[net,0/9] net: sysctl: avoid using current->nsproxy

Message ID	20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org (mailing list archive)
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67ED8259497; Wed, 8 Jan 2025 15:35:05 +0000 (UTC) From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org> Subject: [PATCH net 0/9] net: sysctl: avoid using current->nsproxy Date: Wed, 08 Jan 2025 16:34:28 +0100 Message-Id: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: mptcp@lists.linux.dev, Mat Martineau <martineau@kernel.org>, Geliang Tang <geliang@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>, Gregory Detal <gregory.detal@gmail.com>, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>, Xin Long <lucien.xin@gmail.com>, Vlad Yasevich <vyasevich@gmail.com>, Neil Horman <nhorman@tuxdriver.com>, wangweidong <wangweidong1@huawei.com>, Daniel Borkmann <daniel@iogearbox.net>, Vlad Yasevich <vyasevic@redhat.com>, Allison Henderson <allison.henderson@oracle.com>, Sowmini Varadhan <sowmini.varadhan@oracle.com>, Al Viro <viro@zeniv.linux.org.uk> Cc: Joel Granados <joel.granados@kernel.org>, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org, linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com, "Matthieu Baerts (NGI0)" <matttbe@kernel.org>, stable@vger.kernel.org, syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com
Series	net: sysctl: avoid using current->nsproxy \| expand [net,0/9] net: sysctl: avoid using current->nsproxy [net,1/9] mptcp: sysctl: avail sched: remove write access [net,2/9] mptcp: sysctl: sched: avoid using current->nsproxy [net,3/9] mptcp: sysctl: blackhole timeout: avoid using current->nsproxy [net,4/9] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy [net,5/9] sctp: sysctl: rto_min/max: avoid using current->nsproxy [net,6/9] sctp: sysctl: auth_enable: avoid using current->nsproxy [net,7/9] sctp: sysctl: udp_port: avoid using current->nsproxy [net,8/9] sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy [net,9/9] rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

Message ID

20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org (mailing list archive)

Headers

From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
Subject: [PATCH net 0/9] net: sysctl: avoid using current->nsproxy
Date: Wed, 08 Jan 2025 16:34:28 +0100
Message-Id: <20250108-net-sysctl-current-nsproxy-v1-0-5df34b2083e8@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: mptcp@lists.linux.dev, Mat Martineau <martineau@kernel.org>,
 Geliang Tang <geliang@kernel.org>, "David S. Miller" <davem@davemloft.net>,
 Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
 Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
 Gregory Detal <gregory.detal@gmail.com>,
 Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
 Xin Long <lucien.xin@gmail.com>, Vlad Yasevich <vyasevich@gmail.com>,
 Neil Horman <nhorman@tuxdriver.com>, wangweidong <wangweidong1@huawei.com>,
 Daniel Borkmann <daniel@iogearbox.net>, Vlad Yasevich <vyasevic@redhat.com>,
 Allison Henderson <allison.henderson@oracle.com>,
 Sowmini Varadhan <sowmini.varadhan@oracle.com>,
 Al Viro <viro@zeniv.linux.org.uk>
Cc: Joel Granados <joel.granados@kernel.org>, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org, linux-sctp@vger.kernel.org,
 linux-rdma@vger.kernel.org, rds-devel@oss.oracle.com,
 "Matthieu Baerts (NGI0)" <matttbe@kernel.org>, stable@vger.kernel.org,
 syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com

Series

net: sysctl: avoid using current->nsproxy | expand

Message

Matthieu Baerts Jan. 8, 2025, 3:34 p.m. UTC

As pointed out by Al Viro and Eric Dumazet in [1], using the 'net'
structure via 'current' is not recommended for different reasons:

- Inconsistency: getting info from the reader's/writer's netns vs only
  from the opener's netns as it is usually done. This could cause
  unexpected issues when other operations are done on the wrong netns.

- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
  (null-ptr-deref), e.g. when the current task is exiting, as spotted by
  syzbot [1] using acct(2).

The 'net' or 'pernet' structure can be obtained from the table->data
using container_of().

Note that table->data could also be used directly in more places, but
that would increase the size of this fix to replace all accesses via
'net'. Probably best to avoid that for fixes.

Patches 2-9 remove access of net via current->nsproxy in sysfs handlers
in MPTCP, SCTP and RDS. There are multiple patches doing almost the same
thing, but the reason is to ease the backports.

Patch 1 is not directly linked to this, but it is a small fix for MPTCP
available_schedulers sysctl knob to explicitly mark it as read-only.

Please note that this series does not address Al's comment [2]. In SCTP,
some sysctl knobs set other sysfs-exposed variables for the min/max: two
processes could then write two linked values at the same time, resulting
in new values being outside the new boundaries. It would be great if
SCTP developers can look at this problem.

Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
Link: https://lore.kernel.org/netdev/20250105211158.GL1977892@ZenIV/ [2]
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
---
Matthieu Baerts (NGI0) (9):
      mptcp: sysctl: avail sched: remove write access
      mptcp: sysctl: sched: avoid using current->nsproxy
      mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
      sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
      sctp: sysctl: rto_min/max: avoid using current->nsproxy
      sctp: sysctl: auth_enable: avoid using current->nsproxy
      sctp: sysctl: udp_port: avoid using current->nsproxy
      sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
      rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy

 net/mptcp/ctrl.c  | 17 +++++++++--------
 net/rds/tcp.c     | 39 ++++++++++++++++++++++++++++++++-------
 net/sctp/sysctl.c | 14 ++++++++------
 3 files changed, 49 insertions(+), 21 deletions(-)
---
base-commit: db78475ba0d3c66d430f7ded2388cc041078a542
change-id: 20250108-net-sysctl-current-nsproxy-672ae21a873f

Best regards,

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 9, 2025, 5 p.m. UTC | #1

Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Wed, 08 Jan 2025 16:34:28 +0100 you wrote:
> As pointed out by Al Viro and Eric Dumazet in [1], using the 'net'
> structure via 'current' is not recommended for different reasons:
> 
> - Inconsistency: getting info from the reader's/writer's netns vs only
>   from the opener's netns as it is usually done. This could cause
>   unexpected issues when other operations are done on the wrong netns.
> 
> [...]

Here is the summary with links:
  - [net,1/9] mptcp: sysctl: avail sched: remove write access
    https://git.kernel.org/netdev/net/c/771ec78dc8b4
  - [net,2/9] mptcp: sysctl: sched: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/d38e26e36206
  - [net,3/9] mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/92cf7a51bdae
  - [net,4/9] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/ea62dd138391
  - [net,5/9] sctp: sysctl: rto_min/max: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/9fc17b76fc70
  - [net,6/9] sctp: sysctl: auth_enable: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/15649fd5415e
  - [net,7/9] sctp: sysctl: udp_port: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/c10377bbc197
  - [net,8/9] sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/6259d2484d0c
  - [net,9/9] rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
    https://git.kernel.org/netdev/net/c/7f5611cbc487

You are awesome, thank you!