lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 03 Jun 2021 21:00:04 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     netfilter-devel@...r.kernel.org, davem@...emloft.net,
        netdev@...r.kernel.org, kuba@...nel.org
Subject: Re: [PATCH net 1/2] netfilter: nft_ct: skip expectations for confirmed
 conntrack

Hello:

This series was applied to netdev/net.git (refs/heads/master):

On Wed,  2 Jun 2021 14:44:29 +0200 you wrote:
> nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed
> conntrack entry. However, nf_ct_ext_add() can only be called for
> !nf_ct_is_confirmed().
> 
> [ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack]
> [ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack]
> [ 1825.351493] Code: 41 5c 41 5d 41 5e 41 5f c3 41 bc 0a 00 00 00 e9 15 ff ff ff ba 09 00 00 00 31 f6 4c 89 ff e8 69 6c 3d e9 eb 96 45 31 ed eb cd <0f> 0b e9 b1 fe ff ff e8 86 79 14 e9 eb bf 0f 1f 40 00 0f 1f 44 00
> [ 1825.351721] RSP: 0018:ffffc90002e1f1e8 EFLAGS: 00010202
> [ 1825.351790] RAX: 000000000000000e RBX: ffff88814f5783c0 RCX: ffffffffc0e4f887
> [ 1825.351881] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88814f578440
> [ 1825.351971] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff88814f578447
> [ 1825.352060] R10: ffffed1029eaf088 R11: 0000000000000001 R12: ffff88814f578440
> [ 1825.352150] R13: ffff8882053f3a00 R14: 0000000000000000 R15: 0000000000000a20
> [ 1825.352240] FS:  00007f992261c900(0000) GS:ffff889faec00000(0000) knlGS:0000000000000000
> [ 1825.352343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1825.352417] CR2: 000056070a4d1158 CR3: 000000015efe0000 CR4: 0000000000350ee0
> [ 1825.352508] Call Trace:
> [ 1825.352544]  nf_ct_helper_ext_add+0x10/0x60 [nf_conntrack]
> [ 1825.352641]  nft_ct_expect_obj_eval+0x1b8/0x1e0 [nft_ct]
> [ 1825.352716]  nft_do_chain+0x232/0x850 [nf_tables]
> 
> [...]

Here is the summary with links:
  - [net,1/2] netfilter: nft_ct: skip expectations for confirmed conntrack
    https://git.kernel.org/netdev/net/c/1710eb913bdc
  - [net,2/2] netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
    https://git.kernel.org/netdev/net/c/8971ee8b0877

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ