From: Florian Westphal <fw@strlen.de>
To: Tristan Madani <tristmd@gmail.com>
Cc: pablo@netfilter.org, phil@nwl.cc,
netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
stable@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] netfilter: ip_tables: guard ipt_unregister_table_pre_exit against NULL ops
Date: Fri, 1 May 2026 00:16:15 +0200 [thread overview]
Message-ID: <afPUr2oksLlaMcOj@strlen.de> (raw)
In-Reply-To: <177758578919.118018.11758358602621428742@gmail.com>
Tristan Madani <tristmd@gmail.com> wrote:
> Florian Westphal <fw@strlen.de> wrote:
> > Is there a reproducer for this bug?
>
> Syzkaller hit it under failslab. The race is between the lazy
> init path in ipt_register_table() and cleanup_net(). The table
> becomes visible via xt_register_table() before ops is assigned,
> so pre_exit can find it with NULL ops.
If we have races between a thread calling ipt_register_table and
the netns cleanup path there is nothing we could ever do to fix it:
we are tearing down a live network namespace.
Something else must be going on.
next prev parent reply other threads:[~2026-04-30 22:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 17:56 [PATCH 0/2] netfilter: fix NULL ops race in iptable lazy init Tristan Madani
2026-04-29 17:56 ` [PATCH 1/2] netfilter: ip_tables: allocate hook ops before making table visible Tristan Madani
2026-04-29 17:56 ` [PATCH 2/2] netfilter: ip6_tables: " Tristan Madani
2026-04-29 18:17 ` [PATCH 0/2] netfilter: fix NULL ops race in iptable lazy init Phil Sutter
2026-04-29 21:03 ` Tristan Madani
2026-04-29 23:18 ` [PATCH v2 0/2] netfilter: fix NULL ops dereference " Tristan Madani
2026-04-29 23:19 ` [PATCH v2 1/2] netfilter: ip_tables: guard ipt_unregister_table_pre_exit against NULL ops Tristan Madani
2026-04-30 13:27 ` Florian Westphal
2026-04-30 21:49 ` Tristan Madani
2026-04-30 22:16 ` Florian Westphal [this message]
2026-05-01 20:41 ` Tristan Madani
2026-05-01 22:00 ` Florian Westphal
2026-04-29 23:19 ` [PATCH v2 2/2] netfilter: ip6_tables: guard ip6t_unregister_table_pre_exit " Tristan Madani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afPUr2oksLlaMcOj@strlen.de \
--to=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
--cc=stable@vger.kernel.org \
--cc=tristmd@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.