[CRIU] [PATCH v3 2/5] net/sysctl: add sysctl_igmp_link_local_mcast_reports_safe check

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Thu Jul 21 09:00:15 PDT 2016



Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

----Пользователь Adrian Reber написал ----

> On Thu, Jul 21, 2016 at 05:55:10PM +0300, Pavel Emelyanov wrote:
> > On 07/18/2016 11:45 AM, Pavel Tikhomirov wrote:
> > > 
> > > 
> > > On 07/15/2016 08:36 PM, Pavel Emelyanov wrote:
> > >> On 07/14/2016 04:51 PM, Pavel Tikhomirov wrote:
> > >>> In Linux v4.3 commit df2cf4a78e48 ("IGMP: Inhibit reports for local
> > >>> multicast groups") sysctl igmp_link_local_mcast_reports was introduced
> > >>> in ipv4_net_table.
> > >>>
> > >>> And in ipv4_net_table it's data was initialized to point on
> > >>> sysctl_igmp_llm_reports variable. That was so before commit
> > >>> 87a8a2ae65b7 ("igmp: Namespaceify igmp_llm_reports sysctl knob").
> > >>>
> > >>> So next it's data pointer is shifted to the offset of current
> > >>> netnamespace relative to init_net in ipv4_sysctl_init_net function.
> > >>> But that is completely wrong if variable is not net-namespaced, so we
> > >>> get random kernel address and can write/read to/from it one int, that
> > >>> can lead to memory corruption and crashes in random places in kernel.
> > >>>
> > >>> So conclusion is: we can not touch
> > >>> /proc/sys/net/ipv4/igmp_link_local_mcast_reports in v4.3-v4.5 between
> > >>> those two patches.
> > >>>
> > >>> https://bugzilla.redhat.com/show_bug.cgi?id=1352177
> > >>
> > >> This looks like a workaround for a known and fixed bug in the kernel
> > >> which is not criu-specific. Is it? If so, I don't see much point in
> > >> the patch, if someone drives into this problem, we just suggest one
> > >> to add the fixing patch to kernel.
> > > 
> > > Ok but that mean criu will make F23 crash as latest kernel there is 
> > > 4.5.7-202.fc23. Men from redhat seem do not want to fix it in F23.
> > 
> > I see.
> > 
> > I don't want to introduce the kernel version checker just for this
> > little problem. What if we make config option that doesn't C/R
> > this sysctl that will only be turned on by Fedora? Adrian, what
> > do you think?
> 
> The latest F23 kernel seems to be 4.6.4 since two days:
> 
> https://bodhi.fedoraproject.org/updates/FEDORA-2016-784d5526d8
> 
> This should fix the described problems, right?

Yes 4.6 is a fix, I should have somehow missed these update.

> 
> 		Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160721/43bb85c5/attachment-0001.html>


More information about the CRIU mailing list