| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211207005142.1688204-1-eric.dumazet@gmail.com>
Date: Mon, 6 Dec 2021 16:51:25 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>
Cc: netdev <netdev@...r.kernel.org>,
Eric Dumazet <edumazet@...gle.com>,
Eric Dumazet <eric.dumazet@...il.com>
Subject: [PATCH net-next 00/17] net: netns refcount tracking series
From: Eric Dumazet <edumazet@...gle.com>
We have 100+ syzbot reports about netns being dismantled too soon,
still unresolved as of today.
We think a missing get_net() or an extra put_net() is the root cause.
In order to find the bug(s), and be able to spot future ones,
this patch adds CONFIG_NET_NS_REFCNT_TRACKER and new helpers
to precisely pair all put_net() with corresponding get_net().
To use these helpers, each data structure owning a refcount
should also use a "netns_tracker" to pair the get() and put().
Small sections of codes where the get()/put() are in sight
do not need to have a tracker, because they are short lived,
but in theory it is also possible to declare an on-stack tracker.
Eric Dumazet (17):
net: add networking namespace refcount tracker
net: add netns refcount tracker to struct sock
net: add netns refcount tracker to struct seq_net_private
net: sched: add netns refcount tracker to struct tcf_exts
netfilter: nfnetlink: add netns refcount tracker to struct
nfulnl_instance
l2tp: add netns refcount tracker to l2tp_dfs_seq_data
ppp: add netns refcount tracker
netfilter: nf_nat_masquerade: add netns refcount tracker to
masq_dev_work
SUNRPC: add netns refcount tracker to struct svc_xprt
SUNRPC: add netns refcount tracker to struct gss_auth
SUNRPC: add netns refcount tracker to struct rpc_xprt
net: initialize init_net earlier
net: add netns refcount tracker to struct nsproxy
vfs: add netns refcount tracker to struct fs_context
audit: add netns refcount tracker to struct audit_net
audit: add netns refcount tracker to struct audit_reply
audit: add netns refcount tracker to struct audit_netlink_list
drivers/net/ppp/ppp_generic.c | 5 ++--
fs/afs/mntpt.c | 5 ++--
fs/fs_context.c | 7 +++---
fs/nfs/fs_context.c | 5 ++--
fs/nfs/namespace.c | 5 ++--
fs/proc/proc_net.c | 19 ++++++++++++---
include/linux/fs_context.h | 2 ++
include/linux/netdevice.h | 9 +------
include/linux/nsproxy.h | 2 ++
include/linux/seq_file_net.h | 3 ++-
include/linux/sunrpc/svc_xprt.h | 1 +
include/linux/sunrpc/xprt.h | 1 +
include/net/net_namespace.h | 40 +++++++++++++++++++++++++++++++
include/net/net_trackers.h | 18 ++++++++++++++
include/net/pkt_cls.h | 8 +++++--
include/net/sock.h | 2 ++
init/main.c | 2 ++
kernel/audit.c | 14 +++++++----
kernel/audit.h | 2 ++
kernel/auditfilter.c | 3 ++-
kernel/nsproxy.c | 5 ++--
net/Kconfig.debug | 9 +++++++
net/core/dev.c | 3 +--
net/core/net_namespace.c | 24 ++++++++-----------
net/core/sock.c | 6 ++---
net/l2tp/l2tp_debugfs.c | 9 +++----
net/netfilter/nf_nat_masquerade.c | 4 +++-
net/netfilter/nfnetlink_log.c | 5 ++--
net/sunrpc/auth_gss/auth_gss.c | 10 ++++----
net/sunrpc/svc_xprt.c | 4 ++--
net/sunrpc/xprt.c | 4 ++--
31 files changed, 169 insertions(+), 67 deletions(-)
create mode 100644 include/net/net_trackers.h
--
2.34.1.400.ga245620fadb-goog
Powered by blists - more mailing lists