lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210702005626.GB29227@salvia>
Date:   Fri, 2 Jul 2021 02:56:26 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Vasily Averin <vvs@...tuozzo.com>
Cc:     Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush()
 removal

On Thu, Jul 01, 2021 at 08:02:24AM +0300, Vasily Averin wrote:
> nf_ct_gre_keymap_flush() is useless.
> It is called from nf_conntrack_cleanup_net_list() only and tries to remove
> nf_ct_gre_keymap entries from pernet gre keymap list. Though:
> a) at this point the list should already be empty, all its entries were
> deleted during the conntracks cleanup, because
> nf_conntrack_cleanup_net_list() executes nf_ct_iterate_cleanup(kill_all)
> before nf_conntrack_proto_pernet_fini():
>  nf_conntrack_cleanup_net_list
>   +- nf_ct_iterate_cleanup
>   |   nf_ct_put
>   |    nf_conntrack_put
>   |     nf_conntrack_destroy
>   |      destroy_conntrack
>   |       destroy_gre_conntrack
>   |        nf_ct_gre_keymap_destroy
>   `- nf_conntrack_proto_pernet_fini
>       nf_ct_gre_keymap_flush
> 
> b) Let's say we find that the keymap list is not empty. This means netns
> still has a conntrack associated with gre, in which case we should not free
> its memory, because this will lead to a double free and related crashes.
> However I doubt it could have gone unnoticed for years, obviously
> this does not happen in real life. So I think we can remove
> both nf_ct_gre_keymap_flush() and nf_conntrack_proto_pernet_fini().

Also applied.

I think nf_ct_gre_keymap_flush() became useless when the GRE was
de-modularized (built-in into nf_conntrack).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ