leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7866cc57b5
linux/net/core
History
Florian Westphal 7866cc57b5 netns: add and use net_ns_barrier 
Quoting Joe Stringer:
  If a user loads nf_conntrack_ftp, sends FTP traffic through a network
  namespace, destroys that namespace then unloads the FTP helper module,
  then the kernel will crash.

Events that lead to the crash:
1. conntrack is created with ftp helper in netns x
2. This netns is destroyed
3. netns destruction is scheduled
4. netns destruction wq starts, removes netns from global list
5. ftp helper is unloaded, which resets all helpers of the conntracks
via for_each_net()

but because netns is already gone from list the for_each_net() loop
doesn't include it, therefore all of these conntracks are unaffected.

6. helper module unload finishes
7. netns wq invokes destructor for rmmod'ed helper

CC: "Eric W. Biederman" <ebiederm@xmission.com>
Reported-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-06-19 19:09:19 +02:00
..
datagram.c net: fix __skb_try_recv_from_queue to return the old behavior 2017-05-18 10:32:58 -04:00
dev_addr_lists.c
dev_ioctl.c net: ethernet: update drivers to handle HWTSTAMP_FILTER_NTP_ALL 2017-05-21 13:37:32 -04:00
dev.c net: add function to retrieve original skb device using NAPI ID 2017-05-21 13:37:32 -04:00
devlink.c net/devlink: Add E-Switch encapsulation control 2017-04-22 20:26:37 +03:00
drop_monitor.c drop_monitor: use setup_timer 2017-03-12 23:47:16 -07:00
dst_cache.c net: dst_cache_per_cpu_dst_set() can be static 2016-03-18 17:45:08 -04:00
dst.c net: pending_confirm is not used anymore 2017-02-07 13:07:47 -05:00
ethtool.c net: Add ESP offload features 2017-04-14 10:05:36 +02:00
fib_rules.c fib_rules: fix error return code 2017-04-27 16:35:57 -04:00
filter.c bpf: restore skb->sk before pskb_trim() call 2017-04-30 22:23:16 -04:00
flow_dissector.c flow_dissector: add mpls support (v2) 2017-04-24 14:30:46 -04:00
flow.c flowcache: more "unsigned int" 2017-04-03 19:04:48 -07:00
gen_estimator.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
gen_stats.c net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00
gro_cells.c net: Generic XDP 2017-04-25 13:33:49 -04:00
hwbm.c net: hwbm: Fix unbalanced spinlock in error case 2016-05-25 12:35:09 -07:00
link_watch.c
lwt_bpf.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
lwtunnel.c lwtunnel: fix error path in lwtunnel_fill_encap() 2017-04-30 22:41:29 -04:00
Makefile gro_cells: move to net/core/gro_cells.c 2017-02-08 14:38:18 -05:00
neighbour.c neighbour: update neigh timestamps iff update is effective 2017-05-17 11:41:38 -04:00
net_namespace.c netns: add and use net_ns_barrier 2017-06-19 19:09:19 +02:00
net-procfs.c net: remove NETDEV_TX_LOCKED support 2016-04-26 15:53:05 -04:00
net-sysfs.c net: make struct net_device::tx_queue_len unsigned int 2017-05-18 10:19:30 -04:00
net-sysfs.h
net-traces.c net: IPv6 fib lookup tracepoint 2015-11-22 11:54:10 -05:00
netclassid_cgroup.c cgroup, net_cls: iterate the fds of only the tasks which are being migrated 2017-03-22 10:32:46 -07:00
netevent.c
netpoll.c netpoll: Check for skb->queue_mapping 2017-04-21 15:45:19 -04:00
netprio_cgroup.c net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
pktgen.c net-tc: convert tc_verd to integer bitfields 2017-01-08 20:58:52 -05:00
ptp_classifier.c ptp: Change ptp_class to a proper bitmask 2015-11-03 11:08:22 -05:00
request_sock.c ipv4: Namespaceify tcp_max_syn_backlog knob 2016-12-29 11:38:31 -05:00
rtnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-18 16:11:32 -04:00
scm.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
secure_seq.c tcp: randomize timestamps on syncookies 2017-05-05 12:00:11 -04:00
skbuff.c net: allow simultaneous SW and HW transmit timestamping 2017-05-21 13:37:32 -04:00
sock_diag.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
sock_reuseport.c soreuseport: use "unsigned int" in __reuseport_alloc() 2017-04-03 19:06:38 -07:00
sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-18 16:11:32 -04:00
stream.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
sysctl_net_core.c Replace 2 jiffies with sysctl netdev_budget_usecs to enable softirq tuning 2017-04-21 13:22:34 -04:00
timestamping.c
tso.c net: tso: add support for IPv6 2015-10-26 22:24:22 -07:00
utils.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00