Re: [PATCH] nf_queue: Make the queue_handler pernet

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: netfilter-devel@vger.kernel.org, dale.4d@gmail.com,
	netdev@vger.kernel.org, Florian Westphal <fw@strlen.de>
Subject: Re: [PATCH] nf_queue: Make the queue_handler pernet
Date: Mon, 30 May 2016 11:31:19 +0200	[thread overview]
Message-ID: <20160530093119.GA27929@salvia> (raw)
In-Reply-To: <87bn49nzzn.fsf_-_@x220.int.ebiederm.org>

On Fri, May 13, 2016 at 09:18:52PM -0500, Eric W. Biederman wrote:
> 
> Florian Weber reported:
> > Under full load (unshare() in loop -> OOM conditions) we can
> > get kernel panic:
> >
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
> > IP: [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70
> > [..]
> > task: ffff88012dfa3840 ti: ffff88012dffc000 task.ti: ffff88012dffc000
> > RIP: 0010:[<ffffffff81476c85>]  [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70
> > RSP: 0000:ffff88012dfffd80  EFLAGS: 00010206
> > RAX: 0000000000000008 RBX: ffffffff81add0c0 RCX: ffff88013fd80000
> > [..]
> > Call Trace:
> >  [<ffffffff81474d98>] nf_queue_nf_hook_drop+0x18/0x20
> >  [<ffffffff814738eb>] nf_unregister_net_hook+0xdb/0x150
> >  [<ffffffff8147398f>] netfilter_net_exit+0x2f/0x60
> >  [<ffffffff8141b088>] ops_exit_list.isra.4+0x38/0x60
> >  [<ffffffff8141b652>] setup_net+0xc2/0x120
> >  [<ffffffff8141bd09>] copy_net_ns+0x79/0x120
> >  [<ffffffff8106965b>] create_new_namespaces+0x11b/0x1e0
> >  [<ffffffff810698a7>] unshare_nsproxy_namespaces+0x57/0xa0
> >  [<ffffffff8104baa2>] SyS_unshare+0x1b2/0x340
> >  [<ffffffff81608276>] entry_SYSCALL_64_fastpath+0x1e/0xa8
> > Code: 65 00 48 89 e5 41 56 41 55 41 54 53 83 e8 01 48 8b 97 70 12 00 00 48 98 49 89 f4 4c 8b 74 c2 18 4d 8d 6e 08 49 81 c6 88 00 00 00 <49> 8b 5d 00 48 85 db 74 1a 48 89 df 4c 89 e2 48 c7 c6 90 68 47
> >
> 
> The simple fix for this requires a new pernet variable for struct
> nf_queue that indicates when it is safe to use the dynamically
> allocated nf_queue state.
> 
> As we need a variable anyway make nf_register_queue_handler and
> nf_unregister_queue_handler pernet.  This allows the existing logic of
> when it is safe to use the state from the nfnetlink_queue module to be
> reused with no changes except for making it per net.
> 
> The syncrhonize_rcu from nf_unregister_queue_handler is moved to a new
> function nfnl_queue_net_exit_batch so that the worst case of having a
> syncrhonize_rcu in the pernet exit path is not experienced in batch
> mode.

Applied, thanks.

     prev parent reply	other threads:[~2016-05-30  9:31 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-11 15:41 [PATCH nf V2] netfilter: fix oops in nfqueue during netns error unwinding Florian Westphal
2016-05-12  9:47 ` Pablo Neira Ayuso
2016-05-12 16:15   ` Eric W. Biederman
2016-05-12 16:40     ` Florian Westphal
2016-05-13 19:40       ` Eric W. Biederman
2016-05-13 20:04         ` Florian Westphal
2016-05-13 20:26           ` Eric W. Biederman
2016-05-13 21:07             ` Florian Westphal
2016-05-13 20:44           ` Eric W. Biederman
2016-05-13 21:20             ` Florian Westphal
2016-05-14  0:58               ` Eric W. Biederman
2016-05-14 10:33                 ` Florian Westphal
2016-05-15  3:00                   ` Eric W. Biederman
2016-05-14  2:18               ` [PATCH] nf_queue: Make the queue_handler pernet Eric W. Biederman
2016-05-30  9:31                 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160530093119.GA27929@salvia \
    --to=pablo@netfilter.org \
    --cc=dale.4d@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.