From: Reindl Harald <h.reindl@thelounge.net>
To: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, kuba@kernel.org
Subject: Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry
Date: Sat, 13 Feb 2021 17:21:23 +0100 [thread overview]
Message-ID: <fd8829e7-61ff-025e-6a73-b92dba1a2a9b@thelounge.net> (raw)
In-Reply-To: <9e18d3b2-e0d2-489e-43ae-c27c160df221@thelounge.net>
Am 13.02.21 um 17:09 schrieb Reindl Harald:
>
>
> Am 10.02.21 um 11:34 schrieb Reindl Harald:
>>
>>
>> Am 07.02.21 um 20:38 schrieb Jozsef Kadlecsik:
>>> On Sun, 7 Feb 2021, Reindl Harald wrote:
>>>
>>>>> well, the most important thing is that the firewall-vm stops to
>>>>> kernel-panic
>>>>
>>>> why is that still not part of 5.10.14 given how old that issue is :-(
>>>>
>>>> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
>>>
>>> Probably we missed the window when patches were accepted for the new
>>> release. That's all
>>
>> probably something is broken in the whole process given that 5.10.15
>> still don't contain the fix while i am tired of a new "stable release"
>> every few days and 5.10.x like every LTS release in the past few years
>> has a peak of it
>>
>> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.15
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.16
again no "netfilter" or "xt_recent"
what is the point of new kernel releases every second day without fixing
months old issues where a pacth exists?
> and another useless crash of something which has a ready patch from
> before 5.10.14
>
> [165940.842226] kernel BUG at lib/list_debug.c:45!
> [165940.874769] invalid opcode: 0000 [#1] SMP NOPTI
> [165940.876680] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
> 5.10.15-100.fc32.x86_64 #1
> [165940.880198] Hardware name: VMware, Inc. VMware Virtual
> Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
> [165940.885314] RIP: 0010:__list_del_entry_valid.cold+0xf/0x47
> [165940.886202] Code: fe ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 60
> 88 40 b2 e8 cf 45 fe ff 0f 0b 48 89 fe 48 c7 c7 f0 88 40 b2 e8 be 45 fe
> ff <0f> 0b 48 c7 c7 a0 89 40 b2 e8 b0 45 fe ff 0f 0b 48 89 f2 48 89 fe
> [165940.889107] RSP: 0018:ffffaf0480003928 EFLAGS: 00010282
> [165940.889943] RAX: 000000000000004e RBX: ffff9fa911148000 RCX:
> 0000000000000000
> [165940.891066] RDX: ffff9fa99d4269e0 RSI: ffff9fa99d418a80 RDI:
> 0000000000000300
> [165940.892190] RBP: ffffaf04800039a0 R08: 0000000000000000 R09:
> ffffaf0480003760
> [165940.893313] R10: ffffaf0480003758 R11: ffffffffb2b44748 R12:
> ffff9fa9046000f8
> [165940.894441] R13: ffff9fa911148010 R14: ffff9fa903329400 R15:
> ffff9fa904600000
> [165940.895573] FS: 0000000000000000(0000) GS:ffff9fa99d400000(0000)
> knlGS:0000000000000000
> [165940.896856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [165940.897789] CR2: 00007fb9442e5000 CR3: 00000000030a0006 CR4:
> 00000000003706f0
> [165940.898954] Call Trace:
> [165940.899400] <IRQ>
> [165940.899757] recent_mt+0x1b5/0x39b [xt_recent]
> [165940.900492] ? set_match_v4+0x92/0xb0 [xt_set]
> [165940.901236] nft_match_large_eval+0x34/0x60 [nft_compat]
> [165940.902104] nft_do_chain+0x141/0x4e0 [nf_tables]
> [165940.902869] ? fib_validate_source+0x47/0xf0
> [165940.903564] ? ip_route_input_slow+0x722/0xaa0
> [165940.904282] nft_do_chain_ipv4+0x56/0x60 [nf_tables]
> [165940.905086] nf_hook_slow+0x3f/0xb0
> [165940.905658] ip_forward+0x441/0x480
> [165940.906230] ? ip4_key_hashfn+0xb0/0xb0
> [165940.906856] __netif_receive_skb_one_core+0x67/0x70
> [165940.907639] netif_receive_skb+0x35/0x110
> [165940.908295] br_handle_frame_finish+0x17a/0x450 [bridge]
> [165940.909143] ? ip_finish_output2+0x19b/0x560
> [165940.909842] ? br_handle_frame_finish+0x450/0x450 [bridge]
> [165940.910718] br_handle_frame+0x292/0x350 [bridge]
> [165940.911483] ? ip_sublist_rcv_finish+0x57/0x70
> [165940.912199] ? ___slab_alloc+0x127/0x5b0
> [165940.912835] __netif_receive_skb_core+0x196/0xf70
> [165940.913590] ? ip_list_rcv+0x125/0x140
> [165940.914201] __netif_receive_skb_list_core+0x12f/0x2b0
> [165940.915024] netif_receive_skb_list_internal+0x1bc/0x2e0
> [165940.915873] ? vmxnet3_rq_rx_complete+0x8bd/0xde0 [vmxnet3]
> [165940.916769] napi_complete_done+0x6f/0x190
> [165940.917439] vmxnet3_poll_rx_only+0x7b/0xa0 [vmxnet3]
> [165940.918249] net_rx_action+0x135/0x3b0
> [165940.918863] __do_softirq+0xca/0x288
> [165940.919451] asm_call_irq_on_stack+0xf/0x20
> [165940.920146] </IRQ>
> [165940.920508] do_softirq_own_stack+0x37/0x40
> [165940.921187] irq_exit_rcu+0xc2/0x100
> [165940.921772] common_interrupt+0x74/0x130
> [165940.922410] asm_common_interrupt+0x1e/0x40
next prev parent reply other threads:[~2021-02-13 16:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 0:17 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
2021-02-05 0:17 ` [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry Pablo Neira Ayuso
2021-02-05 5:50 ` patchwork-bot+netdevbpf
2021-02-05 11:33 ` Reindl Harald
2021-02-05 13:54 ` Jozsef Kadlecsik
2021-02-05 14:42 ` Reindl Harald
2021-02-07 16:34 ` Reindl Harald
2021-02-07 19:38 ` Jozsef Kadlecsik
2021-02-10 10:34 ` Reindl Harald
2021-02-13 16:09 ` Reindl Harald
2021-02-13 16:21 ` Reindl Harald [this message]
2021-02-15 7:21 ` Jozsef Kadlecsik
2021-02-07 19:36 ` Jozsef Kadlecsik
2021-02-05 0:17 ` [PATCH net 2/4] selftests: netfilter: fix current year Pablo Neira Ayuso
2021-02-05 0:17 ` [PATCH net 3/4] netfilter: nftables: fix possible UAF over chains from packet path in netns Pablo Neira Ayuso
2021-02-05 0:17 ` [PATCH net 4/4] netfilter: flowtable: fix tcp and udp header checksum update Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd8829e7-61ff-025e-6a73-b92dba1a2a9b@thelounge.net \
--to=h.reindl@thelounge.net \
--cc=davem@davemloft.net \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).