| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160507091845.GA6911@breakpoint.cc> Date: Sat, 7 May 2016 11:18:45 +0200 From: Florian Westphal <fw@...len.de> To: Joe Stringer <joe@....org> Cc: Pablo Neira Ayuso <pablo@...filter.org>, netdev <netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org, Florian Westphal <fw@...len.de> Subject: Re: [PATCH net] netfilter: nf_conntrack: Use net_mutex for helper unregistration. Joe Stringer <joe@....org> wrote: > > If so, probably I can append this as comment to this function so we > > don't forget. If we ever have .exit callbacks (I don't expect so), we > > would need to wait for worker completion. > > Sounds reasonable to me. > > I see there's a bunch of other unregister locations like > nf_nat_l3proto_clean(), nf_nat_l4proto_clean(), nf_unregister_hook() > which might need similar treatment? I think they are fine, hook entries are duplicated per netns so we should not access data in a removed module. However, we might be able to trigger the WARN(1, "nf_unregister_net_hook: hook not found!\n"); part in nf_unregister_net_hook(): [ destroy netns -> destruction queued -> rmmod -> all hooks are destroyed -> netns workq runs -> nf_unregister_net_hook gets called -> hook already gone ] For nf_nat_l3|4proto_clean I don't see a problem either, if netns is gone all these conntracks will be zapped once the workqueue runs, even if the iteration in those function did not see the netns anymore. Cheers, Florian
Powered by blists - more mailing lists