]> git.kernelconcepts.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 13c3ed6) | patch
netfilter: nfnetlink_{log,queue}: Register pernet in first place
authorFrancesco Ruggeri <fruggeri@aristanetworks.com>
Sun, 17 May 2015 21:30:31 +0000 (14:30 -0700)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 20 May 2015 11:46:48 +0000 (13:46 +0200)
commit3bfe049807c240344b407e3cfb74544927359817
tree22abdea7b3d64fbf55a028afc0066ddc9ca40235tree | snapshot
parent13c3ed6a92724d8c8cb148a14b0ae190ddfe7413commit | diff
netfilter: nfnetlink_{log,queue}: Register pernet in first place

nfnetlink_{log,queue}_init() register the netlink callback nf*_rcv_nl_event
before registering the pernet_subsys, but the callback relies on data
structures allocated by pernet init functions.

When nfnetlink_{log,queue} is loaded, if a netlink message is received after
the netlink callback is registered but before the pernet_subsys is registered,
the kernel will panic in the sequence

nfulnl_rcv_nl_event
  nfnl_log_pernet
    net_generic
      BUG_ON(id == 0)  where id is nfnl_log_net_id.

The panic can be easily reproduced in 4.0.3 by:

while true ;do modprobe nfnetlink_log ; rmmod nfnetlink_log ; done &
while true ;do ip netns add dummy ; ip netns del dummy ; done &

This patch moves register_pernet_subsys to earlier in nfnetlink_log_init.

Notice that the BUG_ON hit in 4.0.3 was recently removed in 2591ffd308
["netns: remove BUG_ONs from net_generic()"].

Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nfnetlink_log.c diff | blob | history
net/netfilter/nfnetlink_queue_core.c diff | blob | history
Linux kernel for KaRo TX COM modules