From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Xin Long <lucien.xin@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>,
network dev <netdev@vger.kernel.org>,
David Miller <davem@davemloft.net>,
netfilter-devel@vger.kernel.org,
Jamal Hadi Salim <jhs@mojatatu.com>
Subject: Re: [PATCH net] net: sched: fix NULL pointer dereference when action calls some targets
Date: Thu, 17 Aug 2017 12:33:44 +0200 [thread overview]
Message-ID: <20170817103344.GA7568@salvia> (raw)
In-Reply-To: <20170817100220.GC6928@salvia>
On Thu, Aug 17, 2017 at 12:02:20PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Aug 16, 2017 at 08:39:44PM +1200, Xin Long wrote:
> > On Wed, Aug 9, 2017 at 7:33 AM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> > > On Mon, Aug 7, 2017 at 7:33 PM, Xin Long <lucien.xin@gmail.com> wrote:
> > >> On Tue, Aug 8, 2017 at 9:15 AM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> > >>> This looks like a completely API burden?
> > >> netfilter xt targets are not really compatible with netsched action.
> > >> I've got to say, the patch is just a way to make checkentry return
> > >> false and avoid panic. like [1] said
> > >
> > > I don't doubt you fix a crash, I am thinking if we can
> > > "fix" the API instead of fixing the caller.
> > Hi, Cong,
> >
> > For now, I don't think it's possible to change APIs or some of their targets
> > for the panic caused by action xt calling.
> >
> > The common way should be fixed in net_sched side.
> >
> > Given that the issue is very easy to triggered,
> > let's wait for netfilter's replies for another few days,
> > otherwise I will repost the fix, agree ?
>
> Please, post the workaround so the kernel doesn't crash anymore.
>
> This is going to be very hard to fix, it's broken since the very
> beginning...
Wait a second, you could rename par->nft_compat to par->no_entry. From
net/sched/ you can set this to 1, so the entry checks are ignored.
I'm refering to patch 55917a21d0cc0
next prev parent reply other threads:[~2017-08-17 10:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-05 11:35 [PATCH net] net: sched: fix NULL pointer dereference when action calls some targets Xin Long
2017-08-07 21:15 ` Cong Wang
2017-08-08 2:33 ` Xin Long
2017-08-08 19:33 ` Cong Wang
2017-08-16 8:39 ` Xin Long
2017-08-17 5:57 ` Cong Wang
2017-08-17 7:45 ` Xin Long
2017-08-17 10:02 ` Pablo Neira Ayuso
2017-08-17 10:33 ` Pablo Neira Ayuso [this message]
2017-08-17 11:24 ` Xin Long
2017-08-17 12:44 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170817103344.GA7568@salvia \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=jhs@mojatatu.com \
--cc=lucien.xin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.