From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 132F918B463 for ; Tue, 7 Jan 2025 17:09:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269789; cv=none; b=qobEC7kaUXdRcXI6ob34R9WAsEQAfOUSdkooT2LRCfCz1GO+9MjJ+NtvP/nX1tBePO6rKqmp6SYlC4H0+l6cu+jewOMe61Dk/1k2nDD0IcFSBCMdsCvs6fsEuFR3jdq5MfHo5E2AjPhNsANGU39oYD9y23EDvbqhIEJvKR46m9E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269789; c=relaxed/simple; bh=YNsnG3ADZJamkUbdpaE8uWMY9uNqUDsFg7dIblUlRiw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kNp1RIjcuL9rdtyNHtI8i5TMZs6AHDHRP1GNQ43S3MaWjAcHgn1sEE+f8N93f2q3So8rzwY0WNxbLcgWVCzhxvtvYxDLZplIsZQUuNlB7HRn8Qjzz/5fLDDMMDLOsVVaK2XG4voZj5ue3mbNFP4T5wjDaZFwNFWHsRUjlskWMH8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=B65XMAdL; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="B65XMAdL" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E222C4CED6; Tue, 7 Jan 2025 17:09:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269788; bh=YNsnG3ADZJamkUbdpaE8uWMY9uNqUDsFg7dIblUlRiw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B65XMAdLxBLF3N5jiPlcqKQfFB8rPy+hCXzWtnyB0api30X/Fm587iVtPc4TKEv/h dhzf3ZOFqfzbGj5zsewfuZK8Uzgrl2szaQzdmQKqmcXKOnblKE0LZl+WwYWHY1QP9l zs6jRweJW9R6nhOMqLeT3WlEfSLp3k/L1ISSw7rI95heVcmzTCVue93dmZy7ExzZfZ MXbTg7UFEgjw5dYhOmD/xKjCultxnKmZwlWka8KcSwwV6TghSvuHhxvhsKlWOUegms kLsUYEGZG9dsS6QjvsRV+I1WR8zeuLTfTIQCfPVokpsJ1SMKch+AsdR0QtqtPL/APq qw2fNmgx1Hc0w== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:25 +0100 Subject: [PATCH mptcp-net 1/9] mptcp: sysctl: avail sched: remove write access Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-1-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=937; i=matttbe@kernel.org; h=from:subject:message-id; bh=YNsnG3ADZJamkUbdpaE8uWMY9uNqUDsFg7dIblUlRiw=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/aQq8G9lCB69F2jur9iNCdDfq8xe4Mz6OVc ystIH6F5NaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg czVHEACb56zAGKhzeIYQRYtou6smNZgn+N+KyFiDGkOuyqEJgLGvimLBFPDO97rCNC6Fq8jxESn TqpHdhkaoeQsn9/Kl4+qmprAMBzUHJR40hwaOj7macvIGmwmaggRooDOh6oJVcQ/uc4zmMbT5lY eDTjJPMOjk/YxBYhL+TUWdUJ51CRaXW1/AKglEJuJVO8ruAR6Q3fkOqAlYtJSE2tZfEByButBW1 2RTHPTGgPCkt0UJyMRwgKVh3Ygfm3QiIRssCU7oikzBHPnhZMztKVaWDr5daMe+ey8QKNaix80s GHdvt/IIDDXR+wK9p78T8sa1eoP8KlZZk3EQSTWGBT0nPEc9Vo4gqYqyvnXsu9oYdgHPpzdBD7z /csiwpTTu0d7mencLUk/O8aawKh8fjKY9jO50oFjQMVCLRBhIFmTgEACVrlqR1m4FOwgB0jd369 5VOLvxFGuL/84825gRh1R0w6C2xj69ClEwYjQusPeJR89aCmZ5f/ziPhrO4JOAlBwNn7zWHqwSu XfexUpkr7SMISq1Cora56Vx9xnFrdOoq7vLEo2age4WZheIEYHxw2N/NdLI+j/+Pg2AGcKkX4+L ogjlXdyU3l9bfuhAomdOMCmOZvD9ZSt0DYrpEobI5hnLtBy0nmoxpzqlw6icKQcgCfoNVXhw5Tq kjQwqypVtnxryqQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 'net.mptcp.available_schedulers' sysctl knob is there to list available schedulers, not to modify this list. There are then no reasons to give write access to it. Nothing would have been written anyway, but no errors would have been returned, which is unexpected. Fixes: 73c900aa3660 ("mptcp: add net.mptcp.available_schedulers") Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/mptcp/ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 38d8121331d4a981d4a60ebd8f6cd9482fc2b50c..d9b57fab2a13e64b6c8585e821e= d5212f59f8651 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -228,7 +228,7 @@ static struct ctl_table mptcp_sysctl_table[] =3D { { .procname =3D "available_schedulers", .maxlen =3D MPTCP_SCHED_BUF_MAX, - .mode =3D 0644, + .mode =3D 0444, .proc_handler =3D proc_available_schedulers, }, { --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A28918B463 for ; Tue, 7 Jan 2025 17:09:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269790; cv=none; b=oJW4ySZJd0ULrk3eaZuNa3VBqC3INUohGuPY57+VB9ij7hDHrYj/0acDfAZfoh3wPbsXTCZk1w8JO3I7r1b94eWI92rzEZKlVr5j5tVT+hXYg1sfhMKV9x6U4Tsj6tlzKRfeXtd7wmEf0OLq3w2mdJy83ceoSvnTQvXSBPGhXyA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269790; c=relaxed/simple; bh=kdyl867fMuPZoDrOImq5FUpYCNBMLD841FZqfsKL63w=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DPwOXXGwnTyPjnxnKgMfXe1OFCg9tspGvgsozlJkAZG5Pv/zFueKC4enSkBxzY+bMAL2Ggbcp/RjMPYq6Rj9ediuwYcDKuSKXRd4ouNga7lKaC86xgzeS99R85nUBC1f8n2SXwoZq0B/7j8JLKTIP+AS/gNqLVyLlzpDWBKHUvA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=urMvjR+H; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="urMvjR+H" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1B816C4CEDD; Tue, 7 Jan 2025 17:09:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269789; bh=kdyl867fMuPZoDrOImq5FUpYCNBMLD841FZqfsKL63w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=urMvjR+HSsTswg3INwYuDGSUFZBPcqSl9NbHvaFvSsJsGWrua0mewwAlNxQaizt17 pAZ8XoWNTHC96bWhJ0ORR3jsTwm5aPGUTWQMsf5ASeiTjNoV6fqh+zYbr2IlBeIPEE TWmV+CzV5F3hBMeX0iYi21CZ5Ez2+gUjf8QzvHEhYFVCyq6BK9whuCo2gGWVmAazn1 wTHIJWAXrPAtt8t1vcFYDEUVom0vm7uf5jDfO2vPg+WUMPvDBUTm53SMnhWXczm1Bs WnVirl4Lt2ZizR1jtxsmOw0Nny5XGlYxHZB1k/8TWxze1FL8MblPJykRb1Y23egSKy lLvLH60pItfJw== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:26 +0100 Subject: [PATCH mptcp-net 2/9] mptcp: sysctl: sched: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-2-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7947; i=matttbe@kernel.org; h=from:subject:message-id; bh=kdyl867fMuPZoDrOImq5FUpYCNBMLD841FZqfsKL63w=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/ahOlMZT+ToD4kOcKcc56wHknvUTILcI67C /Z4mKxVcTaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c1IfD/9cR13nGiUGwH3W+EdGg2CbLLEDU+dXpwJLbhKpV1sKmNAYD0ZhldN4WHtM3HX88HFDaIC NpOvNRPtC224GVu6vCp3iO/cd2G5yo/oyOHCygFU8ySoz3f09YfevduMNshT7pb/ZKGSWlO84+6 pojvVEgEdLV3DDZMvYxMsNuBCCktKihRAvZXOtkLHg7iHlF8tgLMmS7xbY3d9O/4HQz92ZcwQI0 kcC4JzwuF49sdKUgZb0tAE1bL3B6s52nNwGb55glYupErhJtFKCkgSm1pCzmWvqtO4X73aq9K9e ZK26uc1fc14+Ph37aj2LLG7f5BJKxicucbwZ6lU6leUYismpRagVl4XCj3OpRgLk2uOhNFQhvbr TpLJqwVCyfKlN/MM3Fqvom+uhHc4hMKjJW6knlX6hqdsLC/c/0G+b3+ur+tjCsdlZ6ZoWHNGNfk aVZpClAoc0O+4uQWVGBSsysifwGOYqkFijbz6HsVlbqca+nVjTGAOPKKDt6q1ACVYoj/P4s7v3J pJ33dlxSUd15x5pQNYjKblRXMGKn+lLZujZJAf0jaBFL/dDZZDJIlsPYjfrZYIN7E9Wvie+a0c9 kC/LzQoslzhMsb9azjHvN5Ysnd2e/Haa41xz+Y5pudnrD6mnjKbE3BsK0EHwqf6J8D6T8y35rwN lZ02NLHP2561TVw== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how the "generic" sysctl entries are doing: directly by only using pointers set to the table entry, e.g. table->data. Linked to that, the per-netns data should always be obtained from the table linked to the netns it had been created for, which may not coincide with the reader's or writer's netns. Another reason is that access to current->nsproxy->netns can oops if attempted when current->nsproxy had been dropped when the current task is exiting. This is what syzbot found, when using acct(2): Oops: general protection fault, probably for non-canonical address 0xdfff= fc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkall= er-00004-gccb98ccef0e5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 09/13/2024 RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 0= 0 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f= 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601 __kernel_write_iter+0x318/0xa80 fs/read_write.c:612 __kernel_write+0xf6/0x140 fs/read_write.c:632 do_acct_process+0xcb0/0x14a0 kernel/acct.c:539 acct_pin_kill+0x2d/0x100 kernel/acct.c:192 pin_kill+0x194/0x7c0 fs/fs_pin.c:44 mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81 cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366 task_work_run+0x14e/0x250 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 get_signal+0x2576/0x2610 kernel/signal.c:3017 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fee3cb87a6a Code: Unable to access opcode bytes at 0x7fee3cb87a40. RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7 R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500 R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 0= 0 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f= 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 5: 0f 85 fe 02 00 00 jne 0x309 b: 4d 8b a4 24 08 09 00 mov 0x908(%r12),%r12 12: 00 13: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1a: fc ff df 1d: 49 8d 7c 24 28 lea 0x28(%r12),%rdi 22: 48 89 fa mov %rdi,%rdx 25: 48 c1 ea 03 shr $0x3,%rdx * 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instru= ction 2d: 0f 85 cc 02 00 00 jne 0x2ff 33: 4d 8b 7c 24 28 mov 0x28(%r12),%r15 38: 48 rex.W 39: 8d .byte 0x8d 3a: 84 24 c8 test %ah,(%rax,%rcx,8) Here with 'net.mptcp.scheduler', the 'net' structure is not really needed, because the table->data already has a pointer to the current scheduler, the only thing needed from the per-netns data. Simply use 'data', instead of getting (most of the time) the same thing, but from a longer and indirect way. Fixes: 6963c508fd7a ("mptcp: only allow set existing scheduler for net.mptc= p.scheduler") Reported-by: syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com Closes: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/mptcp/ctrl.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index d9b57fab2a13e64b6c8585e821ed5212f59f8651..81c30aa02196d69c55799e5963f= 6591e416c8831 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -102,16 +102,15 @@ static void mptcp_pernet_set_defaults(struct mptcp_pe= rnet *pernet) } =20 #ifdef CONFIG_SYSCTL -static int mptcp_set_scheduler(const struct net *net, const char *name) +static int mptcp_set_scheduler(char *scheduler, const char *name) { - struct mptcp_pernet *pernet =3D mptcp_get_pernet(net); struct mptcp_sched_ops *sched; int ret =3D 0; =20 rcu_read_lock(); sched =3D mptcp_sched_find(name); if (sched) - strscpy(pernet->scheduler, name, MPTCP_SCHED_NAME_MAX); + strscpy(scheduler, name, MPTCP_SCHED_NAME_MAX); else ret =3D -ENOENT; rcu_read_unlock(); @@ -122,7 +121,7 @@ static int mptcp_set_scheduler(const struct net *net, c= onst char *name) static int proc_scheduler(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - const struct net *net =3D current->nsproxy->net_ns; + char (*scheduler)[MPTCP_SCHED_NAME_MAX] =3D ctl->data; char val[MPTCP_SCHED_NAME_MAX]; struct ctl_table tbl =3D { .data =3D val, @@ -130,11 +129,11 @@ static int proc_scheduler(const struct ctl_table *ctl= , int write, }; int ret; =20 - strscpy(val, mptcp_get_scheduler(net), MPTCP_SCHED_NAME_MAX); + strscpy(val, *scheduler, MPTCP_SCHED_NAME_MAX); =20 ret =3D proc_dostring(&tbl, write, buffer, lenp, ppos); if (write && ret =3D=3D 0) - ret =3D mptcp_set_scheduler(net, val); + ret =3D mptcp_set_scheduler(*scheduler, val); =20 return ret; } --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2306518B463 for ; Tue, 7 Jan 2025 17:09:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269791; cv=none; b=CJ7bo1xaO5cFHMpNBMidWVqG7T/IO0ECyNnxMhDaW6tWNpf5vH47wPlIyk5PM3pXjq0w4wIsfF0k+9F4wci/uOS53t8YZAHT/AwiPWs+Z1vFeYJuQrupDg3ODfMcb2NhuNzK70qyQjn7ioQfhzPkw8Mr4kEkV31xGEGdR4G+3uY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269791; c=relaxed/simple; bh=CVAOuun7mDL73b5my95jCYGy0JCOjOS9TvwRp02LlBg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=HykNVAMUB0tNFMz156oFxTw+45ie42CvookyKoAXqpYouz5bf3IlysA0ajfbVSXJeE+krRZnRrNcSiTThR8VQCDK9fqXeD7u74okRr4KqEvQ3NecJ8qww0cZ4LQqE/ON6mwDBbt/qlBHK5vlUfc0bHnYaWAZGjCGHet1phtc/qQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HTJ6vugv; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HTJ6vugv" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D2B4C4CEDE; Tue, 7 Jan 2025 17:09:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269790; bh=CVAOuun7mDL73b5my95jCYGy0JCOjOS9TvwRp02LlBg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HTJ6vugvCk9OVSVt+kbDhgSDZHZCUbH3F7hsQ6o6tksNCtyioCdWhUNOEYCQ1B2o0 Sc3eGaQQBj1Ml+uMJh3TZSlq3+wtUbdr5bRt0+SdsWY+/jRzKtKSc6CZYFcrJv29xr vdVWyBw3ukOHb/dBIIHvdQTN8wMnhjfTgP/o294Zr0IKwMueiuO4cM8XYIJI43C0dz LJCiqOxTUh94QswO2evCTxV7cejdQVvL/FnuZpnecelxCoMbwwt6rmdNYcZnNx8BcJ VZlgxxxGUa71r8M08a6fc07y/P2VqQ9kuA9K8iI/fcwr3BxjBLTOBBuZvuBC75KwtU n6yf0DHc2LcOw== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:27 +0100 Subject: [PATCH mptcp-net 3/9] mptcp: sysctl: blackhole timeout: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-3-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1488; i=matttbe@kernel.org; h=from:subject:message-id; bh=CVAOuun7mDL73b5my95jCYGy0JCOjOS9TvwRp02LlBg=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/akjtd1XMliggbob0/tleh/S3SjqxWmJWHM pmRE8Ug5dOJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c3XrD/9ThlkCL+NqYrU1zKquQCb5JxSRMQvxirzAOiW00iOWiNb6Rg77oUw7N8IrojORl+MOWQA hNKAfNiyn23qaYgZ8e0uu3Ilv13jBTh29ClLqwbQZgbLGuoUApZEkEoPHKQ6wn6f9aYBO1u/KTX FrsLtPOBd9huOXWp5nqCbt+/B4VfDu5nmgHDn3/EeZxVLfhLHyrJOVhvomZMd8XfK1RsVbFXYqm Uik1pFST1UwlgqeJ/4h5aaJOelyj6vuWG8wrHKwyDk8uQK6pe7p0BgbGrWCJ5OTvoagtLcxJvDT QkURY2frLOlQLZdhxJ7ah11rI4QHE0vtB9jWhbNVlv+yjQjZmm+YVo/MfsLNONX/EymH7hoXkl8 85cMv49VFEToe4dRTllPikdU3F+OzgGYl3wqraDaKI0Ls6PA8Tpbxyh50idQdFlWouKwNns8glg QXY8NPnIq+gCQXDKjATduLcRCJ32+JrjppErAKmPy791RM0rdpeXiHSZW8FFGtbHgs9FlefM8Vc 4hhhOpGrFU1BS+UTNxJ7iLYZxKd1CoR8anG4fEda5juHTIKcBVnulHisi9Pd+hGzUyZGYfTrwyG vhT0K6jEVyfhizsCPUp/nlOULLV4Ss+m7PDsCjsi1enKX6fyyIRkAuGc3peKnnXd9WgUcrz3NUn RaehWJI8inY+QsQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'pernet' structure can be obtained from the table->data using container_of(). Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/mptcp/ctrl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 81c30aa02196d69c55799e5963f6591e416c8831..b0dd008e2114bce65ee3906bbdc= 19a5a4316cefa 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -160,7 +160,9 @@ static int proc_blackhole_detect_timeout(const struct c= tl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct mptcp_pernet *pernet =3D mptcp_get_pernet(current->nsproxy->net_ns= ); + struct mptcp_pernet *pernet =3D container_of(table->data, + struct mptcp_pernet, + blackhole_timeout); int ret; =20 ret =3D proc_dointvec_minmax(table, write, buffer, lenp, ppos); --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1266218B463 for ; Tue, 7 Jan 2025 17:09:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269792; cv=none; b=Cn/vc8wJOvkyTZ1bqhDj5LuUu9WyMNtoeQRdcETLiHBVtrcYJF45AZE+ffW5F5fQOrxRoUOocKQ99oZL3tiKgyZ7tIiZrk0ffXXOEaVy/3pGubDaRdPePJMEGZ5JBULpQ3gr4TBVFBekEzSs5LWAhyTSKlP906GtL2xLNCXHVsc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269792; c=relaxed/simple; bh=hpukQ86ZN8TF2Ut+z1mdvXgXzprL22bov1llOuA5sqU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GRApJfau7B2fukqwndsf0AUNZiFRC/kHt+qzvNdkT/TUJtNm8xKWv0r7VXPj0cFidsNCJCTniuHC1wA+dtVj4BW2kDHK2MqV4Sg+TQSd+Q8d9OilS7XVZZZA0o2fH+ZRD6nFOF/fcy1hbgPtIY5s7OxT5JaVv0eXHMikcIkF29o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=C9CSCpPo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="C9CSCpPo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1AF8EC4CED6; Tue, 7 Jan 2025 17:09:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269791; bh=hpukQ86ZN8TF2Ut+z1mdvXgXzprL22bov1llOuA5sqU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=C9CSCpPoc9BfedTOOxRnnDtlFq6wh5oJWHC3Mvnctr/tHTtzWJTgZKcrm73jeymyx MaRa0A6gcHilNWuQ2VXh3FjT6H9KoDMplqAvapcNwLeRo8xphPiusl74g6o0aesVmp B1IJ4MkQxzI6rp7bw/w3vTk/xYbtw5lie3fyJNM8tDNabFPekQNzOHd92XUGJvKtr7 b5JIXizeqYngv1LN3GplCaSuwRBtN6jwfWsGnnN2+JYCTEPm5f2sGj4Po1MkcM6O2x /QViMLi+5TO3igUY9hWlyU7M9wiiHeQ1uvRYp1j+JhlAAlbtvLFjiLrj+XyZydslRT Li4x65HyXk06A== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:28 +0100 Subject: [PATCH mptcp-net 4/9] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-4-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1704; i=matttbe@kernel.org; h=from:subject:message-id; bh=hpukQ86ZN8TF2Ut+z1mdvXgXzprL22bov1llOuA5sqU=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/a9O0L6RqkktWRSQ6A4abXceW99EFtN/VLh Xjxn0TvF6CJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c70PEACIEsdRxrPfei6FgjbrgDORVaiA4v9KReXttjAIP6hHmhcO73QIDW4QGdvH85JK3Z8Uv4P NIxLdID02H9oHkbA/n3bjwg+7vCBqYypCAwbt913BnTY8/EGJ0qNStTtyXC+/MhMSEkHb7tCa0L b8cjHdG7+DIxz/e98c60xgyAsInk+rnKN3fP1QWGPNndkuf8xOyfgS0fwJJvxXv/RjK2Y152G2h L/KDkuMp09qQDnGcXXBFB2uiNkuqRZu4StkNMHgUGaC1STTsUmLX/r2UF10pK/Jv3CqeTC8RbBN hHDoCA5CUZcXLVuXbZot/DIUI/nH6TiiDf70ev3TD7Fi1DYYFe8l5Uzp0HOm5mm9r/IBS3fCX/x TTDjongBoZKlvrzhMHsxVVo2gvx3cejS9kK/kiHmFtqUtTUqsdPKyNKIRVS7/M8eWcyKDDfI0jD Exe0K4JnKBLF+49b900IU/6fZ6VzbX0xSLQ21O6451ZdM5tLtlo5inaY8ZwtBYaMrc0sOo5KlQI OMv0v458h/iAaUKJuglwSnZjj04I6eif1t28qBzczb81VZcFjosMnZx64u+PamTgcTI475kEnVc T8jKBiLN/KI+73eFfqI0BaVhA29XyMbVjFOZuMtaRhVdbLJlQw9ALQQ4b74u04oULnXaxIisZMk 3YzYqMiAjfGuK/A== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used. Fixes: 3c68198e7511 ("sctp: Make hmac algorithm selection for cookie genera= tion dynamic") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/sctp/sysctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index e5a5af343c4c98de1afb27359c104f5030583ac4..9848d19630a4f760238a3a2abd3= ec823f012d34a 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -387,7 +387,8 @@ static struct ctl_table sctp_net_table[] =3D { static int proc_sctp_do_hmac_alg(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, + sctp.sctp_hmac_alg); struct ctl_table tbl; bool changed =3D false; char *none =3D "none"; --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3EFE18B463 for ; Tue, 7 Jan 2025 17:09:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269793; cv=none; b=MrWPdFcWUS+a6d16zx5r8OosuVE6cdKCjLaIJvSvXwpa01cjg3kFxqKjRqsgPHL5J3gAz9z0dzAcYQ1/Z9f6g7hLRdKp25SeknYlssL2Z+uVgYkS6J/RWKGRC+o2xf7RcViCcYEPzHZ0RZc2Hc8zZyelnw8oYApL1UKn1UTsWvs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269793; c=relaxed/simple; bh=QhHjmFhBlE0YmAlV+jp+HXi53XIHEUZ3lgLic9en9yo=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LTJv+j3rUA+YX+XNoubH8EcBpYOkFO1Lsfx42+KRxIyzSiBD7GJJVc55UqsUl+PUTYjH0d0TfdZ21PIZX2L+7eVoxfLoeYBsftqXfnMvFcFZrHYUcTeGp880BGvsPfCKdgrS6Knuy8P369BSaokVVlyTKJXVV5FPlIDczcb5gr8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=f33zE/mX; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="f33zE/mX" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CE25C4CEDE; Tue, 7 Jan 2025 17:09:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269792; bh=QhHjmFhBlE0YmAlV+jp+HXi53XIHEUZ3lgLic9en9yo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=f33zE/mXakXMgat5kls+msWBo8WYkRVffk4yJIitC987PdGN1Uoo8RBoU/+1vJ2sP VVYAdox9SoUkEzCV1M4rMglwo51fVIp54HlKSkdcUJBiVTCbFv3SXdJSH9yGRy4VS4 qTiG8974n3Phh36+mu5oJb2U5PTNTvBmWu8DgwZy9+T1YSLxWwQLI+lP2q2L11AUCJ iPQcPi/j0hLWlNuU6GP2+aR3AnuJKjkr1vaL3KfpT8RN8tgYnnII8a5L8Pa1EUZ7yI lh/7+ILAZO0Qj/1544IqCs+SMuLuy6OgHl0hFTookPR5TZm/gtlAgeOC942QJPcTkp d8sTWiteq7OoA== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:29 +0100 Subject: [PATCH mptcp-net 5/9] sctp: sysctl: rto_min/max: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-5-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2216; i=matttbe@kernel.org; h=from:subject:message-id; bh=QhHjmFhBlE0YmAlV+jp+HXi53XIHEUZ3lgLic9en9yo=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/ai6SNgmZ2r+j+jDo6ClMUfYtcRPycAPYej DeVM+wLbfyJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c5qjEAC6o137OLmX7z73Qc64/z8X4lpEUBT3fsCMtxN/QE2S6AJ6XPMnvru6xJzSbZLGprXlR+r 3Kbic5EVKYUcn3VtfydcuV+TXqztWAgzNn4nKU+Aep8RYdZTAw9JkV1ta9P6epu4bfomsbixLJG fyPP0YCOck4Spy8pXi9q2SrrgNqv+mWqGkptmouXy5BnI/kKLN3P50J4rfYcS85Ogl8NaFRVOBK ZOFi4DOCae3I20J2Mr9LPLWmh1CMNTvpPlzrWb81bua569+2Reff1qYGr1ggAhuh3Qw8UqgmWQ4 1kVzrpDgwa21Sv9yxLFy6ChxQ24kWswHQz8GxnycW5px4soeqxrmO2IhNmfGCgntlfx4iWtPzDe CXHWXFbRraSQJ15b3LBQ1W4ixSIa7f7Q2yM/f394a0wvNF6KV0e1B+hyvRPcSGFo6UBm6XQnH2U VwZ0ZsG1HPepwDLw5Rlbdr3KueIujnJvgH368dnjiOymsE41P4eiEPC7brktMvw0BsOlBb/ToHa Ovg8w5/7XklAgsrHhbv3nM4dsrPNNk5O6CCdkdgcbSojcyalFKmyIzrM2CuX6h20QLxTM6Zew98 fEHJz32ChfjZY4YTXmaoWE8Ls1ghQBz8xWelB1Q+IQq3eKXDhaSAmAnhKV3jNyf5V63yv4L1p9V eMAb3old836GtOA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used. Fixes: 4f3fdf3bc59c ("sctp: add check rto_min and rto_max in sysctl") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/sctp/sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 9848d19630a4f760238a3a2abd3ec823f012d34a..a5285815264dfa9d88d1d71244f= 309448e97a506 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -433,7 +433,7 @@ static int proc_sctp_do_hmac_alg(const struct ctl_table= *ctl, int write, static int proc_sctp_do_rto_min(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, sctp.rto_min); unsigned int min =3D *(unsigned int *) ctl->extra1; unsigned int max =3D *(unsigned int *) ctl->extra2; struct ctl_table tbl; @@ -461,7 +461,7 @@ static int proc_sctp_do_rto_min(const struct ctl_table = *ctl, int write, static int proc_sctp_do_rto_max(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, sctp.rto_max); unsigned int min =3D *(unsigned int *) ctl->extra1; unsigned int max =3D *(unsigned int *) ctl->extra2; struct ctl_table tbl; --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12AAC18B463 for ; Tue, 7 Jan 2025 17:09:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269794; cv=none; b=Td+Rho9gT3jqwrQ3i4iLplQ4BvPJ64f6zJ4UmE1DDmWtyqy9W5DxC/8HNDCenlWGSNoqZvSw4x5Ol7t8U9EMpkBp+IlUHDanMcXffdCLNkYRW/hwnNMY1vNjDRgOA4tes0Yk9EQgpkpK7OtyxTzmnuq4pTbhiWrsCdKVv7UQrUM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269794; c=relaxed/simple; bh=OGogxkh2ZFJv8Sp442Ci2eB+LbfNvn47S+GYz8hrJEA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=f+Ya4nwfS1W2UrRM4ns6N1AVHaMhHhsy0mTPox9TUBZSFfPOgZ/VhRpXtj5bKpHsXguWvjJV4vUb2tGqcpSNy+P76U6m87+LyvuBgPkU+gWxGrWA5sKNt9MkyOaXhrcsLoB2IZj8tkz7rD4OxwoYrnO1r0FUDELZI0JmAKhKSiU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PBlLnNKi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PBlLnNKi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1B818C4CEE0; Tue, 7 Jan 2025 17:09:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269793; bh=OGogxkh2ZFJv8Sp442Ci2eB+LbfNvn47S+GYz8hrJEA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=PBlLnNKi7w8Qh0B1nTzeGvaVD883jErwDwnM0qMMAz86x21aS83SE8fiMGmB9uwWy Ilp+rgC4ib6qnkdmvHl/oeKmeXCCZq9hDcJnJeG0KEmB7CgJ+cN1N9NGbz31ted9cr OwDuam35vxeNm2mUtfiBURoFUkofl67dfoC2co6HSQJLMDqm2UfDxt4ggqmFnizCxL y+Z3UXw0ew9kF/4pd77ygoN+PoDLOT/KyGAz6CYWW2cpXxWiz39JaK0AoD1Pm2E1dg f/RYjSMV0X+wLvpzZ1toxlhl8AVIaNq0RCOVGppOIi47AsUL8rwVPDu46pG9dt1mNV uEzQ9p2AY/eKg== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:30 +0100 Subject: [PATCH mptcp-net 6/9] sctp: sysctl: auth_enable: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-6-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1619; i=matttbe@kernel.org; h=from:subject:message-id; bh=OGogxkh2ZFJv8Sp442Ci2eB+LbfNvn47S+GYz8hrJEA=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/aNUu6LuHZbD5MGLHH8H9eMT6nOh0faV1VJ w4juxHmRaaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c8E0EACuPC24Q5Hd9H3kVtDbAnDoYWi+B2esnwlh3axwTu32KNjROrJPYGMYoeeGtKyrULVflCe Ps905Y/kMUNTWsHovo6bQAwP/MEhlNOK8NqgITp+98q8rqq+01cEUmSVnyrNnFdO1O6JWJTSo2o uzAdJEpTHTcfbBtze55o8NZp5mzUqwKgzgONLG+N3IwJmz0MXiTnRrmYdosOgfmbeZgbul7yJVl rirHJlljASpPxhFT3O7cl1PsX6h6rx4PUdO+9VyPaGvh2Gp/yzng2rk0jZAAcj/cgbWCG9/EhIp 3JkH8u89X+wZh5iO5LJQtpus7O9FsY6xIre9rjXkge6jXxhdBp5SFfDuT8LwXs5LUXOCp8MV4dM 9LVyN0fmXvaM5Fc3DeUhxpLBPqQcy0WgcNY+032KmCszZoNWuvTGpGP4P5HHvrm2npLO4UjZhVo nV5mEA1nlwoUNTyMEskZQu1V677poDkIeEa41ch6oT+0o5xOClBLHbvpvgA4P0YBHzjCZlNSU7U MMbR5xJKxOje4a5h+r0hLZdZe6PeajcmP0VGnHdUk+S6kbZYrLmoK8KuAlhotS8C1FlAzg9l8XQ 73qdjBWhKRfGNv9Mup+aKhGpLHsvhF4Xz2WotH6OZyv6Zd56DUvBsCl9PAEhdWurlRXWIiTKWYu rS4/w9BvCkOOzOw== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. Fixes: b14878ccb7fa ("net: sctp: cache auth_enable per endpoint") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/sctp/sysctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index a5285815264dfa9d88d1d71244f309448e97a506..9d29611621feaf0d2e8d7c92360= 1ab374515563b 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -499,7 +499,7 @@ static int proc_sctp_do_alpha_beta(const struct ctl_tab= le *ctl, int write, static int proc_sctp_do_auth(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, sctp.auth_enable); struct ctl_table tbl; int new_value, ret; =20 --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 124D318B463 for ; Tue, 7 Jan 2025 17:09:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269795; cv=none; b=Dv7S2sehB5oZnb2R71UinzdhlIz0Mf8/yx/bXThI1UTfSBiU1GtcQybMu4Yfb5huO4eLE6V2V9Oh4RVFPlHxDoDwS8cs/VhCLwXaZG8eOcKYRH4Fgctx53rE7RXYo3dX17odzQm/L+CivKYx04RR8LpTTQffiHNTergRlqGflCY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269795; c=relaxed/simple; bh=ufX6xedFdDfnkmJ9OsG1TuSM3+8UGK9PRhwEE5ldpt0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QYEUcrKjcXdWOK/NKoEv5gYVOHLtqX0FGGydVJwFbIKC/LEcaCcYawwSra5FW9n6+lLhY4FRc895VFdxOn7Ftxg7BoQCqFce/20iyveawQQFMJWaUC5m7ciMr+ck555bOCD6Ri/SWVVmHIYpYQc5cqsZda66/dv5nZYUMPVlJNc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=adA3EEE5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="adA3EEE5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C46FC4CED6; Tue, 7 Jan 2025 17:09:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269794; bh=ufX6xedFdDfnkmJ9OsG1TuSM3+8UGK9PRhwEE5ldpt0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=adA3EEE5sBUYE0lAwUskHL2uCANzzcUdrQKi+CHOfzm7+/TNr/JbNIaZeVDYpOVPW vpF1TZSvten7cEijQE3T1ywSWhp3o1ZmhEdzcsi55lA04keeSDthonUR3vgK7dfJ7K a7wJnrhleGdWA/8aG5OErXbYZZXSx+wghjzzUz3FS6E0CkmZVEUzsyLKCYsPbm8tSM jMcun74glK3FZ6TvlYln16yWPsUBXHzJNVR6iRWxzjYTCiud9UTzCFmNcNSVOUe0ad 1R5aKOYiJ6UlT+D2vUI1T5P2v4qtO8OzvIGj/0dNW7yz5/A7W04RwNvgKV/hpZcW1P TaaKGFM2kSCZg== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:31 +0100 Subject: [PATCH mptcp-net 7/9] sctp: sysctl: udp_port: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-7-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1680; i=matttbe@kernel.org; h=from:subject:message-id; bh=ufX6xedFdDfnkmJ9OsG1TuSM3+8UGK9PRhwEE5ldpt0=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/a9LpKmmi82OYNdHBWQxvkTNY3PJlqu68cb OP2oad1cj2JAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c006EADR4Q2CMVhE4FUzn44SlWntsUtYPtM2D68QIxKr8xoBAxdB/T01UP5R71qA8/zIX9fuSBq 8KILzYRBPuYkTxtT0h5iNJMLJPnwQxX4Vxdz8Xhl5oP8/AlTkcrFiHpvC2c0DBaw4EWvwKSI4It aJncO49s4LEfvVdKABSvdQdvwP3SPyelWLD712/Tl1fTNm5hR7+lJ2JV47Z6yWsdbWw1zVAca+1 mNBa16K6XsmQltpiLYkHR8ZQNLDvQdmqyWDeiI2tx7gEA0dIlUuQmygkHduL6XLGVPABEiiT3qz J6ce+4+edhbvtBJ65cnRVArNstksxtFvIte8as/vqdguk+iPwq2Zt7/StW58ROKWnp8WT8lmgtC 78nIjC2WHtVktMD9UjBZHTnZvsE7rjibHXGpmEAQqf88UnpdGhWRR45jbVT0RIoOavKVdSUGWuF Uj7uQP0N5T5YuRmMIfngM2ygh+Vd9xlP/GCMuYoAQ/Rdcrhcugw7BOkKp2a0YXQVFUl0Ejqsx7A qiG29DixPuahwDkdhomd/cU/0+MHuzbVqTJKf1v9gtk/GwzrVmFAcXGrIMutQFJbLc4QWnu+XCR jhFrDphCLK1FzQPeHo+hfhLM9afsWiGdwuujhYixNJnHFQ5eb2Ey3n/QIU9Sa1w3v0unQGDvpyt WcXs//Rn5v7ph+Q== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. Fixes: 046c052b475e ("sctp: enable udp tunneling socks") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/sctp/sysctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 9d29611621feaf0d2e8d7c923601ab374515563b..18fa4f44e8ec8c86f8415b1251e= f8a2979c7f823 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -528,7 +528,7 @@ static int proc_sctp_do_auth(const struct ctl_table *ct= l, int write, static int proc_sctp_do_udp_port(const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, sctp.udp_port); unsigned int min =3D *(unsigned int *)ctl->extra1; unsigned int max =3D *(unsigned int *)ctl->extra2; struct ctl_table tbl; --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FF3318B463 for ; Tue, 7 Jan 2025 17:09:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269796; cv=none; b=kSf2QXAzOS4WNizZok842INg0D6HiAiRfn8NNLuRYYopnASHjs/Mr/DhQ1DbcxME+yiLz9O5ET4pzlrYdTC5CvmG1Q+UkWgoo5ODP8hjZKYumi+ZnrCxcHJQtn4nKx6WL7UE92ZT6fug8mGWaazfPzIg8UXLxTZqMq1FwleDn/A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269796; c=relaxed/simple; bh=ORHe+HyANduhzbj7hP/x+sQ0j4alZdtOlWgCsIHI6c0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=eZ1dZdvt9a+PCY/NxnPcIirrYVNERYTgbrhdKZGAtRIqBMAeTos6CS82WHeTZlSgonT/yfE138VahD/VvJSTXecKFq1zjcGGr1R51Pqe4ZYqZz9NZB0BNVVABv+WhApR9HcQiGPZF+MFqmJfGImT4VZ6/1evcV0KJR4h2s8hB6o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Xzqszy0t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Xzqszy0t" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 19DF4C4CEDE; Tue, 7 Jan 2025 17:09:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269795; bh=ORHe+HyANduhzbj7hP/x+sQ0j4alZdtOlWgCsIHI6c0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Xzqszy0tKkcz1JFc9aBUCu3C5pcTaaVwvxUOZmxHu78NSeaybQ442cofaUH13WVOv t+2jHVbfwdlLuRYxDQSkYESD47J5OoxbaBYqQO6PxOLW/Ui+KyymZZrAO3xEnshZTW bInr2O3ygFTS8vj3wbcgLBncAARzR56cvG+3sTB8peRa9eZYtaEbR+FqEfjGzPe5wu 1hXeG2p9ZDZ56Sy6ZUdDkB9nuMYPi21gMIA/AMpCcYqhdjsGhQWUAnM1vzDgEwecGO BgIAKdUywu+vVIFZvLhwQhIZOXwoNYrtzjRZoGjvSEw5kAV4Se1uRpwf2zo9IjaKZo MltC/GUo8SLMA== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:32 +0100 Subject: [PATCH mptcp-net 8/9] sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-8-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1716; i=matttbe@kernel.org; h=from:subject:message-id; bh=ORHe+HyANduhzbj7hP/x+sQ0j4alZdtOlWgCsIHI6c0=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/acGdLX+Z8CxLtVM+fPMWDrULcOi/x4euw2 BaEdrS6Z6uJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg c8ocEACjC6vvYgwJlx4gsEuhSwojJku40KNQi1OvB0SGKiz1iMyHAeJYxdi5IRYutYTzY3+/Zjw wij1rqqZZY1YxSlSjQG1gcA5jONH2bexdQuAavMadIwyOPwCT55+mOSoYuB0kgtGtbaxxfeAgLj CKhUMEgm/i+0hEoFzUCGL38i+0kb+glaemOGMwP6yrOzxhQ+ApRDfyAm47V89GjbdJxh/tzV4zC cow4rb3g8BG8/LlJ05hWPZQAN15TKggU7aOXBcL6eln3ISa9yn2tti05A5E+NwkxiIpR8VVGZn5 TP/KrC+koU7ZXB4E7nL7JMbCRgJ+5jcDZ4u7FSpt2pxJf9n1PZKQPvXAymByhkUAeRZwqU484oq AG6D7Xi98bhEFWEYlZSzFu56kbinQugGkpTsJHOD05iuJ+blPIwIydOQ6Qf6ayL0Yp6I1J2gI07 dFntwlsyBJOPTB1iNLhXQR/MTbqfbu8OolpoDQ1X891GGh20X+vMa0PHRnQk0zr5glv46tQ654V p/sG8wG3SVLCkmIW+pC5TfGw8FdBLix10M7KvHKiT711m4RCUpccC+mg4m8b7PDm5lFAEOxHL/O 05OS8vf+TDGNkHNU4IqYgx3ryk1cfOLJyosnD592AMq0acI4hDkuvYECDviC+QzTs2KUn0RXZMN pPn3VHUef6Kx7Xg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.probe_interval' is used. Fixes: d1e462a7a5f3 ("sctp: add probe_interval in sysctl and sock/asoc/tran= sport") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/sctp/sysctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 18fa4f44e8ec8c86f8415b1251ef8a2979c7f823..8e1e97be4df79f3245e2bbbeb0a= 75841abc67f58 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -569,7 +569,8 @@ static int proc_sctp_do_udp_port(const struct ctl_table= *ctl, int write, static int proc_sctp_do_probe_interval(const struct ctl_table *ctl, int wr= ite, void *buffer, size_t *lenp, loff_t *ppos) { - struct net *net =3D current->nsproxy->net_ns; + struct net *net =3D container_of(ctl->data, struct net, + sctp.probe_interval); struct ctl_table tbl; int ret, new_value; =20 --=20 2.47.1 From nobody Wed Jan 22 01:07:28 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDBB018B463 for ; Tue, 7 Jan 2025 17:09:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269796; cv=none; b=OACSWJ/WR3JR+SgrDII7sJNiYP3pAVDVgcvZzR70lMKyjDzOkw9zTsMiVJyvTruEhtZyowmlo3iBIrwMVLgSiEjvv3rTp0sUnur5v+E8sQrrBTqPON5p1a7VNS95wM3MbBUYF9QSmmtXv7nBMRlhtfVrwBYkThstbSeaXJqe7/Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736269796; c=relaxed/simple; bh=G73D+Bht6+hcOIxbDDu7QISkUjUhFAswMUSI8nRg8zU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=b0nW41N9QglBXJCp60wfuzreetfO92aampiJL3uLhbMiEQHDARb+f4Faehga4jpjJwonPyCYJz2L9RJC4F+Ly3I4JxGsDLkho7jvIZ9AtrqAXzf061ugbvkbYUD/AZez02jyCsAK+YVyLWlIj8quFgbTNpeL82MtU1ZuKquJR4A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bpUUoYZt; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bpUUoYZt" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18DB5C4CEDD; Tue, 7 Jan 2025 17:09:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736269796; bh=G73D+Bht6+hcOIxbDDu7QISkUjUhFAswMUSI8nRg8zU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bpUUoYZtqwkLrOyLzAyIfNyE4hhK+p6Mo/XdMSgefXT8SFIb4LGTb9x1izxf/mtil Z/g0Wcyvil8bxNBDnC18wnjoAFsgviLTqFnLC8rN0rh9BNZGFHVP0ZAy11pRqHaguk ewyR9RRD6SNKN9AAn/q23D/iHeJ0593MHXnQ0jIczC+7N1dr0DlqKHKUyY9pABTsaZ lsoZI5CoougjFS/eN8tAd/IlrLCvkr4HvOrzis3hQOVemEIkVYuutO31Sl7PjYTX0M 5XZ5Z/1yLBI+CjlMXng2+5NZAqs7zm9RGAeXcvZzdvWx0GfxXTazIvN7pSkf0Fnm5Q s8rzgSq7lWvkA== From: "Matthieu Baerts (NGI0)" Date: Tue, 07 Jan 2025 18:09:33 +0100 Subject: [PATCH mptcp-net 9/9] rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250107-mptcp-sysfs-netns-v1-9-2fa7075d9970@kernel.org> References: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> In-Reply-To: <20250107-mptcp-sysfs-netns-v1-0-2fa7075d9970@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3944; i=matttbe@kernel.org; h=from:subject:message-id; bh=G73D+Bht6+hcOIxbDDu7QISkUjUhFAswMUSI8nRg8zU=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnfV/aE+7MU+fLfJLn41H1lfKYwzxL++aziPHBE +EWVhujigOJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ31f2gAKCRD2t4JPQmmg cxxREAC04uBLGO6GcWzg0buDiUXsvMhTEUhbPSsxEwY/H1tWEQ9++yxKlc2Zcz0WQH2eLu637EH oSaTSv6rgYc9HLocFVm1gJ8DGD4eKCZZJs/lD5SsyT4s3KPPOTDa/xLh9Ti2qOoJy0UMR+CsBeT flqUOP28JJGGwaTBw0FNp3fyT/c+6PgDtUxQt+URqSZpanJCBNSrX0Wtevme5HABSHe5BlJbdPx pJl6WNwDM7wf5E7S16ZV44SJzBcbSRiAe+QcYXVWU45zcHNpW3QcygI8pr2YCp9HVQS9XJS9A2e 5G831isozNgsqKbNkCwyfdM2qCD3dCIhSiLIqdmagIwmyTSbrQe1uZ+53CjZ5dDLy9u6EjKqZO2 DzPU99vqt7OaU/JmHSkXXM0w/MFFHgSPqOq3Grmj9uFAD8KEx2TF0FAbQu4Z4P/X3PSx3zkxxLr SLJ0ELVXFqpKWaR6pJEB2RADmRAsgnxI3ylboEV8KnmWvx6X10reCJdimdtv3vk08/ROshwfVuA ibFLq7qN8/oHyPTajdFHkKRHsl0m5odBhdyjCZQul63A8VNTZTgGhgiLgPSa4W6M6fqGXjJrQUC mPcBhb4Z+zBWPZrmj8Jh3e8HhlX2F75NJ7VirQnaL0dYT4sjuDsPJaaMRIe6TlTx5Orvm1E9fKY r0+f4OoLgz8432Q== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The per-netns structure can be obtained from the table->data using container_of(), then the 'net' one can be retrieved from the listen socket (if available). Fixes: c6a58ffed536 ("RDS: TCP: Add sysctl tunables for sndbuf/rcvbuf on rd= s-tcp socket") Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com = [1] Suggested-by: Al Viro Signed-off-by: Matthieu Baerts (NGI0) Reviewed-by: Mat Martineau --- net/rds/tcp.c | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/net/rds/tcp.c b/net/rds/tcp.c index 351ac1747224a3a1c8b0e297ba53cdbbcbc55401..0581c53e6517043ad6c2ad4207b= 26ab169989ed8 100644 --- a/net/rds/tcp.c +++ b/net/rds/tcp.c @@ -61,8 +61,10 @@ static atomic_t rds_tcp_unloading =3D ATOMIC_INIT(0); =20 static struct kmem_cache *rds_tcp_conn_slab; =20 -static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write, - void *buffer, size_t *lenp, loff_t *fpos); +static int rds_tcp_sndbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos); +static int rds_tcp_rcvbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos); =20 static int rds_tcp_min_sndbuf =3D SOCK_MIN_SNDBUF; static int rds_tcp_min_rcvbuf =3D SOCK_MIN_RCVBUF; @@ -74,7 +76,7 @@ static struct ctl_table rds_tcp_sysctl_table[] =3D { /* data is per-net pointer */ .maxlen =3D sizeof(int), .mode =3D 0644, - .proc_handler =3D rds_tcp_skbuf_handler, + .proc_handler =3D rds_tcp_sndbuf_handler, .extra1 =3D &rds_tcp_min_sndbuf, }, #define RDS_TCP_RCVBUF 1 @@ -83,7 +85,7 @@ static struct ctl_table rds_tcp_sysctl_table[] =3D { /* data is per-net pointer */ .maxlen =3D sizeof(int), .mode =3D 0644, - .proc_handler =3D rds_tcp_skbuf_handler, + .proc_handler =3D rds_tcp_rcvbuf_handler, .extra1 =3D &rds_tcp_min_rcvbuf, }, }; @@ -682,10 +684,10 @@ static void rds_tcp_sysctl_reset(struct net *net) spin_unlock_irq(&rds_tcp_conn_lock); } =20 -static int rds_tcp_skbuf_handler(const struct ctl_table *ctl, int write, +static int rds_tcp_skbuf_handler(struct rds_tcp_net *rtn, + const struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *fpos) { - struct net *net =3D current->nsproxy->net_ns; int err; =20 err =3D proc_dointvec_minmax(ctl, write, buffer, lenp, fpos); @@ -694,11 +696,34 @@ static int rds_tcp_skbuf_handler(const struct ctl_tab= le *ctl, int write, *(int *)(ctl->extra1)); return err; } - if (write) + + if (write && rtn->rds_tcp_listen_sock && rtn->rds_tcp_listen_sock->sk) { + struct net *net =3D sock_net(rtn->rds_tcp_listen_sock->sk); + rds_tcp_sysctl_reset(net); + } + return 0; } =20 +static int rds_tcp_sndbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos) +{ + struct rds_tcp_net *rtn =3D container_of(ctl->data, struct rds_tcp_net, + sndbuf_size); + + return rds_tcp_skbuf_handler(rtn, ctl, write, buffer, lenp, fpos); +} + +static int rds_tcp_rcvbuf_handler(const struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *fpos) +{ + struct rds_tcp_net *rtn =3D container_of(ctl->data, struct rds_tcp_net, + rcvbuf_size); + + return rds_tcp_skbuf_handler(rtn, ctl, write, buffer, lenp, fpos); +} + static void rds_tcp_exit(void) { rds_tcp_set_unloading(); --=20 2.47.1