netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Reindl Harald <h.reindl@thelounge.net>
To: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	netfilter-devel@vger.kernel.org, davem@davemloft.net,
	netdev@vger.kernel.org, kuba@kernel.org
Subject: Re: [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry
Date: Sat, 13 Feb 2021 17:21:23 +0100	[thread overview]
Message-ID: <fd8829e7-61ff-025e-6a73-b92dba1a2a9b@thelounge.net> (raw)
In-Reply-To: <9e18d3b2-e0d2-489e-43ae-c27c160df221@thelounge.net>



Am 13.02.21 um 17:09 schrieb Reindl Harald:
> 
> 
> Am 10.02.21 um 11:34 schrieb Reindl Harald:
>>
>>
>> Am 07.02.21 um 20:38 schrieb Jozsef Kadlecsik:
>>> On Sun, 7 Feb 2021, Reindl Harald wrote:
>>>
>>>>> well, the most important thing is that the firewall-vm stops to
>>>>> kernel-panic
>>>>
>>>> why is that still not part of 5.10.14 given how old that issue is :-(
>>>>
>>>> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.14
>>>
>>> Probably we missed the window when patches were accepted for the new
>>> release. That's all
>>
>> probably something is broken in the whole process given that 5.10.15 
>> still don't contain the fix while i am tired of a new "stable release" 
>> every few days and 5.10.x like every LTS release in the past few years 
>> has a peak of it
>>
>> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.15

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.16

again no "netfilter" or "xt_recent"

what is the point of new kernel releases every second day without fixing 
months old issues where a pacth exists?

> and another useless crash of something which has a ready patch from 
> before 5.10.14
> 
> [165940.842226] kernel BUG at lib/list_debug.c:45!
> [165940.874769] invalid opcode: 0000 [#1] SMP NOPTI
> [165940.876680] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 
> 5.10.15-100.fc32.x86_64 #1
> [165940.880198] Hardware name: VMware, Inc. VMware Virtual 
> Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
> [165940.885314] RIP: 0010:__list_del_entry_valid.cold+0xf/0x47
> [165940.886202] Code: fe ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 60 
> 88 40 b2 e8 cf 45 fe ff 0f 0b 48 89 fe 48 c7 c7 f0 88 40 b2 e8 be 45 fe 
> ff <0f> 0b 48 c7 c7 a0 89 40 b2 e8 b0 45 fe ff 0f 0b 48 89 f2 48 89 fe
> [165940.889107] RSP: 0018:ffffaf0480003928 EFLAGS: 00010282
> [165940.889943] RAX: 000000000000004e RBX: ffff9fa911148000 RCX: 
> 0000000000000000
> [165940.891066] RDX: ffff9fa99d4269e0 RSI: ffff9fa99d418a80 RDI: 
> 0000000000000300
> [165940.892190] RBP: ffffaf04800039a0 R08: 0000000000000000 R09: 
> ffffaf0480003760
> [165940.893313] R10: ffffaf0480003758 R11: ffffffffb2b44748 R12: 
> ffff9fa9046000f8
> [165940.894441] R13: ffff9fa911148010 R14: ffff9fa903329400 R15: 
> ffff9fa904600000
> [165940.895573] FS:  0000000000000000(0000) GS:ffff9fa99d400000(0000) 
> knlGS:0000000000000000
> [165940.896856] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [165940.897789] CR2: 00007fb9442e5000 CR3: 00000000030a0006 CR4: 
> 00000000003706f0
> [165940.898954] Call Trace:
> [165940.899400]  <IRQ>
> [165940.899757]  recent_mt+0x1b5/0x39b [xt_recent]
> [165940.900492]  ? set_match_v4+0x92/0xb0 [xt_set]
> [165940.901236]  nft_match_large_eval+0x34/0x60 [nft_compat]
> [165940.902104]  nft_do_chain+0x141/0x4e0 [nf_tables]
> [165940.902869]  ? fib_validate_source+0x47/0xf0
> [165940.903564]  ? ip_route_input_slow+0x722/0xaa0
> [165940.904282]  nft_do_chain_ipv4+0x56/0x60 [nf_tables]
> [165940.905086]  nf_hook_slow+0x3f/0xb0
> [165940.905658]  ip_forward+0x441/0x480
> [165940.906230]  ? ip4_key_hashfn+0xb0/0xb0
> [165940.906856]  __netif_receive_skb_one_core+0x67/0x70
> [165940.907639]  netif_receive_skb+0x35/0x110
> [165940.908295]  br_handle_frame_finish+0x17a/0x450 [bridge]
> [165940.909143]  ? ip_finish_output2+0x19b/0x560
> [165940.909842]  ? br_handle_frame_finish+0x450/0x450 [bridge]
> [165940.910718]  br_handle_frame+0x292/0x350 [bridge]
> [165940.911483]  ? ip_sublist_rcv_finish+0x57/0x70
> [165940.912199]  ? ___slab_alloc+0x127/0x5b0
> [165940.912835]  __netif_receive_skb_core+0x196/0xf70
> [165940.913590]  ? ip_list_rcv+0x125/0x140
> [165940.914201]  __netif_receive_skb_list_core+0x12f/0x2b0
> [165940.915024]  netif_receive_skb_list_internal+0x1bc/0x2e0
> [165940.915873]  ? vmxnet3_rq_rx_complete+0x8bd/0xde0 [vmxnet3]
> [165940.916769]  napi_complete_done+0x6f/0x190
> [165940.917439]  vmxnet3_poll_rx_only+0x7b/0xa0 [vmxnet3]
> [165940.918249]  net_rx_action+0x135/0x3b0
> [165940.918863]  __do_softirq+0xca/0x288
> [165940.919451]  asm_call_irq_on_stack+0xf/0x20
> [165940.920146]  </IRQ>
> [165940.920508]  do_softirq_own_stack+0x37/0x40
> [165940.921187]  irq_exit_rcu+0xc2/0x100
> [165940.921772]  common_interrupt+0x74/0x130
> [165940.922410]  asm_common_interrupt+0x1e/0x40

  reply	other threads:[~2021-02-13 16:22 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-05  0:17 [PATCH net 0/4] Netfilter fixes for net Pablo Neira Ayuso
2021-02-05  0:17 ` [PATCH net 1/4] netfilter: xt_recent: Fix attempt to update deleted entry Pablo Neira Ayuso
2021-02-05  5:50   ` patchwork-bot+netdevbpf
2021-02-05 11:33   ` Reindl Harald
2021-02-05 13:54     ` Jozsef Kadlecsik
2021-02-05 14:42       ` Reindl Harald
2021-02-07 16:34         ` Reindl Harald
2021-02-07 19:38           ` Jozsef Kadlecsik
2021-02-10 10:34             ` Reindl Harald
2021-02-13 16:09               ` Reindl Harald
2021-02-13 16:21                 ` Reindl Harald [this message]
2021-02-15  7:21               ` Jozsef Kadlecsik
2021-02-07 19:36         ` Jozsef Kadlecsik
2021-02-05  0:17 ` [PATCH net 2/4] selftests: netfilter: fix current year Pablo Neira Ayuso
2021-02-05  0:17 ` [PATCH net 3/4] netfilter: nftables: fix possible UAF over chains from packet path in netns Pablo Neira Ayuso
2021-02-05  0:17 ` [PATCH net 4/4] netfilter: flowtable: fix tcp and udp header checksum update Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fd8829e7-61ff-025e-6a73-b92dba1a2a9b@thelounge.net \
    --to=h.reindl@thelounge.net \
    --cc=davem@davemloft.net \
    --cc=kadlec@netfilter.org \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).