lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Oct 2016 10:47:49 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Nicolas Dichtel <nicolas.dichtel@...nd.com> CC: <davem@...emloft.net>, <netdev@...r.kernel.org>, Lance Richardson <lrichard@...hat.com> Subject: Re: [PATCH net] vti6: flush x-netns xfrm cache when vti interface is removed On Fri, Sep 30, 2016 at 11:11:07AM +0200, Nicolas Dichtel wrote: > This is the same fix than commit a5d0dc810abf ("vti: flush x-netns xfrm > cache when vti interface is removed") > > This patch fixes a refcnt problem when a x-netns vti6 interface is removed: > unregister_netdevice: waiting for vti6_test to become free. Usage count = 1 > > Here is a script to reproduce the problem: > > ip link set dev ntfp2 up > ip addr add dev ntfp2 2001::1/64 > ip link add vti6_test type vti6 local 2001::1 remote 2001::2 key 1 > ip netns add secure > ip link set vti6_test netns secure > ip netns exec secure ip link set vti6_test up > ip netns exec secure ip link s lo up > ip netns exec secure ip addr add dev vti6_test 2003::1/64 > ip -6 xfrm policy add dir out tmpl src 2001::1 dst 2001::2 proto esp \ > mode tunnel mark 1 > ip -6 xfrm policy add dir in tmpl src 2001::2 dst 2001::1 proto esp \ > mode tunnel mark 1 > ip xfrm state add src 2001::1 dst 2001::2 proto esp spi 1 mode tunnel \ > enc des3_ede 0x112233445566778811223344556677881122334455667788 mark 1 > ip xfrm state add src 2001::2 dst 2001::1 proto esp spi 1 mode tunnel \ > enc des3_ede 0x112233445566778811223344556677881122334455667788 mark 1 > ip netns exec secure ping6 -c 4 2003::2 > ip netns del secure > > CC: Lance Richardson <lrichard@...hat.com> > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com> Applied to the ipsec tree, thanks!
Powered by blists - more mailing lists