iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Eric W. Biederman 8405a8fff3 netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook 
Add code to nf_unregister_hook to flush the nf_queue when a hook is
unregistered.  This guarantees that the pointer that the nf_queue code
retains into the nf_hook list will remain valid while a packet is
queued.

I tested what would happen if we do not flush queued packets and was
trivially able to obtain the oops below.  All that was required was
to stop the nf_queue listening process, to delete all of the nf_tables,
and to awaken the nf_queue listening process.

> BUG: unable to handle kernel paging request at 0000000100000001
> IP: [<0000000100000001>] 0x100000001
> PGD b9c35067 PUD 0
> Oops: 0010 [#1] SMP
> Modules linked in:
> CPU: 0 PID: 519 Comm: lt-nfqnl_test Not tainted
> task: ffff8800b9c8c050 ti: ffff8800ba9d8000 task.ti: ffff8800ba9d8000
> RIP: 0010:[<0000000100000001>]  [<0000000100000001>] 0x100000001
> RSP: 0018:ffff8800ba9dba40  EFLAGS: 00010a16
> RAX: ffff8800bab48a00 RBX: ffff8800ba9dba90 RCX: ffff8800ba9dba90
> RDX: ffff8800b9c10128 RSI: ffff8800ba940900 RDI: ffff8800bab48a00
> RBP: ffff8800b9c10128 R08: ffffffff82976660 R09: ffff8800ba9dbb28
> R10: dead000000100100 R11: dead000000200200 R12: ffff8800ba940900
> R13: ffffffff8313fd50 R14: ffff8800b9c95200 R15: 0000000000000000
> FS:  00007fb91fc34700(0000) GS:ffff8800bfa00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000100000001 CR3: 00000000babfb000 CR4: 00000000000007f0
> Stack:
>  ffffffff8206ab0f ffffffff82982240 ffff8800bab48a00 ffff8800b9c100a8
>  ffff8800b9c10100 0000000000000001 ffff8800ba940900 ffff8800b9c10128
>  ffffffff8206bd65 ffff8800bfb0d5e0 ffff8800bab48a00 0000000000014dc0
> Call Trace:
>  [<ffffffff8206ab0f>] ? nf_iterate+0x4f/0xa0
>  [<ffffffff8206bd65>] ? nf_reinject+0x125/0x190
>  [<ffffffff8206dee5>] ? nfqnl_recv_verdict+0x255/0x360
>  [<ffffffff81386290>] ? nla_parse+0x80/0xf0
>  [<ffffffff8206c42c>] ? nfnetlink_rcv_msg+0x13c/0x240
>  [<ffffffff811b2fec>] ? __memcg_kmem_get_cache+0x4c/0x150
>  [<ffffffff8206c2f0>] ? nfnl_lock+0x20/0x20
>  [<ffffffff82068159>] ? netlink_rcv_skb+0xa9/0xc0
>  [<ffffffff820677bf>] ? netlink_unicast+0x12f/0x1c0
>  [<ffffffff82067ade>] ? netlink_sendmsg+0x28e/0x650
>  [<ffffffff81fdd814>] ? sock_sendmsg+0x44/0x50
>  [<ffffffff81fde07b>] ? ___sys_sendmsg+0x2ab/0x2c0
>  [<ffffffff810e8f73>] ? __wake_up+0x43/0x70
>  [<ffffffff8141a134>] ? tty_write+0x1c4/0x2a0
>  [<ffffffff81fde9f4>] ? __sys_sendmsg+0x44/0x80
>  [<ffffffff823ff8d7>] ? system_call_fastpath+0x12/0x6a
> Code:  Bad RIP value.
> RIP  [<0000000100000001>] 0x100000001
>  RSP <ffff8800ba9dba40>
> CR2: 0000000100000001
> ---[ end trace 08eb65d42362793f ]---

Cc: stable@vger.kernel.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-06-23 06:23:23 -07:00
..
ipset
netfilter: ipset: Fix coding styles reported by checkpatch.pl
2015-06-14 10:40:18 +02:00
ipvs
ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags
2015-05-25 13:25:34 -04:00
core.c
netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook
2015-06-23 06:23:23 -07:00
Kconfig
netfilter: Kconfig: get rid of parens around depends on
2015-06-15 17:26:37 +02:00
Makefile
netfilter: nf_tables: add netdev table to filter from ingress
2015-05-26 18:41:23 +02:00
nf_conntrack_acct.c
netfilter: Remove uses of seq_<foo> return values
2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
nf_conntrack_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2015-01-15 01:50:25 -05:00
nf_conntrack_ecache.c
netfilter: conntrack: remove timer from ecache extension
2014-06-25 19:15:38 +02:00
nf_conntrack_expect.c
netfilter: Remove uses of seq_<foo> return values
2015-03-18 10:51:35 +01:00
nf_conntrack_extend.c
nf_conntrack_ftp.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST
2015-05-25 13:25:33 -04:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: fix spelling errors
2014-10-30 17:35:30 +01:00
nf_conntrack_irc.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_generic.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c
netfilter: connlabels: remove unneeded includes
2013-07-31 16:39:18 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
netfilter: conntrack: Flush connections with a given mark
2015-01-08 12:14:20 +01:00
nf_conntrack_pptp.c
netfilter: nf_conntrack: flush net_gre->keymap_list only from gre helper
2014-04-08 10:56:12 +02:00
nf_conntrack_proto_dccp.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_proto_generic.c
netfilter: conntrack: warn the user if there is a better helper to use
2015-06-12 14:06:24 +02:00
nf_conntrack_proto_gre.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_proto_sctp.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_proto_tcp.c
conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition
2015-05-15 20:50:56 +02:00
nf_conntrack_proto_udp.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_proto_udplite.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_proto.c
netfilter: nf_conntrack: remove dead code
2014-01-03 23:41:37 +01:00
nf_conntrack_sane.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_conntrack_seqadj.c
netfilter: nf_ct_seqadj: print ack seq in the right host byte order
2015-01-05 13:52:20 +01:00
nf_conntrack_sip.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_conntrack_snmp.c
netfilter: nf_ct_snmp: add include file
2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c
netfilter: Remove checks of seq_printf() return values
2014-11-05 14:11:02 -05:00
nf_conntrack_tftp.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_conntrack_timeout.c
netfilter: nf_ct_timeout: move initialization out of pernet_operations
2013-01-23 12:56:02 +01:00
nf_conntrack_timestamp.c
netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion
2013-12-20 14:58:29 +01:00
nf_internals.h
netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook
2015-06-23 06:23:23 -07:00
nf_log_common.c
netfilter: bridge: add helpers for fetching physin/outdev
2015-04-08 16:49:08 +02:00
nf_log.c
netfilter: restore rule tracing via nfnetlink_log
2015-03-19 11:14:48 +01:00
nf_nat_amanda.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_nat_core.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
nf_nat_ftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_nat_helper.c
netfilter: nf_conntrack: make sequence number adjustments usuable without NAT
2013-08-28 00:26:48 +02:00
nf_nat_irc.c
netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
2014-01-06 14:17:17 +01:00
nf_nat_proto_common.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_dccp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_sctp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_udp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_udplite.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_unknown.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_redirect.c
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
2014-11-27 13:08:42 +01:00
nf_nat_sip.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_queue.c
netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook
2015-06-23 06:23:23 -07:00
nf_sockopt.c
netfilter: don't use mutex_lock_interruptible()
2014-08-08 16:47:23 +02:00
nf_synproxy_core.c
netfilter: use forward declaration instead of including linux/proc_fs.h
2015-06-18 21:14:30 +02:00
nf_tables_api.c
netfilter: nf_tables_netdev: unregister hooks on net_device removal
2015-06-15 23:02:35 +02:00
nf_tables_core.c
netfilter: nftables: Do not run chains in the wrong network namespace
2015-06-23 06:23:22 -07:00
nf_tables_inet.c
netfilter: nf_tables: fix error path in the init functions
2014-01-09 23:25:48 +01:00
nf_tables_netdev.c
netfilter: nf_tables_netdev: unregister hooks on net_device removal
2015-06-15 23:02:35 +02:00
nfnetlink_acct.c
netfilter: nfnetlink_acct: add filter support to nfacct counter list/reset
2014-08-26 21:36:19 +02:00
nfnetlink_cthelper.c
netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()
2015-03-12 13:07:36 +01:00
nfnetlink_cttimeout.c
netfilter: cttimeout: allow to set/get default protocol timeouts
2013-10-01 13:17:39 +02:00
nfnetlink_log.c
netfilter: Kill unused copies of RCV_SKB_FAIL
2015-06-18 21:14:27 +02:00
nfnetlink_queue_core.c
netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook
2015-06-23 06:23:23 -07:00
nfnetlink_queue_ct.c
netfilter: nf_conntrack: make sequence number adjustments usuable without NAT
2013-08-28 00:26:48 +02:00
nfnetlink.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2015-01-15 01:50:25 -05:00
nft_bitwise.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_byteorder.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_cmp.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_compat.c
netfilter: x_tables: add context to know if extension runs from nft_compat
2015-05-15 20:14:07 +02:00
nft_counter.c
netfilter: nf_tables: mark stateful expressions
2015-04-13 20:12:31 +02:00
nft_ct.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_dynset.c
netfilter: nft_dynset: dynamic stateful expression instantiation
2015-04-13 20:19:55 +02:00
nft_exthdr.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_hash.c
netfilter: nf_tables: variable sized set element keys / data
2015-04-13 17:17:31 +02:00
nft_immediate.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_limit.c
netfilter: nf_tables: mark stateful expressions
2015-04-13 20:12:31 +02:00
nft_log.c
netfilter: nf_tables: get rid of NFT_REG_VERDICT usage
2015-04-13 17:17:07 +02:00
nft_lookup.c
netfilter: nf_tables: add flag to indicate set contains expressions
2015-04-13 20:12:32 +02:00
nft_masq.c
netfilter: nf_tables: validate hooks in NAT expressions
2015-01-19 14:52:39 +01:00
nft_meta.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_nat.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_payload.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_queue.c
netfilter: nf_tables: get rid of NFT_REG_VERDICT usage
2015-04-13 17:17:07 +02:00
nft_rbtree.c
netfilter: nf_tables: variable sized set element keys / data
2015-04-13 17:17:31 +02:00
nft_redir.c
netfilter: nf_tables: add register parsing/dumping helpers
2015-04-13 17:17:28 +02:00
nft_reject_inet.c
netfilter; Add some missing default cases to switch statements in nft_reject.
2015-04-27 13:20:34 -04:00
nft_reject.c
netfilter; Add some missing default cases to switch statements in nft_reject.
2015-04-27 13:20:34 -04:00
x_tables.c
netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference.
2015-06-15 20:19:20 +02:00
xt_addrtype.c
ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST
2015-05-25 13:25:33 -04:00
xt_AUDIT.c
netfilter: Convert uses of __constant_<foo> to <foo>
2014-03-13 14:13:19 +01:00
xt_bpf.c
net: filter: split 'struct sk_filter' into socket and bpf parts
2014-08-02 15:03:58 -07:00
xt_cgroup.c
netfilter: x_tables: fix cgroup matching on non-full sks
2015-04-01 11:26:42 +02:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_comment.c
xt_connbytes.c
netfilter: Convert pr_warning to pr_warn
2014-09-10 12:40:10 -07:00
xt_connlabel.c
netfilter: add connlabel conntrack extension
2013-01-18 00:28:15 +01:00
xt_connlimit.c
netfilter: xt_connlimit: honor conntrack zone if available
2014-11-17 12:44:20 +01:00
xt_connmark.c
netfilter: Fix FSF address in file headers
2013-12-06 12:37:57 -05:00
xt_CONNSECMARK.c
xt_conntrack.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_cpu.c
xt_CT.c
netfilter: nf_conntrack: don't release a conntrack with non-zero refcnt
2014-02-05 17:46:06 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
netfilter: fix various sparse warnings
2014-11-13 12:14:42 +01:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c
netfilter: Remove checks of seq_printf() return values
2014-11-05 14:11:02 -05:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c
xt_ipcomp.c
netfilter: xt_ipcomp: Use ntohs to ease sparse warning
2014-02-19 11:41:25 +01:00
xt_iprange.c
xt_ipvs.c
ipvs: API change to avoid rescan of IPv6 exthdr
2012-09-28 11:34:33 +09:00
xt_l2tp.c
netfilter: introduce l2tp match extension
2014-01-09 21:36:39 +01:00
xt_LED.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-08-05 18:46:26 -07:00
xt_length.c
xt_limit.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_LOG.c
netfilter: xt_LOG: add missing string format in nf_log_packet()
2014-06-28 18:50:35 +02:00
xt_mac.c
xt_mark.c
netfilter: xt_MARK: Add ARP support
2015-05-14 13:00:27 +02:00
xt_multiport.c
xt_nat.c
netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets
2012-10-15 13:39:12 +02:00
xt_NETMAP.c
netfilter: combine ipt_NETMAP and ip6t_NETMAP
2012-09-21 12:11:08 +02:00
xt_nfacct.c
netfilter: nfnetlink_acct: Adding quota support to accounting framework
2014-04-29 18:25:14 +02:00
xt_NFLOG.c
netfilter: log: netns NULL ptr bug when calling from conntrack
2013-05-15 14:11:07 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: separate reusable code
2013-12-07 23:20:45 +01:00
xt_osf.c
netfilter: xt_osf: Use continue to reduce indentation
2014-12-23 14:20:10 +01:00
xt_owner.c
userns: xt_owner: Add basic user namespace support.
2012-08-14 21:55:30 -07:00
xt_physdev.c
netfilter: physdev: use helpers
2015-04-08 16:49:09 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
xt_RATEEST.c
net: sched: make bstats per cpu and estimator RCU safe
2014-09-30 01:02:26 -04:00
xt_realm.c
xt_recent.c
netfilter: xt_recent: don't reject rule if new hitcount exceeds table max
2015-02-16 17:00:47 +01:00
xt_REDIRECT.c
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
2014-11-27 13:08:42 +01:00
xt_repldata.h
net: netfilter: LLVMLinux: vlais-netfilter
2014-06-07 11:44:39 -07:00
xt_sctp.c
xt_SECMARK.c
xt_set.c
netfilter: ipset: Fix coding styles reported by checkpatch.pl
2015-06-14 10:40:18 +02:00
xt_socket.c
netfilter: xt_socket: add XT_SOCKET_RESTORESKMARK flag
2015-06-18 13:05:09 +02:00
xt_state.c
xt_statistic.c
net: replace macros net_random and net_srandom with direct calls to prandom
2014-01-14 15:15:25 -08:00
xt_string.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
xt_tcpmss.c
xt_TCPMSS.c
netfilter: x_tables: add context to know if extension runs from nft_compat
2015-05-15 20:14:07 +02:00
xt_TCPOPTSTRIP.c
netfilter: xt_TCPOPTSTRIP: fix possible off by one access
2013-08-01 11:45:15 +02:00
xt_tcpudp.c
xt_TEE.c
ipv6: Set FLOWI_FLAG_KNOWN_NH at flowi6_flags
2015-05-25 13:25:34 -04:00
xt_time.c
netfilter: xt_time: add support to ignore day transition
2012-09-24 14:29:01 +02:00
xt_TPROXY.c
tcp/dccp: get rid of central timewait timer
2015-04-13 16:40:05 -04:00
xt_TRACE.c
xt_u32.c