On Wed, 2010-09-29 at 00:18 +0300, Rémi Denis-Courmont wrote: > On Wednesday 29 September 2010 00:10:50 ext Ben Hutchings, you wrote: > > On Tue, 2010-09-28 at 23:45 +0300, Rémi Denis-Courmont wrote: > > > On Friday 24 September 2010 23:43:33 ext Ben Hutchings, you wrote: > > > > The lifetime management for per-namespace state in phonet is broken in > > > > 2.6.32. When a network namespace is destroyed it will crash > > > > > > > (repeatably): > > > I sent a slightly different patch that does more or less the same thing a > > > few days back but not to the right places. Anyway, it's fine to me > > > either way. > > > > I saw your patch on the Chromium bug tracker but it wasn't applicable to > > 2.6.32.y. > > I am quite sure the patch on netdev works fine. Sorry, I missed that. I've attached your patch for Greg to use instead of mine. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
From: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Subject: [PATCH stable-2.6.32] Phonet: disable network namespace support Date: Sat, 18 Sep 2010 01:36:46 +0300 Network namespace in the Phonet socket stack causes an OOPS when a namespace is destroyed. This occurs as the loopback exit_net handler is called after the Phonet exit_net handler, and re-enters the Phonet stack. I cannot think of any nice way to fix this in kernel <= 2.6.32. For lack of a better solution, disable namespace support completely. If you need that, upgrade to a newer kernel. Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Cc: Eric W. Biederman <ebiederm@xmission.com> --- net/phonet/af_phonet.c | 4 ++++ net/phonet/pn_dev.c | 12 ++++++++++-- net/phonet/pn_netlink.c | 9 ++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c index f60c0c2..519ff9d 100644 --- a/net/phonet/af_phonet.c +++ b/net/phonet/af_phonet.c @@ -67,6 +67,8 @@ static int pn_socket_create(struct net *net, struct socket *sock, int protocol) struct phonet_protocol *pnp; int err; + if (!net_eq(net, &init_net)) + return -EAFNOSUPPORT; if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -353,6 +355,8 @@ static int phonet_rcv(struct sk_buff *skb, struct net_device *dev, struct sockaddr_pn sa; u16 len; + if (!net_eq(net, &init_net)) + goto out; /* check we have at least a full Phonet header */ if (!pskb_pull(skb, sizeof(struct phonethdr))) goto out; diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c index 5f42f30..5a2275c 100644 --- a/net/phonet/pn_dev.c +++ b/net/phonet/pn_dev.c @@ -246,7 +246,11 @@ static struct notifier_block phonet_device_notifier = { /* Per-namespace Phonet devices handling */ static int phonet_init_net(struct net *net) { - struct phonet_net *pnn = kmalloc(sizeof(*pnn), GFP_KERNEL); + struct phonet_net *pnn; + + if (!net_eq(net, &init_net)) + return 0; + pnn = kmalloc(sizeof(*pnn), GFP_KERNEL); if (!pnn) return -ENOMEM; @@ -263,9 +267,13 @@ static int phonet_init_net(struct net *net) static void phonet_exit_net(struct net *net) { - struct phonet_net *pnn = net_generic(net, phonet_net_id); + struct phonet_net *pnn; struct net_device *dev; + if (!net_eq(net, &init_net)) + return; + pnn = net_generic(net, phonet_net_id); + rtnl_lock(); for_each_netdev(net, dev) phonet_device_destroy(dev); diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c index d21fd35..7acab1e 100644 --- a/net/phonet/pn_netlink.c +++ b/net/phonet/pn_netlink.c @@ -68,6 +68,8 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh, void *attr) int err; u8 pnaddr; + if (!net_eq(net, &init_net)) + return -EOPNOTSUPP; if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -124,12 +126,16 @@ nla_put_failure: static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb) { + struct net *net = sock_net(skb->sk); struct phonet_device_list *pndevs; struct phonet_device *pnd; int dev_idx = 0, dev_start_idx = cb->args[0]; int addr_idx = 0, addr_start_idx = cb->args[1]; - pndevs = phonet_device_list(sock_net(skb->sk)); + if (!net_eq(net, &init_net)) + goto skip; + + pndevs = phonet_device_list(net); spin_lock_bh(&pndevs->lock); list_for_each_entry(pnd, &pndevs->list, list) { u8 addr; @@ -154,6 +160,7 @@ static int getaddr_dumpit(struct sk_buff *skb, struct netlink_callback *cb) out: spin_unlock_bh(&pndevs->lock); +skip: cb->args[0] = dev_idx; cb->args[1] = addr_idx; -- 1.7.0.4
Attachment:
signature.asc
Description: This is a digitally signed message part