| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Oct 2015 10:30:36 +0100 From: Gerhard Wiesinger <lists@...singer.com> To: Willy Tarreau <w@....eu>, Greg KH <gregkh@...uxfoundation.org> Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, torvalds@...ux-foundation.org, stable@...r.kernel.org, lwn@....net, Jiri Slaby <jslaby@...e.cz> Subject: Re: Linux 4.2.4 On 25.10.2015 10:03, Willy Tarreau wrote: > On Sun, Oct 25, 2015 at 01:25:47AM -0700, Greg KH wrote: >> On Sun, Oct 25, 2015 at 08:25:49AM +0100, Gerhard Wiesinger wrote: >>> On 23.10.2015 02:33, Greg KH wrote: >>>> I'm announcing the release of the 4.2.4 kernel. >>>> >>>> All users of the 4.2 kernel series must upgrade. >>>> >>>> The updated 4.2.y git tree can be found at: >>>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.2.y >>>> and can be browsed at the normal kernel.org git web browser: >>>> http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary >>>> >>>> thanks, >>>> >>>> greg k-h >>>> >>> Hello Greg, >>> >>> Kernel 4.2.4 is still broken regarding iptables/ipset: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1272645 >>> >>> Kernel 4.1.10 works well. >>> >>> Please fix it ASAP. >> Fix it with what patch? > It's not even sure there's a patch for this. There were numerous changes > to ipset between 4.1 and 4.2 and very few in 4.3-rc, any you backported > them all. Also, Gerhard's trace in the bugzilla report above is very > poor, there's just one line of the panic, nothing exploitable at all, > nothing even indicates that it is related to ipset at all. Sorry, don't have any more information. From the bugzilla report: Message from syslogd@arm at Oct 24 20:05:09 ... kernel:Process ipset (pid: 2055, stack limit = 0xe8404220) So ipset has a problem ... > Gerhard, it would be easier if you could bisect between 4.1 and 4.2 to > find what patch introduced the regression if you can easily reproduce > the issue. That would make it more obvious what to look at and the > patch author might have some ideas about the real problem. > > The device is in production so I can't play around here. Nevertheless I can try a patch. But should be easy to reproduce in developers testing environment with shorewall/netfilter and ipset. As shorewall6 is activated it might also be an IPv6 issue. Kernel 4.2 seems to me not well tested in the netfilter parts at all (Bug with already known bugfix https://lists.debian.org/debian-kernel/2015/10/msg00034.html was triggered on 2 of 3 of my machines, the new bug on 1 of 1 tested machine). Ciao, Gerhard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists