[Devel] [PATCH vz10 2/7] fs/kernfs, ve: skip NULL ve_perms_map in kernfs_perms_shown
Mirian Shilakadze
mirian.shilakadze at virtuozzo.com
Sun Jun 28 12:26:00 MSK 2026
The seq read of ve.sysfs_permissions walks every sysfs node and calls
kernfs_perms_shown(), which feeds kn->ve_perms_map to kmapset_lookup() and
reads ->default_value with no NULL check. A node whose ve_perms_map is NULL
crashes the read (RDI and CR2 are 0, kmapset_lookup() derefs the NULL map
at offset 0x20):
BUG: kernel NULL pointer dereference, address: 0000000000000020
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
Oops: 0000 [#1] SMP NOPTI
CPU: 82 UID: 0 PID: 10796 Comm: cat ve: 0 Tainted: G W 12.7 PREEMPT(full)
RIP: 0010:kmapset_lookup+0x4/0x40
RDX: 0000000000000000 RSI: ff2eb351033adf88 RDI: 0000000000000000
CR2: 0000000000000020 CR3: 0000000c09658001 CR4: 0000000000f71ef0
Call Trace:
<TASK>
? kernfs_perms_start+0x60/0xd0
? page_fault_oops+0xbb/0x110
? exc_page_fault+0x8e/0x100
? asm_exc_page_fault+0x26/0x30
? kmapset_lookup+0x4/0x40
kernfs_perms_start+0x60/0xd0
kernfs_seq_start+0x74/0x110
seq_read_iter+0xfe/0x480
vfs_read+0x29f/0x370
ksys_read+0x73/0xf0
do_syscall_64+0x92/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
</TASK>
Return false for such nodes. kernfs_perms_show() only ever sees nodes that
kernfs_perms_shown() accepted, so guarding it here is enough.
https://virtuozzo.atlassian.net/browse/VSTOR-136541
Fixes: 008aa8b6ff0b ("ve/kernfs: add new interface to control per-VE nodes visibility")
Signed-off-by: Mirian Shilakadze <mirian.shilakadze at virtuozzo.com>
---
fs/kernfs/ve.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/kernfs/ve.c b/fs/kernfs/ve.c
index beaa278b014e..f357ebb907f1 100644
--- a/fs/kernfs/ve.c
+++ b/fs/kernfs/ve.c
@@ -146,6 +146,8 @@ static struct kernfs_node *kernfs_next_recursive(struct kernfs_node *kn)
static bool kernfs_perms_shown(struct ve_struct *ve, struct kernfs_node *kn,
struct kmapset_key *key)
{
+ if (!kn->ve_perms_map)
+ return false;
if (ve_is_super(ve))
return kn->ve_perms_map->default_value != 0;
return kmapset_lookup(kn->ve_perms_map, key) != NULL;
--
2.43.0
More information about the Devel
mailing list