote:
> >> On 07/14/2016 04:51 PM, Pavel Tikhomirov wrote:
> >>> In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local
> >>> multicast groups") sysctl igmp_link_local_mcast_reports was introduced
> >>> in ipv4_net_table.
> >>>
> >>> And in ipv4_net_table it's data was initialized to point on
> >>> sysctl_igmp_llm_reports variable. That was so before commit
> >>> 87a8a2ae65b7 ("igmp: Namespaceify igmp_llm_reports sysctl knob").
> >>>
> >>> So next it's data pointer is shifted to the offset of current
> >>> netnamespace relative to init_net in ipv4_sysctl_init_net function.
> >>> But that is completely wrong if variable is not net-namespaced, so we
> >>> get random kernel address and can write/read to/from it one int, that
> >>> can lead to memory corruption and crashes in random places in kernel.
> >>>
> >>> So conclusion is: we can not touch
> >>> /proc/sys/net/ipv4/igmp_link_local_mcast_reports in v4.3-v4.5 between
> >>> those two patches.
> >>>
> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1352177
> >>
> >> This looks like a workaround for a known and fixed bug in the kernel
> >> which is not criu-specific. Is it? If so, I don't see much point in
> >> the patch, if someone drives into this problem, we just suggest one
> >> to add the fixing patch to kernel.
> >
> > Ok but that mean criu will make F23 crash as latest kernel there is
> > 4.5.7-202.fc23. Men from redhat seem do not want to fix it in F23.
>
> I see.
>
> I don't want to introduce the kernel version checker just for this
> little problem. What if we make config option that doesn't C/R
> this sysctl that will only be turned on by Fedora? Adrian, what
> do you think?
The latest F23 kernel seems to be 4.6.4 since two days:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-784d5526d8
This should fix the described problems, right?
Adrian
More information about the CRIU
mailing list