diff options
| author | Francesco Ruggeri <fruggeri@aristanetworks.com> | 2015-05-17 14:30:31 -0700 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-05-20 13:46:48 +0200 |
| commit | 3bfe049807c240344b407e3cfb74544927359817 (patch) | |
| tree | 22abdea7b3d64fbf55a028afc0066ddc9ca40235 /net/ceph | |
| parent | 13c3ed6a92724d8c8cb148a14b0ae190ddfe7413 (diff) | |
| download | op-kernel-dev-3bfe049807c240344b407e3cfb74544927359817.zip op-kernel-dev-3bfe049807c240344b407e3cfb74544927359817.tar.gz | |
netfilter: nfnetlink_{log,queue}: Register pernet in first place
nfnetlink_{log,queue}_init() register the netlink callback nf*_rcv_nl_event
before registering the pernet_subsys, but the callback relies on data
structures allocated by pernet init functions.
When nfnetlink_{log,queue} is loaded, if a netlink message is received after
the netlink callback is registered but before the pernet_subsys is registered,
the kernel will panic in the sequence
nfulnl_rcv_nl_event
nfnl_log_pernet
net_generic
BUG_ON(id == 0) where id is nfnl_log_net_id.
The panic can be easily reproduced in 4.0.3 by:
while true ;do modprobe nfnetlink_log ; rmmod nfnetlink_log ; done &
while true ;do ip netns add dummy ; ip netns del dummy ; done &
This patch moves register_pernet_subsys to earlier in nfnetlink_log_init.
Notice that the BUG_ON hit in 4.0.3 was recently removed in 2591ffd308
["netns: remove BUG_ONs from net_generic()"].
Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ceph')
0 files changed, 0 insertions, 0 deletions
