lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ip7mlr2r.fsf@xmission.com> Date: Thu, 27 Dec 2012 20:48:44 -0800 From: ebiederm@...ssion.com (Eric W. Biederman) To: canqun zhang <canqunzhang@...il.com> Cc: Gao feng <gaofeng@...fujitsu.com>, netfilter-devel@...r.kernel.org, "netdev\@vger.kernel.org" <netdev@...r.kernel.org>, Patrick McHardy <kaber@...sh.net>, pablo@...filter.org Subject: Re: [PATCH 01/19] netfilter: move nf_conntrack initialize out of pernet operations canqun zhang <canqunzhang@...il.com> writes: > Hi all > As discussed above,if the host machine create several linux > containers, there will be several net namespaces.Resources with "nf > conntrack" are registered or unregistered on the first net > namespace(init_net),But init_net is not unregistered lastly,so > cleanuping other net namespaces will triger painic. > If net namespaces are created with the order of 1,2,...n,they should > be cleaned with the order of n,...2,1,so in this case init_net will be > unregistered lastly. No. Network namespaces in general can be cleaned up in any order. In particular you should never ever expect to see the order n,n-1,n-2,...,2,1. It may make sense to special case init_net in the cleanup order but I would really rather not. Now init_net is special and really should never be cleaned up for non-modular code. So it almost makes sense to special case init_net. Does anyone know why Alexy decided to do this only for init_net? My inclination is that Gao Feng is on the rigt path by just removing the strange init_net special case and performing the work once per module load, and once per module unload. > I fixed it up (see below). I have taken a lot of test! Thank you. It is nice to see that we have exposed this mis-assumption. I am inclined to leave the order of this list as is so that other assumptions of network namespace unregistration order are exposed. Unless there is a truly good reason to perform magic on init_net. Eric > diff -r 6a1a258923f5 -r 2667e89e6f50 net/core/net_namespace.c > --- a/net/core/net_namespace.c Fri Dec 28 11:01:17 2012 +0800 > +++ b/net/core/net_namespace.c Fri Dec 28 11:05:12 2012 +0800 > @@ -450,7 +450,7 @@ > > list_del(&ops->list); > for_each_net(net) > - list_add_tail(&net->exit_list, &net_exit_list); > + list_add(&net->exit_list, &net_exit_list); > ops_exit_list(ops, &net_exit_list); > ops_free_list(ops, &net_exit_lis > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists