[Vserver] Bug in vc_net_remove in kernel/vserver/network.c (including fix)

From: Christopher Alexander Tobias Schulze <schulze_at_mathematik.uni-kl.de>
Date: Wed 23 Aug 2006 - 12:05:21 BST
Message-Id: <200608231305.25549.schulze@mathematik.uni-kl.de>

Hello everyone.

While experimenting with the VServer kernel interface I found out that the
VCMD_net_remove primitive is not implemented correctly, always leading to
EINVAL. In the current implementation, there is no way to remove IP addresses
assigned to a NID from userspace because of this bug, although the vserver
kernel code implements this functionality. (Note that the userspace programs
in the vserver utilities currently seem not to use this functionality. The
fact that the kernel interface provides more functionality than what we can
get using the vserver utilities was the cause for studying whether it is
possible to use the kernel interface directly for custom tools.)

The problem lies in the way NXA_TYPE_ANY is used. In
include/linux/vserver/network.h, we have

#define NXA_TYPE_ANY (~0)

and in kernel/vserer/network.c this is used in

       switch ((unsigned)vc_data.type) {
       case NXA_TYPE_ANY:
               nxi->nbipv4 = 0;
               break;

       default:
               ret = -EINVAL;
               break;
       }

Unfortunately, there is no way to set vc_data.type to a value so that

     (unsigned) vc_data.type == NXA_TYPE_ANY,

as NXA_TYPE_ANY consists of 32 binary ones, and the upper 16 bits of the left
hand side are always zero, as vc_data.type is a uint16_t.

The fix is quite simple, e.g.

       switch (vc_data.type) {
       case (uint16_t)(NXA_TYPE_ANY):
               nxi->nbipv4 = 0;
               break;

       default:
               ret = -EINVAL;
               break;
       }

Now we are comparing the value stored in vc_data.type with the value that gets
stored with the assignment

      vc_data.type = NXA_TYPE_ANY,

what was obviously the original author's intention.

(Tested with a 2.6.15.7 kernel under ubuntu dapper, but should work also with
more recent kernels. I verified that the bug still exists in the 2.6.17.8
vserver 2.1.1-rc29 patches.)

HTH,
Alexander Schulze
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Aug 23 12:36:16 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 23 Aug 2006 - 12:36:22 BST by hypermail 2.1.8