| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Apr 2020 09:40:05 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Nicolas Dichtel <nicolas.dichtel@...nd.com>
CC: <davem@...emloft.net>, <netdev@...r.kernel.org>,
Christophe Gouault <christophe.gouault@...nd.com>
Subject: Re: [PATCH ipsec] xfrm interface: fix oops when deleting a x-netns
interface
On Thu, Apr 23, 2020 at 12:06:45AM +0200, Nicolas Dichtel wrote:
> Here is the steps to reproduce the problem:
> ip netns add foo
> ip netns add bar
> ip -n foo link add xfrmi0 type xfrm dev lo if_id 42
> ip -n foo link set xfrmi0 netns bar
> ip netns del foo
> ip netns del bar
>
> Which results to:
> [ 186.686395] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bd3: 0000 [#1] SMP PTI
> [ 186.687665] CPU: 7 PID: 232 Comm: kworker/u16:2 Not tainted 5.6.0+ #1
> [ 186.688430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
> [ 186.689420] Workqueue: netns cleanup_net
> [ 186.689903] RIP: 0010:xfrmi_dev_uninit+0x1b/0x4b [xfrm_interface]
> [ 186.690657] Code: 44 f6 ff ff 31 c0 5b 5d 41 5c 41 5d 41 5e c3 48 8d 8f c0 08 00 00 8b 05 ce 14 00 00 48 8b 97 d0 08 00 00 48 8b 92 c0 0e 00 00 <48> 8b 14 c2 48 8b 02 48 85 c0 74 19 48 39 c1 75 0c 48 8b 87 c0 08
> [ 186.692838] RSP: 0018:ffffc900003b7d68 EFLAGS: 00010286
> [ 186.693435] RAX: 000000000000000d RBX: ffff8881b0f31000 RCX: ffff8881b0f318c0
> [ 186.694334] RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000000246 RDI: ffff8881b0f31000
> [ 186.695190] RBP: ffffc900003b7df0 R08: ffff888236c07740 R09: 0000000000000040
> [ 186.696024] R10: ffffffff81fce1b8 R11: 0000000000000002 R12: ffffc900003b7d80
> [ 186.696859] R13: ffff8881edcc6a40 R14: ffff8881a1b6e780 R15: ffffffff81ed47c8
> [ 186.697738] FS: 0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
> [ 186.698705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 186.699408] CR2: 00007f2129e93148 CR3: 0000000001e0a000 CR4: 00000000000006e0
> [ 186.700221] Call Trace:
> [ 186.700508] rollback_registered_many+0x32b/0x3fd
> [ 186.701058] ? __rtnl_unlock+0x20/0x3d
> [ 186.701494] ? arch_local_irq_save+0x11/0x17
> [ 186.702012] unregister_netdevice_many+0x12/0x55
> [ 186.702594] default_device_exit_batch+0x12b/0x150
> [ 186.703160] ? prepare_to_wait_exclusive+0x60/0x60
> [ 186.703719] cleanup_net+0x17d/0x234
> [ 186.704138] process_one_work+0x196/0x2e8
> [ 186.704652] worker_thread+0x1a4/0x249
> [ 186.705087] ? cancel_delayed_work+0x92/0x92
> [ 186.705620] kthread+0x105/0x10f
> [ 186.706000] ? __kthread_bind_mask+0x57/0x57
> [ 186.706501] ret_from_fork+0x35/0x40
> [ 186.706978] Modules linked in: xfrm_interface nfsv3 nfs_acl auth_rpcgss nfsv4 nfs lockd grace fscache sunrpc button parport_pc parport serio_raw evdev pcspkr loop ext4 crc16 mbcache jbd2 crc32c_generic 8139too ide_cd_mod cdrom ide_gd_mod ata_generic ata_piix libata scsi_mod piix psmouse i2c_piix4 ide_core 8139cp i2c_core mii floppy
> [ 186.710423] ---[ end trace 463bba18105537e5 ]---
>
> The problem is that x-netns xfrm interface are not removed when the link
> netns is removed. This causes later this oops when thoses interfaces are
> removed.
>
> Let's add a handler to remove all interfaces related to a netns when this
> netns is removed.
>
> Fixes: f203b76d7809 ("xfrm: Add virtual xfrm interfaces")
> Reported-by: Christophe Gouault <christophe.gouault@...nd.com>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@...nd.com>
Applied, thanks Nicolas!
Powered by blists - more mailing lists