Patchwork [3.8-rc] tuntap: refuse to re-attach to different tun_struct

login
register
mail settings
Submitter Stefan Hajnoczi
Date Jan. 10, 2013, 7:59 a.m.
Message ID <1357804788-19976-1-git-send-email-stefanha@redhat.com>
Download mbox | patch
Permalink /patch/210946/
State Accepted
Delegated to: David Miller
Headers show

Comments

Stefan Hajnoczi - Jan. 10, 2013, 7:59 a.m.
Multiqueue tun devices support detaching a tun_file from its tun_struct
and re-attaching at a later point in time.  This allows users to disable
a specific queue temporarily.

ioctl(TUNSETIFF) allows the user to specify the network interface to
attach by name.  This means the user can attempt to attach to interface
"B" after detaching from interface "A".

The driver is not designed to support this so check we are re-attaching
to the right tun_struct.  Failure to do so may lead to oops.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
This fix is for 3.8-rc.

 drivers/net/tun.c | 2 ++
 1 file changed, 2 insertions(+)
Jason Wang - Jan. 10, 2013, 9:25 a.m.
On Thursday, January 10, 2013 08:59:48 AM Stefan Hajnoczi wrote:
> Multiqueue tun devices support detaching a tun_file from its tun_struct
> and re-attaching at a later point in time.  This allows users to disable
> a specific queue temporarily.
> 
> ioctl(TUNSETIFF) allows the user to specify the network interface to
> attach by name.  This means the user can attempt to attach to interface
> "B" after detaching from interface "A".
> 
> The driver is not designed to support this so check we are re-attaching
> to the right tun_struct.  Failure to do so may lead to oops.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> This fix is for 3.8-rc.
> 
>  drivers/net/tun.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/tun.c b/drivers/net/tun.c
> index fbd106e..cf6da6e 100644
> --- a/drivers/net/tun.c
> +++ b/drivers/net/tun.c
> @@ -491,6 +491,8 @@ static int tun_attach(struct tun_struct *tun, struct
> file *file) err = -EINVAL;
>  	if (rcu_dereference_protected(tfile->tun, lockdep_rtnl_is_held()))
>  		goto out;
> +	if (tfile->detached && tun != tfile->detached)
> +		goto out;
> 
>  	err = -EBUSY;
>  	if (!(tun->flags & TUN_TAP_MQ) && tun->numqueues == 1)

Thanks.

Acked-by: Jason Wang <jasowang@redhat.com>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Jan. 10, 2013, 10:39 p.m.
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Thu, 10 Jan 2013 08:59:48 +0100

> Multiqueue tun devices support detaching a tun_file from its tun_struct
> and re-attaching at a later point in time.  This allows users to disable
> a specific queue temporarily.
> 
> ioctl(TUNSETIFF) allows the user to specify the network interface to
> attach by name.  This means the user can attempt to attach to interface
> "B" after detaching from interface "A".
> 
> The driver is not designed to support this so check we are re-attaching
> to the right tun_struct.  Failure to do so may lead to oops.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Wang - Jan. 11, 2013, 1:29 a.m.
On 01/11/2013 06:39 AM, David Miller wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> Date: Thu, 10 Jan 2013 08:59:48 +0100
>
>> Multiqueue tun devices support detaching a tun_file from its tun_struct
>> and re-attaching at a later point in time.  This allows users to disable
>> a specific queue temporarily.
>>
>> ioctl(TUNSETIFF) allows the user to specify the network interface to
>> attach by name.  This means the user can attempt to attach to interface
>> "B" after detaching from interface "A".
>>
>> The driver is not designed to support this so check we are re-attaching
>> to the right tun_struct.  Failure to do so may lead to oops.
>>
>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> Applied.
Hi David:

Any chance that I can have a respin on this patch, there's still a bug
after this patch. Or I just can send a patch on top?

Thanks
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Jan. 11, 2013, 5:12 a.m.
From: Jason Wang <jasowang@redhat.com>
Date: Fri, 11 Jan 2013 09:29:20 +0800

> On 01/11/2013 06:39 AM, David Miller wrote:
>> From: Stefan Hajnoczi <stefanha@redhat.com>
>> Date: Thu, 10 Jan 2013 08:59:48 +0100
>>
>>> Multiqueue tun devices support detaching a tun_file from its tun_struct
>>> and re-attaching at a later point in time.  This allows users to disable
>>> a specific queue temporarily.
>>>
>>> ioctl(TUNSETIFF) allows the user to specify the network interface to
>>> attach by name.  This means the user can attempt to attach to interface
>>> "B" after detaching from interface "A".
>>>
>>> The driver is not designed to support this so check we are re-attaching
>>> to the right tun_struct.  Failure to do so may lead to oops.
>>>
>>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>> Applied.
> Hi David:
> 
> Any chance that I can have a respin on this patch, there's still a bug
> after this patch. Or I just can send a patch on top?

If I've applied it, there is no reverting.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jason Wang - Jan. 11, 2013, 8:38 a.m.
On 01/11/2013 01:12 PM, David Miller wrote:
> From: Jason Wang <jasowang@redhat.com>
> Date: Fri, 11 Jan 2013 09:29:20 +0800
>
>> On 01/11/2013 06:39 AM, David Miller wrote:
>>> From: Stefan Hajnoczi <stefanha@redhat.com>
>>> Date: Thu, 10 Jan 2013 08:59:48 +0100
>>>
>>>> Multiqueue tun devices support detaching a tun_file from its tun_struct
>>>> and re-attaching at a later point in time.  This allows users to disable
>>>> a specific queue temporarily.
>>>>
>>>> ioctl(TUNSETIFF) allows the user to specify the network interface to
>>>> attach by name.  This means the user can attempt to attach to interface
>>>> "B" after detaching from interface "A".
>>>>
>>>> The driver is not designed to support this so check we are re-attaching
>>>> to the right tun_struct.  Failure to do so may lead to oops.
>>>>
>>>> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
>>> Applied.
>> Hi David:
>>
>> Any chance that I can have a respin on this patch, there's still a bug
>> after this patch. Or I just can send a patch on top?
> If I've applied it, there is no reverting.

Get it, will send patch on top.

Thanks
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index fbd106e..cf6da6e 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -491,6 +491,8 @@  static int tun_attach(struct tun_struct *tun, struct file *file)
 	err = -EINVAL;
 	if (rcu_dereference_protected(tfile->tun, lockdep_rtnl_is_held()))
 		goto out;
+	if (tfile->detached && tun != tfile->detached)
+		goto out;
 
 	err = -EBUSY;
 	if (!(tun->flags & TUN_TAP_MQ) && tun->numqueues == 1)