lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140306163635.GA21460@omega>
Date:	Thu, 6 Mar 2014 17:36:37 +0100
From:	Alexander Aring <alex.aring@...il.com>
To:	Florian Westphal <fw@...len.de>
Cc:	alex.bluesman.smirnov@...il.com, dbaryshkov@...il.com,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/2] 6lowpan: reassembly: fix kernel oops while
 unloading

On Thu, Mar 06, 2014 at 02:38:51PM +0100, Florian Westphal wrote:
> Alexander Aring <alex.aring@...il.com> wrote:
> > On Wed, Mar 05, 2014 at 11:32:46PM +0100, Florian Westphal wrote:
> > > Alexander Aring <alex.aring@...il.com> wrote:
> > > > It seems that the inet_frag_queue is deleted but the timer is running. This
> > > > patch adds a for loop to iterate over all frag_queue entries in the
> > > > frag_bucket and calling del_timer for each frag_queue entry while
> > > > unloading the 6lowpan module.
> > > > 
> > > > Signed-off-by: Alexander Aring <alex.aring@...il.com>
> > > > Reported-by: Phoebe Buckheister <phoebe.buckheister@...m.fraunhofer.de>
> > > > ---
> > > > I am not sure about that I can do that in this simply way without hold
> > > > any lock of the inet_frag_queue or inet_frag_bucket. Please help there.
> > > > The kernel oops never occurs afterwards, but this isn't simple to test.
> > > > I can't test all cases.
> > > 
> > > I find it hard to believe that this is a 6lowpan specific problem,
> > > most likely this needs a fix in inet_fragment code.
> > > 
> > I thought that too, maybe it's a problem in the inet_fragment code.
> > 
> > 
> > There are two function which I call on exit:
> > 
> > inet_frags_fini(&lowpan_frags); - which deletes the secret_timer.
> > inet_frags_exit_net(&net->ieee802154_lowpan.frags, &lowpan_frags);
> >  - which runs a force inet_frag_evictor
> > 
> > maybe I forgot to call some other function to cleanup the fragmentation.
> 
> No, it looks correct.
> 
> > I don't saw any other exit function and I do a similar cleanup like ipv4/ipv6
> > and they don't have a module_exit function which is called for the
> > inet_fragment code. 
> 
> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c has one (calls
> nf_ct_frag6_cleanup).
> 
ah, ok.

> I am currently testing this fix:
> 
> diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
> index 322dceb..3b01959 100644
> --- a/net/ipv4/inet_fragment.c
> +++ b/net/ipv4/inet_fragment.c
> @@ -208,7 +208,7 @@ int inet_frag_evictor(struct netns_frags *nf, struct
> 		inet_frags *f, bool force)
>         }
>  
>         work = frag_mem_limit(nf) - nf->low_thresh;
> -       while (work > 0) {
> +       while (work > 0 || force) {
> 
> 

I looked at this and try my little testscript and I don't get the kernel
oops also. What's the next step?

- Alex
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ