[Devel] [PATCH vz10 2/7] fs/kernfs, ve: skip NULL ve_perms_map in kernfs_perms_shown

Vasileios Almpanis vasileios.almpanis at virtuozzo.com
Tue Jun 30 14:00:23 MSK 2026


On 6/29/26 7:14 PM, Pavel Tikhomirov wrote:
> Maybe there something specific about this kn with NULL ve_perms_map? Why didn't
> we crash all other the place before?
>
> AFAICS, kernfs_add_one -> kernfs_get_ve_perms always sets non-NULL ve_perms_map for each kn.
Yes but only assuming that kmapset_new called in kernfs_get_ve_perms 
doesn't return ENOMEM which is not propagated to kernfs_add_on since 
kernfs_get_ve_perms returns void.
> On 6/28/26 11:26, Mirian Shilakadze wrote:
>> The seq read of ve.sysfs_permissions walks every sysfs node and calls
>> kernfs_perms_shown(), which feeds kn->ve_perms_map to kmapset_lookup() and
>> reads ->default_value with no NULL check. A node whose ve_perms_map is NULL
>> crashes the read (RDI and CR2 are 0, kmapset_lookup() derefs the NULL map
>> at offset 0x20):
>>
>>    BUG: kernel NULL pointer dereference, address: 0000000000000020
>>    #PF: supervisor read access in kernel mode
>>    #PF: error_code(0x0000) - not-present page
>>    Oops: 0000 [#1] SMP NOPTI
>>    CPU: 82 UID: 0 PID: 10796 Comm: cat ve: 0 Tainted: G W 12.7 PREEMPT(full)
>>    RIP: 0010:kmapset_lookup+0x4/0x40
>>    RDX: 0000000000000000 RSI: ff2eb351033adf88 RDI: 0000000000000000
>>    CR2: 0000000000000020 CR3: 0000000c09658001 CR4: 0000000000f71ef0
>>    Call Trace:
>>     <TASK>
>>     ? kernfs_perms_start+0x60/0xd0
>>     ? page_fault_oops+0xbb/0x110
>>     ? exc_page_fault+0x8e/0x100
>>     ? asm_exc_page_fault+0x26/0x30
>>     ? kmapset_lookup+0x4/0x40
>>     kernfs_perms_start+0x60/0xd0
>>     kernfs_seq_start+0x74/0x110
>>     seq_read_iter+0xfe/0x480
>>     vfs_read+0x29f/0x370
>>     ksys_read+0x73/0xf0
>>     do_syscall_64+0x92/0x180
>>     entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>     </TASK>
>>
>> Return false for such nodes. kernfs_perms_show() only ever sees nodes that
>> kernfs_perms_shown() accepted, so guarding it here is enough.
>>
>> https://virtuozzo.atlassian.net/browse/VSTOR-136541
>> Fixes: 008aa8b6ff0b ("ve/kernfs: add new interface to control per-VE nodes visibility")
>> Signed-off-by: Mirian Shilakadze <mirian.shilakadze at virtuozzo.com>
>> ---
>>   fs/kernfs/ve.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/fs/kernfs/ve.c b/fs/kernfs/ve.c
>> index beaa278b014e..f357ebb907f1 100644
>> --- a/fs/kernfs/ve.c
>> +++ b/fs/kernfs/ve.c
>> @@ -146,6 +146,8 @@ static struct kernfs_node *kernfs_next_recursive(struct kernfs_node *kn)
>>   static bool kernfs_perms_shown(struct ve_struct *ve, struct kernfs_node *kn,
>>   			       struct kmapset_key *key)
>>   {
>> +	if (!kn->ve_perms_map)
>> +		return false;
>>   	if (ve_is_super(ve))
>>   		return kn->ve_perms_map->default_value != 0;
>>   	return kmapset_lookup(kn->ve_perms_map, key) != NULL;

-- 
Best regards, Vasileios Almpanis
Software Developer, Virtuozzo.



More information about the Devel mailing list