[Devel] [PATCH rh7 1/2] ve: forbid to attach to a ve cgroup w/o id

Vladimir Davydov vdavydov at parallels.com
Wed Jun 24 05:33:09 PDT 2015 

vzctl used to attach itself to a ve, create a net namespace, and only
then assign an id to the ve (it must be fixed by now). As a result venet
net init method was run on a ve w/o id, which it was not prepared for.
As a result, we would get a bug:

  general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
  CPU: 1 PID: 4288 Comm: vzlist ve: 0 Not tainted 3.10.0-dirty #250 ovz.5.17
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014
  task: ffff8800b691a590 ti: ffff880133064000 task.ti: ffff880133064000
  RIP: 0010:[<ffffffff814fa63f>]  [<ffffffff814fa63f>] veaddr_seq_print+0x5e/0xa1
  RSP: 0018:ffff880133067df0  EFLAGS: 00010207
  RAX: ffff8800ba2de3b0 RBX: 6b6b6b6b6b6b6b33 RCX: 00000000b6912422
  RDX: 6b6b6b6b6b6b6b6b RSI: ffffffff81cd4358 RDI: 0000000000000001
  RBP: ffff880133067e30 R08: 0000000000000004 R09: 00021a0cc402a39c
  R10: ffff880133067d68 R11: 0000000000000000 R12: ffff8800ba2de390
  R13: ffff880133186910 R14: ffff880133186910 R15: ffff8800aff36100
  FS:  00007fd62aa37bc0(0000) GS:ffff88013a800000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007fd62941ce60 CR3: 0000000135f55000 CR4: 00000000000406e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  Stack:
   ffff880133186910 ffff880133067e20 0000000000000246 ffff880133186910
   ffffffff81c3fa80 ffff880133186910 ffffffff81c3fa80 ffffffff814fa5e1
   ffff880133067e60 ffffffff810a2c9a 0000019281c40680 0000000000000000
  Call Trace:
   [<ffffffff814fa5e1>] ? veip_start+0x69/0x69
   [<ffffffff810a2c9a>] veinfo_seq_show+0xfd/0x16e
   [<ffffffff811751c6>] seq_read+0x179/0x349
   [<ffffffff811af579>] proc_reg_read+0x5d/0x76
   [<ffffffff811573e2>] vfs_read+0xaf/0xf3
   [<ffffffff81157af0>] SyS_read+0x50/0x79
   [<ffffffff8173ce02>] system_call_fastpath+0x16/0x1b

Let's introduce protection against this misbehavior in kernel and forbid
to attach to a ve cgroup w/o id.

https://jira.sw.ru/browse/PSBM-34450

Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 kernel/ve/ve.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index ff5a29343b29..8bbba1f7f6cb 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -715,6 +715,9 @@ static int ve_can_attach(struct cgroup *cg, struct cgroup_taskset *tset)
 	struct ve_struct *ve = cgroup_ve(cg);
 	struct task_struct *task;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	if (ve->is_locked)
 		return -EBUSY;
 
-- 
2.1.4

More information about the Devel mailing list