* [PATCH 0/2] Netfilter fixes for net
@ 2020-04-21 10:37 Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 1/2] netfilter: flowtable: Free block_cb when being deleted Pablo Neira Ayuso
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-04-21 10:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
Hi,
The following patchset contains Netfilter fixes for net:
1) flow_block_cb memleak in nf_flow_table_offload_del_cb(), from Roi Dayan.
2) Fix error path handling in nf_nat_inet_register_fn(), from Hillf Danton.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you.
----------------------------------------------------------------
The following changes since commit 82f35276c64ff720de11fba31fd6369b45647a2e:
Merge tag 'wireless-drivers-2020-04-14' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers (2020-04-14 13:07:19 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to b4faef1739dd1f3b3981b8bf173a2266ea86b1eb:
netfilter: nat: fix error handling upon registering inet hook (2020-04-19 14:59:31 +0200)
----------------------------------------------------------------
Hillf Danton (1):
netfilter: nat: fix error handling upon registering inet hook
Roi Dayan (1):
netfilter: flowtable: Free block_cb when being deleted
net/netfilter/nf_flow_table_core.c | 6 ++++--
net/netfilter/nf_nat_proto.c | 4 ++--
2 files changed, 6 insertions(+), 4 deletions(-)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] netfilter: flowtable: Free block_cb when being deleted
2020-04-21 10:37 [PATCH 0/2] Netfilter fixes for net Pablo Neira Ayuso
@ 2020-04-21 10:37 ` Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 2/2] netfilter: nat: fix error handling upon registering inet hook Pablo Neira Ayuso
2020-04-21 18:50 ` [PATCH 0/2] Netfilter fixes for net David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-04-21 10:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Roi Dayan <roid@mellanox.com>
Free block_cb memory when asked to be deleted.
Fixes: 978703f42549 ("netfilter: flowtable: Add API for registering to flow table events")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Oz Shlomo <ozsh@mellanox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_flow_table_core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index c0cb79495c35..4344e572b7f9 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -421,10 +421,12 @@ void nf_flow_table_offload_del_cb(struct nf_flowtable *flow_table,
down_write(&flow_table->flow_block_lock);
block_cb = flow_block_cb_lookup(block, cb, cb_priv);
- if (block_cb)
+ if (block_cb) {
list_del(&block_cb->list);
- else
+ flow_block_cb_free(block_cb);
+ } else {
WARN_ON(true);
+ }
up_write(&flow_table->flow_block_lock);
}
EXPORT_SYMBOL_GPL(nf_flow_table_offload_del_cb);
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] netfilter: nat: fix error handling upon registering inet hook
2020-04-21 10:37 [PATCH 0/2] Netfilter fixes for net Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 1/2] netfilter: flowtable: Free block_cb when being deleted Pablo Neira Ayuso
@ 2020-04-21 10:37 ` Pablo Neira Ayuso
2020-04-21 18:50 ` [PATCH 0/2] Netfilter fixes for net David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2020-04-21 10:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
From: Hillf Danton <hdanton@sina.com>
A case of warning was reported by syzbot.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 19934 at net/netfilter/nf_nat_core.c:1106
nf_nat_unregister_fn+0x532/0x5c0 net/netfilter/nf_nat_core.c:1106
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 19934 Comm: syz-executor.5 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x35 kernel/panic.c:582
report_bug+0x27b/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:175 [inline]
fixup_bug arch/x86/kernel/traps.c:170 [inline]
do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:nf_nat_unregister_fn+0x532/0x5c0 net/netfilter/nf_nat_core.c:1106
Code: ff df 48 c1 ea 03 80 3c 02 00 75 75 48 8b 44 24 10 4c 89 ef 48 c7 00 00 00 00 00 e8 e8 f8 53 fb e9 4d fe ff ff e8 ee 9c 16 fb <0f> 0b e9 41 fe ff ff e8 e2 45 54 fb e9 b5 fd ff ff 48 8b 7c 24 20
RSP: 0018:ffffc90005487208 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000004 RCX: ffffc9001444a000
RDX: 0000000000040000 RSI: ffffffff865c94a2 RDI: 0000000000000005
RBP: ffff88808b5cf000 R08: ffff8880a2620140 R09: fffffbfff14bcd79
R10: ffffc90005487208 R11: fffffbfff14bcd78 R12: 0000000000000000
R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
nf_nat_ipv6_unregister_fn net/netfilter/nf_nat_proto.c:1017 [inline]
nf_nat_inet_register_fn net/netfilter/nf_nat_proto.c:1038 [inline]
nf_nat_inet_register_fn+0xfc/0x140 net/netfilter/nf_nat_proto.c:1023
nf_tables_register_hook net/netfilter/nf_tables_api.c:224 [inline]
nf_tables_addchain.constprop.0+0x82e/0x13c0 net/netfilter/nf_tables_api.c:1981
nf_tables_newchain+0xf68/0x16a0 net/netfilter/nf_tables_api.c:2235
nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
___sys_sendmsg+0x100/0x170 net/socket.c:2416
__sys_sendmsg+0xec/0x1b0 net/socket.c:2449
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
and to quiesce it, unregister NFPROTO_IPV6 hook instead of NFPROTO_INET
in case of failing to register NFPROTO_IPV4 hook.
Reported-by: syzbot <syzbot+33e06702fd6cffc24c40@syzkaller.appspotmail.com>
Fixes: d164385ec572 ("netfilter: nat: add inet family nat support")
Cc: Florian Westphal <fw@strlen.de>
Cc: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_nat_proto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c
index 64eedc17037a..3d816a1e5442 100644
--- a/net/netfilter/nf_nat_proto.c
+++ b/net/netfilter/nf_nat_proto.c
@@ -1035,8 +1035,8 @@ int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops)
ret = nf_nat_register_fn(net, NFPROTO_IPV4, ops, nf_nat_ipv4_ops,
ARRAY_SIZE(nf_nat_ipv4_ops));
if (ret)
- nf_nat_ipv6_unregister_fn(net, ops);
-
+ nf_nat_unregister_fn(net, NFPROTO_IPV6, ops,
+ ARRAY_SIZE(nf_nat_ipv6_ops));
return ret;
}
EXPORT_SYMBOL_GPL(nf_nat_inet_register_fn);
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] Netfilter fixes for net
2020-04-21 10:37 [PATCH 0/2] Netfilter fixes for net Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 1/2] netfilter: flowtable: Free block_cb when being deleted Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 2/2] netfilter: nat: fix error handling upon registering inet hook Pablo Neira Ayuso
@ 2020-04-21 18:50 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2020-04-21 18:50 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, netdev
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 21 Apr 2020 12:37:57 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) flow_block_cb memleak in nf_flow_table_offload_del_cb(), from Roi Dayan.
>
> 2) Fix error path handling in nf_nat_inet_register_fn(), from Hillf Danton.
>
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thanks Pablo.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-21 18:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-21 10:37 [PATCH 0/2] Netfilter fixes for net Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 1/2] netfilter: flowtable: Free block_cb when being deleted Pablo Neira Ayuso
2020-04-21 10:37 ` [PATCH 2/2] netfilter: nat: fix error handling upon registering inet hook Pablo Neira Ayuso
2020-04-21 18:50 ` [PATCH 0/2] Netfilter fixes for net David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).