[kernel] r16348 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Ben Hutchings benh at alioth.debian.org
Fri Sep 24 20:34:11 UTC 2010


Author: benh
Date: Fri Sep 24 20:33:33 2010
New Revision: 16348

Log:
phonet: Restrict to initial namespace (Closes: #597904)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/phonet-Restrict-to-initial-namespace.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/24

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Fri Sep 24 04:28:51 2010	(r16347)
+++ dists/sid/linux-2.6/debian/changelog	Fri Sep 24 20:33:33 2010	(r16348)
@@ -12,6 +12,7 @@
     driver (xserver-xorg-video-intel version 2.12.0+shadow-1) should work
     properly with KMS on these chips. (Closes: #596453)
   * sctp: Do not reset the packet during sctp_packet_config()
+  * phonet: Restrict to initial namespace (Closes: #597904)
 
   [ Martin Michlmayr ]
   * ARM: update mach types.

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/phonet-Restrict-to-initial-namespace.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/phonet-Restrict-to-initial-namespace.patch	Fri Sep 24 20:33:33 2010	(r16348)
@@ -0,0 +1,163 @@
+From 9994397f1728f33f5b232bb8976b37e473c2c7d0 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Fri, 24 Sep 2010 21:14:18 +0100
+Subject: [PATCH] phonet: Restrict to initial namespace
+
+The lifetime management for per-namespace state in phonet is broken.
+When a network namespace is destroyed it will crash (repeatably):
+
+[   73.925565] BUG: unable to handle kernel NULL pointer dereference at
+(null)
+[   73.927385] IP: [<d0823135>] phonet_device_destroy+0x81/0xf8 [phonet]
+[   73.928020] *pde = 00000000
+[   73.928020] Oops: 0000 [#1] SMP
+[   73.928020] last sysfs file: /sys/devices/virtual/vc/vcsa7/uevent
+[   73.928020] Modules linked in: phonet loop processor snd_pcm
+snd_timer button serio_raw snd soundcore snd_page_alloc psmouse
+parport_pc evdev parport i2c_piix4 pcspkr i2c_core ext3 jbd mbcache fan
+sg sr_mod cdrom sd_mod crc_t10dif ata_generic ata_piix thermal libata
+thermal_sys floppy e1000 scsi_mod [last unloaded: scsi_wait_scan]
+[   73.928020]
+[   73.928020] Pid: 9, comm: netns Not tainted (2.6.32-5-686 #1) Bochs
+[   73.928020] EIP: 0060:[<d0823135>] EFLAGS: 00010207 CPU: 0
+[   73.928020] EIP is at phonet_device_destroy+0x81/0xf8 [phonet]
+[   73.928020] EAX: ce6ec1c0 EBX: 00000000 ECX: ce32fc00 EDX: 00000000
+[   73.928020] ESI: ce6ec1c8 EDI: 00000000 EBP: ce32fc00 ESP: cf453f00
+[   73.928020]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
+[   73.928020] Process netns (pid: 9, ti=cf452000 task=cf426200
+task.ti=cf452000)
+[   73.928020] Stack:
+[   73.928020]  d0825694 ce32fc00 00000000 00000000 d08234ef fffffff2
+00000000 ce32fc00
+[   73.928020] <0> c11e5b27 c13ad2fc e6064da0 d0825694 fffffff1 c126ec00
+ce32fc00 00000006
+[   73.928020] <0> ce32fc00 cf838000 cf453fb0 cf838010 c1046fd2 ffffffff
+00000000 c11d9920
+[   73.928020] Call Trace:
+[   73.928020]  [<d08234ef>] ? phonet_device_notify+0x94/0xae [phonet]
+[   73.928020]  [<c11e5b27>] ? dropmon_net_event+0xf5/0x114
+[   73.928020]  [<c126ec00>] ? notifier_call_chain+0x2a/0x47
+[   73.928020]  [<c1046fd2>] ? raw_notifier_call_chain+0x9/0xc
+[   73.928020]  [<c11d9920>] ? rollback_registered+0x9a/0xec
+[   73.928020]  [<c11d99a1>] ? unregister_netdevice+0x2f/0x54
+[   73.928020]  [<c11d99d5>] ? unregister_netdev+0xf/0x15
+[   73.928020]  [<c11d5773>] ? cleanup_net+0x43/0x7d
+[   73.928020]  [<c1040c33>] ? worker_thread+0x141/0x1bd
+[   73.928020]  [<c11d5730>] ? cleanup_net+0x0/0x7d
+[   73.928020]  [<c104396a>] ? autoremove_wake_function+0x0/0x2d
+[   73.928020]  [<c1040af2>] ? worker_thread+0x0/0x1bd
+[   73.928020]  [<c1043738>] ? kthread+0x61/0x66
+[   73.928020]  [<c10436d7>] ? kthread+0x0/0x66
+[   73.928020]  [<c1003d47>] ? kernel_thread_helper+0x7/0x10
+[   73.928020] Code: b8 59 82 d0 8b 85 44 02 00 00 85 d2 8b 80 98 04 00
+00 74 04 3b 10 76 04 0f 0b eb fe 8b 44 90 08 8b 18 eb 07 39 6b 08 74 10
+89 d3 <8b> 13 0f 18 02 90 39 c3 75 ef 31 db eb 19 85 db 74 15 8b 43 04
+[   73.928020] EIP: [<d0823135>] phonet_device_destroy+0x81/0xf8
+[phonet] SS:ESP 0068:cf453f00
+[   73.928020] CR2: 0000000000000000
+[   74.003675] ---[ end trace 0efbc7b3acd94bdf ]---
+[   74.006363] Kernel panic - not syncing: Fatal exception in interrupt
+[   74.009738] Pid: 9, comm: netns Tainted: G      D    2.6.32-5-686 #1
+[   74.013033] Call Trace:
+[   74.014327]  [<c126b429>] ? panic+0x38/0xe4
+[   74.016595]  [<c126da31>] ? oops_end+0x91/0x9d
+[   74.018894]  [<c101b5db>] ? no_context+0x105/0x10e
+[   74.021384]  [<c101b6f9>] ? __bad_area_nosemaphore+0x115/0x11d
+[   74.028368]  [<c12188b8>] ? snmp_mib_free+0x1a/0x29
+[   74.032077]  [<c1238b09>] ? addrconf_ifdown+0x23f/0x260
+[   74.034725]  [<c123a20c>] ? addrconf_notify+0x6a4/0x776
+[   74.038354]  [<c126e8cf>] ? do_page_fault+0x0/0x307
+[   74.040046]  [<c101b70b>] ? bad_area_nosemaphore+0xa/0xc
+[   74.041325]  [<c126d123>] ? error_code+0x73/0x78
+[   74.042515]  [<d0823135>] ? phonet_device_destroy+0x81/0xf8 [phonet]
+[   74.044350]  [<d08234ef>] ? phonet_device_notify+0x94/0xae [phonet]
+[   74.045958]  [<c11e5b27>] ? dropmon_net_event+0xf5/0x114
+[   74.047361]  [<c126ec00>] ? notifier_call_chain+0x2a/0x47
+[   74.048789]  [<c1046fd2>] ? raw_notifier_call_chain+0x9/0xc
+[   74.050221]  [<c11d9920>] ? rollback_registered+0x9a/0xec
+[   74.051651]  [<c11d99a1>] ? unregister_netdevice+0x2f/0x54
+[   74.053111]  [<c11d99d5>] ? unregister_netdev+0xf/0x15
+[   74.054635]  [<c11d5773>] ? cleanup_net+0x43/0x7d
+[   74.055942]  [<c1040c33>] ? worker_thread+0x141/0x1bd
+[   74.057183]  [<c11d5730>] ? cleanup_net+0x0/0x7d
+[   74.058275]  [<c104396a>] ? autoremove_wake_function+0x0/0x2d
+[   74.059737]  [<c1040af2>] ? worker_thread+0x0/0x1bd
+[   74.060935]  [<c1043738>] ? kthread+0x61/0x66
+[   74.062014]  [<c10436d7>] ? kthread+0x0/0x66
+[   74.063097]  [<c1003d47>] ? kernel_thread_helper+0x7/0x10
+
+Restrict phonet state to the initial namespace.
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ net/phonet/pn_dev.c |   29 ++++++++++++++++++++++++++---
+ 1 files changed, 26 insertions(+), 3 deletions(-)
+
+diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
+index 5f42f30..af9e553 100644
+--- a/net/phonet/pn_dev.c
++++ b/net/phonet/pn_dev.c
+@@ -39,9 +39,19 @@ struct phonet_net {
+ 
+ int phonet_net_id;
+ 
++static struct phonet_device_list empty_device_list = {
++	.list = LIST_HEAD_INIT(empty_device_list.list),
++	.lock = SPIN_LOCK_UNLOCKED
++};
++
+ struct phonet_device_list *phonet_device_list(struct net *net)
+ {
+-	struct phonet_net *pnn = net_generic(net, phonet_net_id);
++	struct phonet_net *pnn;
++
++	if (!net_eq(net, &init_net))
++		return &empty_device_list;
++
++	pnn = net_generic(net, phonet_net_id);
+ 	return &pnn->pndevs;
+ }
+ 
+@@ -122,6 +132,9 @@ int phonet_address_add(struct net_device *dev, u8 addr)
+ 	struct phonet_device *pnd;
+ 	int err = 0;
+ 
++	if (!net_eq(dev_net(dev), &init_net))
++		return -EPERM;
++
+ 	spin_lock_bh(&pndevs->lock);
+ 	/* Find or create Phonet-specific device data */
+ 	pnd = __phonet_get(dev);
+@@ -246,7 +259,12 @@ static struct notifier_block phonet_device_notifier = {
+ /* Per-namespace Phonet devices handling */
+ static int phonet_init_net(struct net *net)
+ {
+-	struct phonet_net *pnn = kmalloc(sizeof(*pnn), GFP_KERNEL);
++	struct phonet_net *pnn;
++
++	if (!net_eq(net, &init_net))
++		return 0;
++
++	pnn = kmalloc(sizeof(*pnn), GFP_KERNEL);
+ 	if (!pnn)
+ 		return -ENOMEM;
+ 
+@@ -263,9 +281,14 @@ static int phonet_init_net(struct net *net)
+ 
+ static void phonet_exit_net(struct net *net)
+ {
+-	struct phonet_net *pnn = net_generic(net, phonet_net_id);
++	struct phonet_net *pnn;
+ 	struct net_device *dev;
+ 
++	if (!net_eq(net, &init_net))
++		return;
++
++	pnn = net_generic(net, phonet_net_id);
++
+ 	rtnl_lock();
+ 	for_each_netdev(net, dev)
+ 		phonet_device_destroy(dev);
+-- 
+1.7.1
+

Modified: dists/sid/linux-2.6/debian/patches/series/24
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/24	Fri Sep 24 04:28:51 2010	(r16347)
+++ dists/sid/linux-2.6/debian/patches/series/24	Fri Sep 24 20:33:33 2010	(r16348)
@@ -36,3 +36,4 @@
 + debian/sched-Avoid-ABI-change-due-to-sched_class-changes.patch
 - debian/i915-Blacklist-i830-i845-i855-for-KMS.patch
 + bugfix/all/sctp-Do-not-reset-the-packet-during-sctp_packet_config.patch
++ bugfix/all/phonet-Restrict-to-initial-namespace.patch



More information about the Kernel-svn-changes mailing list