| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130110164154.GA5457@1984>
Date: Thu, 10 Jan 2013 17:41:54 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Gao feng <gaofeng@...fujitsu.com>
Cc: netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
canqunzhang@...il.com, kaber@...sh.net, ebiederm@...ssion.com
Subject: Re: [PATCH 01/19] netfilter: move nf_conntrack initialize out of
pernet operations
Hi Gao,
On Fri, Dec 28, 2012 at 10:36:27AM +0800, Gao feng wrote:
> canqun zhang reported a panic BUG,kernel may panic when
> unloading nf_conntrack module.
>
> It's because we reset nf_ct_destroy to NULL when we deal
> with init_net,it's too early.Some packets belongs to other
> netns still refers to the conntrack.when these packets need
> to be freed, kfree_skb will call nf_ct_destroy which is
> NULL.
>
> fix this bug by moving the nf_conntrack initialize and cleanup
> codes out of the pernet operations,this job should be done
> in module_init/exit.We can't use init_net to identify if
> it's the right time.
First off, thanks for looking into this.
I want to get this fix into 3.8 and -stable but this patch includes a
rework whose scope is net-next (upcoming 3.9).
The attached patch aims to fix the issue according to your patch
description. Once this is in, we can revisit your code refactoring
proposal.
Let me know.
View attachment "0001-netfilter-nf_conntrack-fix-BUG_ON-while-removing-nf_.patch" of type "text/x-diff" (2759 bytes)
Powered by blists - more mailing lists