[Devel] [PATCH RHEL7 COMMIT] ve: forbid to attach to a ve cgroup w/o id

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jun 24 07:14:38 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.17
------>
commit 953920fab255292f82b1de96c5f6a5873d0e6069
Author: Vladimir Davydov <vdavydov at parallels.com>
Date:   Wed Jun 24 18:14:38 2015 +0400

    ve: forbid to attach to a ve cgroup w/o id
    
    vzctl used to attach itself to a ve, create a net namespace, and only
    then assign an id to the ve (it must be fixed by now). As a result venet
    net init method was run on a ve w/o id, which it was not prepared for.
    As a result, we would get a bug:
    
      general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
      CPU: 1 PID: 4288 Comm: vzlist ve: 0 Not tainted 3.10.0-dirty #250 ovz.5.17
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014
      task: ffff8800b691a590 ti: ffff880133064000 task.ti: ffff880133064000
      RIP: 0010:[<ffffffff814fa63f>]  [<ffffffff814fa63f>] veaddr_seq_print+0x5e/0xa1
      RSP: 0018:ffff880133067df0  EFLAGS: 00010207
      RAX: ffff8800ba2de3b0 RBX: 6b6b6b6b6b6b6b33 RCX: 00000000b6912422
      RDX: 6b6b6b6b6b6b6b6b RSI: ffffffff81cd4358 RDI: 0000000000000001
      RBP: ffff880133067e30 R08: 0000000000000004 R09: 00021a0cc402a39c
      R10: ffff880133067d68 R11: 0000000000000000 R12: ffff8800ba2de390
      R13: ffff880133186910 R14: ffff880133186910 R15: ffff8800aff36100
      FS:  00007fd62aa37bc0(0000) GS:ffff88013a800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007fd62941ce60 CR3: 0000000135f55000 CR4: 00000000000406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      Stack:
       ffff880133186910 ffff880133067e20 0000000000000246 ffff880133186910
       ffffffff81c3fa80 ffff880133186910 ffffffff81c3fa80 ffffffff814fa5e1
       ffff880133067e60 ffffffff810a2c9a 0000019281c40680 0000000000000000
      Call Trace:
       [<ffffffff814fa5e1>] ? veip_start+0x69/0x69
       [<ffffffff810a2c9a>] veinfo_seq_show+0xfd/0x16e
       [<ffffffff811751c6>] seq_read+0x179/0x349
       [<ffffffff811af579>] proc_reg_read+0x5d/0x76
       [<ffffffff811573e2>] vfs_read+0xaf/0xf3
       [<ffffffff81157af0>] SyS_read+0x50/0x79
       [<ffffffff8173ce02>] system_call_fastpath+0x16/0x1b
    
    Let's introduce protection against this misbehavior in kernel and forbid
    to attach to a ve cgroup w/o id.
    
    https://jira.sw.ru/browse/PSBM-34450
    
    Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 kernel/ve/ve.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index ff5a293..8bbba1f 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -715,6 +715,9 @@ static int ve_can_attach(struct cgroup *cg, struct cgroup_taskset *tset)
 	struct ve_struct *ve = cgroup_ve(cg);
 	struct task_struct *task;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	if (ve->is_locked)
 		return -EBUSY;

More information about the Devel mailing list