[Devel] [VZ10 03/21] ve: Fix obvious null dereferences when !CONFIG_VE
Vladimir Riabchun
vladimir.riabchun at virtuozzo.com
Thu May 7 22:10:15 MSK 2026
A fix is needed when:
1. get_exec_env() is dereferenced without check
2. No prior !ve_is_super(get_exec_env()) check (false when !CONFIG_VE)
3. Not guarded by CONFIG_VE
cgroup.c has no such bug, but it uses spaces instead of tabs.
Fix this awful mistake while there.
https://virtuozzo.atlassian.net/browse/VSTOR-130116
Feature: !CONFIG_VE build
Signed-off-by: Vladimir Riabchun <vladimir.riabchun at virtuozzo.com>
---
fs/file.c | 1 +
fs/nfs/fs_context.c | 2 +-
fs/nfsd/nfs4recover.c | 4 ++++
fs/nfsd/nfsctl.c | 2 +-
fs/super.c | 4 ++++
kernel/cgroup/cgroup.c | 6 +++---
net/sunrpc/rpc_pipe.c | 2 +-
7 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/fs/file.c b/fs/file.c
index 9da71ab9977a..3b2a2daa02b0 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -674,6 +674,7 @@ struct file *file_close_fd_locked(struct files_struct *files, unsigned fd)
if (unlikely(fd * 2 >= fdt->max_fds &&
fd > (1024 / sizeof(struct file *))) &&
get_exec_env() != get_ve0() &&
+ get_exec_env() != NULL &&
get_exec_env()->is_pseudosuper)
expand_files(files, fd, true);
diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
index 25c3162565d8..23ee2be3dc6c 100644
--- a/fs/nfs/fs_context.c
+++ b/fs/nfs/fs_context.c
@@ -1592,7 +1592,7 @@ static int nfs_init_fs_context(struct fs_context *fc)
{
struct nfs_fs_context *ctx;
- if (!(get_exec_env()->features & VE_FEATURE_NFS))
+ if (!(get_exec_env() && get_exec_env()->features & VE_FEATURE_NFS))
return -ENODEV;
ctx = kzalloc(sizeof(struct nfs_fs_context), GFP_KERNEL);
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 563bac6305d7..cea49c678665 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -1887,7 +1887,11 @@ nfsd4_umh_cltrack_init(struct net *net)
struct net *ve_net;
rcu_read_lock();
+#ifdef CONFIG_VE
ve_net = rcu_dereference(get_exec_env()->ve_nsproxy)->net_ns;
+#else
+ ve_net = &init_net;
+#endif
if (!net_eq(net, ve_net)) {
rcu_read_unlock();
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index c48d76402a72..e6ec3341b40e 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1417,7 +1417,7 @@ static const struct fs_context_operations nfsd_fs_context_ops = {
static int nfsd_init_fs_context(struct fs_context *fc)
{
- if (!(get_exec_env()->features & VE_FEATURE_NFSD))
+ if (!(get_exec_env() && get_exec_env()->features & VE_FEATURE_NFSD))
return -ENODEV;
put_user_ns(fc->user_ns);
diff --git a/fs/super.c b/fs/super.c
index 2c266c869312..1adebbf35803 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -770,7 +770,11 @@ struct super_block *sget_fc(struct fs_context *fc,
struct super_block *s = NULL;
struct super_block *old;
struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns;
+#ifdef CONFIG_VE
struct cred *cred = get_exec_env()->init_cred;
+#else
+ struct cred *cred = &init_cred;
+#endif
int err;
/*
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 932414b882dd..e32589e2f305 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -4793,9 +4793,9 @@ static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
if (!ve_is_super(get_exec_env())
&& test_bit(CGRP_VE_ROOT, &cgrp->flags)
- && !get_exec_env()->is_pseudosuper
- && !(cft->flags & CFTYPE_VE_WRITABLE))
- return -EPERM;
+ && !get_exec_env()->is_pseudosuper
+ && !(cft->flags & CFTYPE_VE_WRITABLE))
+ return -EPERM;
if (cft->write)
return cft->write(of, buf, nbytes, off);
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 2fcf10fc4bcd..208de401ea9b 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -1437,7 +1437,7 @@ static const struct fs_context_operations rpc_fs_context_ops = {
static int rpc_init_fs_context(struct fs_context *fc)
{
- if (!(get_exec_env()->features & VE_FEATURE_NFSD))
+ if (!(get_exec_env() && get_exec_env()->features & VE_FEATURE_NFSD))
return -ENODEV;
put_user_ns(fc->user_ns);
--
2.43.0
More information about the Devel
mailing list