Re: [PATCH 1/1] netfilter: Fix kernel panic in nfulnl_rcv_nl_event

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Francesco Ruggeri <fruggeri@aristanetworks.com>
Cc: netdev@vger.kernel.org, gaofeng@cn.fujitsu.com,
	dvlasenk@redhat.com, netfilter-devel@vger.kernel.org,
	davem@davemloft.net, fruggeri@arista.com
Subject: Re: [PATCH 1/1] netfilter: Fix kernel panic in nfulnl_rcv_nl_event
Date: Wed, 20 May 2015 13:39:09 +0200	[thread overview]
Message-ID: <20150520113909.GA10948@salvia> (raw)
In-Reply-To: <20150517213031.4ABD2480853@fruggeri-Arora18.sjc.aristanetworks.com>

On Sun, May 17, 2015 at 02:30:31PM -0700, Francesco Ruggeri wrote:
> nfnetlink_log_init registers netlink callback nfulnl_rcv_nl_event before
> registering the pernet_subsys, but the callback relies on data structures
> allocated by pernet init functions.
> When nfnetlink_log is loaded, if a netlink message is received after
> the netlink callback is registered but before the pernet_subsys is
> registered, the kernel will panic in the sequence
> 
> nfulnl_rcv_nl_event
>   nfnl_log_pernet
>     net_generic
>       BUG_ON(id == 0)  where id is nfnl_log_net_id.
> 
> The panic can be easily reproduced in 4.0.3 by:
> 
> while true ;do modprobe nfnetlink_log ; rmmod nfnetlink_log ; done &
> while true ;do ip netns add dummy ; ip netns del dummy ; done &
> 
> This patch moves register_pernet_subsys to earlier in nfnetlink_log_init.
> 
> Notice that the BUG_ON hit in 4.0.3 was recently removed in 2591ffd308
> ["netns: remove BUG_ONs from net_generic()"].

I'm going to send a v2 of this patch with two changes:

* We have the same problem in nfnetlink_queue.
* Remove status = -ENOMEM as it is scratched soon thereafter.

Please, have a look at the patch I'll send after this and confirm this
looks good to you.

     prev parent reply	other threads:[~2015-05-20 11:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-17 21:30 [PATCH 1/1] netfilter: Fix kernel panic in nfulnl_rcv_nl_event Francesco Ruggeri
2015-05-20 11:39 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150520113909.GA10948@salvia \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=dvlasenk@redhat.com \
    --cc=fruggeri@arista.com \
    --cc=fruggeri@aristanetworks.com \
    --cc=gaofeng@cn.fujitsu.com \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.