[Devel] [PATCH vz10 2/7] fs/kernfs, ve: skip NULL ve_perms_map in kernfs_perms_shown

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Mon Jun 29 20:14:25 MSK 2026


Maybe there something specific about this kn with NULL ve_perms_map? Why didn't
we crash all other the place before?

AFAICS, kernfs_add_one -> kernfs_get_ve_perms always sets non-NULL ve_perms_map for each kn.

On 6/28/26 11:26, Mirian Shilakadze wrote:
> The seq read of ve.sysfs_permissions walks every sysfs node and calls
> kernfs_perms_shown(), which feeds kn->ve_perms_map to kmapset_lookup() and
> reads ->default_value with no NULL check. A node whose ve_perms_map is NULL
> crashes the read (RDI and CR2 are 0, kmapset_lookup() derefs the NULL map
> at offset 0x20):
> 
>   BUG: kernel NULL pointer dereference, address: 0000000000000020
>   #PF: supervisor read access in kernel mode
>   #PF: error_code(0x0000) - not-present page
>   Oops: 0000 [#1] SMP NOPTI
>   CPU: 82 UID: 0 PID: 10796 Comm: cat ve: 0 Tainted: G W 12.7 PREEMPT(full)
>   RIP: 0010:kmapset_lookup+0x4/0x40
>   RDX: 0000000000000000 RSI: ff2eb351033adf88 RDI: 0000000000000000
>   CR2: 0000000000000020 CR3: 0000000c09658001 CR4: 0000000000f71ef0
>   Call Trace:
>    <TASK>
>    ? kernfs_perms_start+0x60/0xd0
>    ? page_fault_oops+0xbb/0x110
>    ? exc_page_fault+0x8e/0x100
>    ? asm_exc_page_fault+0x26/0x30
>    ? kmapset_lookup+0x4/0x40
>    kernfs_perms_start+0x60/0xd0
>    kernfs_seq_start+0x74/0x110
>    seq_read_iter+0xfe/0x480
>    vfs_read+0x29f/0x370
>    ksys_read+0x73/0xf0
>    do_syscall_64+0x92/0x180
>    entry_SYSCALL_64_after_hwframe+0x76/0x7e
>    </TASK>
> 
> Return false for such nodes. kernfs_perms_show() only ever sees nodes that
> kernfs_perms_shown() accepted, so guarding it here is enough.
> 
> https://virtuozzo.atlassian.net/browse/VSTOR-136541
> Fixes: 008aa8b6ff0b ("ve/kernfs: add new interface to control per-VE nodes visibility")
> Signed-off-by: Mirian Shilakadze <mirian.shilakadze at virtuozzo.com>
> ---
>  fs/kernfs/ve.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/kernfs/ve.c b/fs/kernfs/ve.c
> index beaa278b014e..f357ebb907f1 100644
> --- a/fs/kernfs/ve.c
> +++ b/fs/kernfs/ve.c
> @@ -146,6 +146,8 @@ static struct kernfs_node *kernfs_next_recursive(struct kernfs_node *kn)
>  static bool kernfs_perms_shown(struct ve_struct *ve, struct kernfs_node *kn,
>  			       struct kmapset_key *key)
>  {
> +	if (!kn->ve_perms_map)
> +		return false;
>  	if (ve_is_super(ve))
>  		return kn->ve_perms_map->default_value != 0;
>  	return kmapset_lookup(kn->ve_perms_map, key) != NULL;

-- 
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.



More information about the Devel mailing list