From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 02/19] netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
Date: Tue, 20 Feb 2018 17:38:49 +0100 [thread overview]
Message-ID: <20180220163906.12380-3-pablo@netfilter.org> (raw)
In-Reply-To: <20180220163906.12380-1-pablo@netfilter.org>
From: Cong Wang <xiyou.wangcong@gmail.com>
There is a race condition between clusterip_config_entry_put()
and clusterip_config_init(), after we release the spinlock in
clusterip_config_entry_put(), a new proc file with a same IP could
be created immediately since it is already removed from the configs
list, therefore it triggers this warning:
------------[ cut here ]------------
proc_dir_entry 'ipt_CLUSTERIP/172.20.0.170' already registered
WARNING: CPU: 1 PID: 4152 at fs/proc/generic.c:330 proc_register+0x2a4/0x370 fs/proc/generic.c:329
Kernel panic - not syncing: panic_on_warn set ...
As a quick fix, just move the proc_remove() inside the spinlock.
Reported-by: <syzbot+03218bcdba6aa76441a3@syzkaller.appspotmail.com>
Fixes: 6c5d5cfbe3c5 ("netfilter: ipt_CLUSTERIP: check duplicate config when initializing")
Tested-by: Paolo Abeni <pabeni@redhat.com>
Cc: Xin Long <lucien.xin@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 3a84a60f6b39..1ff72b87a066 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -107,12 +107,6 @@ clusterip_config_entry_put(struct net *net, struct clusterip_config *c)
local_bh_disable();
if (refcount_dec_and_lock(&c->entries, &cn->lock)) {
- list_del_rcu(&c->list);
- spin_unlock(&cn->lock);
- local_bh_enable();
-
- unregister_netdevice_notifier(&c->notifier);
-
/* In case anyone still accesses the file, the open/close
* functions are also incrementing the refcount on their own,
* so it's safe to remove the entry even if it's in use. */
@@ -120,6 +114,12 @@ clusterip_config_entry_put(struct net *net, struct clusterip_config *c)
if (cn->procdir)
proc_remove(c->pde);
#endif
+ list_del_rcu(&c->list);
+ spin_unlock(&cn->lock);
+ local_bh_enable();
+
+ unregister_netdevice_notifier(&c->notifier);
+
return;
}
local_bh_enable();
--
2.11.0
next prev parent reply other threads:[~2018-02-20 16:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-20 16:38 [PATCH 00/19] Netfilter fixes for net Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 01/19] netfilter: x_tables: remove size check Pablo Neira Ayuso
2018-02-20 16:38 ` Pablo Neira Ayuso [this message]
2018-02-20 16:38 ` [PATCH 03/19] netfilter: drop outermost socket lock in getsockopt() Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 04/19] netfilter: add back stackpointer size checks Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 05/19] netfilter: ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get() Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 06/19] netfilter: x_tables: remove pr_info where possible Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 07/19] netfilter: x_tables: use pr ratelimiting in xt core Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 08/19] netfilter: xt_CT: use pr ratelimiting Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 09/19] netfilter: xt_NFQUEUE: " Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 10/19] netfilter: xt_set: " Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 11/19] netfilter: bridge: " Pablo Neira Ayuso
2018-02-20 16:38 ` [PATCH 12/19] netfilter: x_tables: rate-limit table mismatch warnings Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 13/19] netfilter: x_tables: use pr ratelimiting in matches/targets Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 14/19] netfilter: x_tables: use pr ratelimiting in all remaining spots Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 15/19] .gitignore: ignore ASN.1 auto generated files Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 16/19] netfilter: x_tables: fix missing timer initialization in xt_LED Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 17/19] netfilter: nat: cope with negative port range Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 18/19] netfilter: xt_hashlimit: fix lock imbalance Pablo Neira Ayuso
2018-02-20 16:39 ` [PATCH 19/19] netfilter: IDLETIMER: be syzkaller friendly Pablo Neira Ayuso
2018-02-21 19:56 ` [PATCH 00/19] Netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180220163906.12380-3-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.