* [PATCH nf] netfilter: nft_chain_nat: inet family is missing module ownership
@ 2020-03-06 16:37 Pablo Neira Ayuso
2020-03-06 16:58 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-03-06 16:37 UTC (permalink / raw)
To: netfilter-devel; +Cc: fw
Set owner to THIS_MODULE, otherwise the nft_chain_nat module might be
removed while there are still inet/nat chains in place.
[ 117.942096] BUG: unable to handle page fault for address: ffffffffa0d5e040
[ 117.942101] #PF: supervisor read access in kernel mode
[ 117.942103] #PF: error_code(0x0000) - not-present page
[ 117.942106] PGD 200c067 P4D 200c067 PUD 200d063 PMD 3dc909067 PTE 0
[ 117.942113] Oops: 0000 [#1] PREEMPT SMP PTI
[ 117.942118] CPU: 3 PID: 27 Comm: kworker/3:0 Not tainted 5.6.0-rc3+ #348
[ 117.942133] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
[ 117.942145] RIP: 0010:nf_tables_chain_destroy.isra.0+0x94/0x15a [nf_tables]
[ 117.942149] Code: f6 45 54 01 0f 84 d1 00 00 00 80 3b 05 74 44 48 8b 75 e8 48 c7 c7 72 be de a0 e8 56 e6 2d e0 48 8b 45 e8 48 c7 c7 7f be de a0 <48> 8b 30 e8 43 e6 2d e0 48 8b 45 e8 48 8b 40 10 48 85 c0 74 5b 8b
[ 117.942152] RSP: 0018:ffffc9000015be10 EFLAGS: 00010292
[ 117.942155] RAX: ffffffffa0d5e040 RBX: ffff88840be87fc2 RCX: 0000000000000007
[ 117.942158] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffffffa0debe7f
[ 117.942160] RBP: ffff888403b54b50 R08: 0000000000001482 R09: 0000000000000004
[ 117.942162] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8883eda7e540
[ 117.942164] R13: dead000000000122 R14: dead000000000100 R15: ffff888403b3db80
[ 117.942167] FS: 0000000000000000(0000) GS:ffff88840e4c0000(0000) knlGS:0000000000000000
[ 117.942169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 117.942172] CR2: ffffffffa0d5e040 CR3: 00000003e4c52002 CR4: 00000000001606e0
[ 117.942174] Call Trace:
[ 117.942188] nf_tables_trans_destroy_work.cold+0xd/0x12 [nf_tables]
[ 117.942196] process_one_work+0x1d6/0x3b0
[ 117.942200] worker_thread+0x45/0x3c0
[ 117.942203] ? process_one_work+0x3b0/0x3b0
[ 117.942210] kthread+0x112/0x130
[ 117.942214] ? kthread_create_worker_on_cpu+0x40/0x40
[ 117.942221] ret_from_fork+0x35/0x40
nf_tables_chain_destroy() crashes on module_put().
Fixes: d164385ec572 ("netfilter: nat: add inet family nat support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_chain_nat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nft_chain_nat.c b/net/netfilter/nft_chain_nat.c
index ff9ac8ae0031..eac4a901233f 100644
--- a/net/netfilter/nft_chain_nat.c
+++ b/net/netfilter/nft_chain_nat.c
@@ -89,6 +89,7 @@ static const struct nft_chain_type nft_chain_nat_inet = {
.name = "nat",
.type = NFT_CHAIN_T_NAT,
.family = NFPROTO_INET,
+ .owner = THIS_MODULE,
.hook_mask = (1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_IN) |
(1 << NF_INET_LOCAL_OUT) |
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf] netfilter: nft_chain_nat: inet family is missing module ownership
2020-03-06 16:37 [PATCH nf] netfilter: nft_chain_nat: inet family is missing module ownership Pablo Neira Ayuso
@ 2020-03-06 16:58 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2020-03-06 16:58 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, fw
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Set owner to THIS_MODULE, otherwise the nft_chain_nat module might be
> removed while there are still inet/nat chains in place.
>
> [ 117.942096] BUG: unable to handle page fault for address: ffffffffa0d5e040
> [ 117.942101] #PF: supervisor read access in kernel mode
> [ 117.942103] #PF: error_code(0x0000) - not-present page
> [ 117.942106] PGD 200c067 P4D 200c067 PUD 200d063 PMD 3dc909067 PTE 0
> [ 117.942113] Oops: 0000 [#1] PREEMPT SMP PTI
> [ 117.942118] CPU: 3 PID: 27 Comm: kworker/3:0 Not tainted 5.6.0-rc3+ #348
> [ 117.942133] Workqueue: events nf_tables_trans_destroy_work [nf_tables]
> [ 117.942145] RIP: 0010:nf_tables_chain_destroy.isra.0+0x94/0x15a [nf_tables]
> [ 117.942149] Code: f6 45 54 01 0f 84 d1 00 00 00 80 3b 05 74 44 48 8b 75 e8 48 c7 c7 72 be de a0 e8 56 e6 2d e0 48 8b 45 e8 48 c7 c7 7f be de a0 <48> 8b 30 e8 43 e6 2d e0 48 8b 45 e8 48 8b 40 10 48 85 c0 74 5b 8b
> [ 117.942152] RSP: 0018:ffffc9000015be10 EFLAGS: 00010292
> [ 117.942155] RAX: ffffffffa0d5e040 RBX: ffff88840be87fc2 RCX: 0000000000000007
> [ 117.942158] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffffffa0debe7f
> [ 117.942160] RBP: ffff888403b54b50 R08: 0000000000001482 R09: 0000000000000004
> [ 117.942162] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8883eda7e540
> [ 117.942164] R13: dead000000000122 R14: dead000000000100 R15: ffff888403b3db80
> [ 117.942167] FS: 0000000000000000(0000) GS:ffff88840e4c0000(0000) knlGS:0000000000000000
> [ 117.942169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 117.942172] CR2: ffffffffa0d5e040 CR3: 00000003e4c52002 CR4: 00000000001606e0
> [ 117.942174] Call Trace:
> [ 117.942188] nf_tables_trans_destroy_work.cold+0xd/0x12 [nf_tables]
> [ 117.942196] process_one_work+0x1d6/0x3b0
> [ 117.942200] worker_thread+0x45/0x3c0
> [ 117.942203] ? process_one_work+0x3b0/0x3b0
> [ 117.942210] kthread+0x112/0x130
> [ 117.942214] ? kthread_create_worker_on_cpu+0x40/0x40
> [ 117.942221] ret_from_fork+0x35/0x40
>
> nf_tables_chain_destroy() crashes on module_put().
Argh :-/
Thanks for fixing this.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-06 16:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-06 16:37 [PATCH nf] netfilter: nft_chain_nat: inet family is missing module ownership Pablo Neira Ayuso
2020-03-06 16:58 ` Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).