Eric W. Biederman dc3ee32e96 netfilter: nf_queue: Make the queue_handler pernet ... Florian Weber reported: > Under full load (unshare() in loop -> OOM conditions) we can > get kernel panic: > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 > IP: [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70 > [..] > task: ffff88012dfa3840 ti: ffff88012dffc000 task.ti: ffff88012dffc000 > RIP: 0010:[<ffffffff81476c85>] [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70 > RSP: 0000:ffff88012dfffd80 EFLAGS: 00010206 > RAX: 0000000000000008 RBX: ffffffff81add0c0 RCX: ffff88013fd80000 > [..] > Call Trace: > [<ffffffff81474d98>] nf_queue_nf_hook_drop+0x18/0x20 > [<ffffffff814738eb>] nf_unregister_net_hook+0xdb/0x150 > [<ffffffff8147398f>] netfilter_net_exit+0x2f/0x60 > [<ffffffff8141b088>] ops_exit_list.isra.4+0x38/0x60 > [<ffffffff8141b652>] setup_net+0xc2/0x120 > [<ffffffff8141bd09>] copy_net_ns+0x79/0x120 > [<ffffffff8106965b>] create_new_namespaces+0x11b/0x1e0 > [<ffffffff810698a7>] unshare_nsproxy_namespaces+0x57/0xa0 > [<ffffffff8104baa2>] SyS_unshare+0x1b2/0x340 > [<ffffffff81608276>] entry_SYSCALL_64_fastpath+0x1e/0xa8 > Code: 65 00 48 89 e5 41 56 41 55 41 54 53 83 e8 01 48 8b 97 70 12 00 00 48 98 49 89 f4 4c 8b 74 c2 18 4d 8d 6e 08 49 81 c6 88 00 00 00 <49> 8b 5d 00 48 85 db 74 1a 48 89 df 4c 89 e2 48 c7 c6 90 68 47 > The simple fix for this requires a new pernet variable for struct nf_queue that indicates when it is safe to use the dynamically allocated nf_queue state. As we need a variable anyway make nf_register_queue_handler and nf_unregister_queue_handler pernet. This allows the existing logic of when it is safe to use the state from the nfnetlink_queue module to be reused with no changes except for making it per net. The syncrhonize_rcu from nf_unregister_queue_handler is moved to a new function nfnl_queue_net_exit_batch so that the worst case of having a syncrhonize_rcu in the pernet exit path is not experienced in batch mode. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2016-05-25 11:54:22 +02:00
..
acpi	device property: Avoid potential dereferences of invalid pointers	2016-04-27 23:40:02 +02:00
asm-generic	asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic()	2016-04-21 11:06:09 +02:00
clocksource
crypto	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2016-03-17 11:33:45 -07:00
drm	drm: Loongson-3 doesn't fully support wc memory	2016-04-22 10:24:11 +10:00
dt-bindings	The clk changes for this release cycle are mostly dominated by	2016-03-23 06:06:45 -07:00
keys
kvm	arm64: KVM: vgic-v3: Avoid accessing ICH registers	2016-03-09 04:24:04 +00:00
linux	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-05-09 12:11:37 -07:00
math-emu
media	[media] media: vb2: Fix regression on poll() for RW mode	2016-04-25 10:21:23 -03:00
memory
misc	cxl: Remove cxl_get_phys_dev() kernel API	2016-03-09 23:40:02 +11:00
net	netfilter: nf_queue: Make the queue_handler pernet	2016-05-25 11:54:22 +02:00
pcmcia
ras
rdma	IB/security: Restrict use of the write() interface	2016-04-28 12:03:16 -04:00
rxrpc	rxrpc: Be more selective about the types of received packets we accept	2016-03-04 15:56:06 +00:00
scsi	Merge branch 'fixes-base' into fixes	2016-04-05 06:56:47 -04:00
soc	IOMMU Updates for Linux v4.6	2016-03-22 11:57:43 -07:00
sound	ALSA: hda - Update BCLK also at hotplug for i915 HSW/BDW	2016-04-26 10:11:11 +02:00
target	target: add a new add_wwn_groups fabrics method	2016-03-30 20:06:44 -07:00
trace	Merge branch 'for-linus-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs	2016-04-09 10:41:34 -07:00
uapi	export tc ife uapi header	2016-05-10 01:08:39 -04:00
video	gpu: ipu-v3: ipu-dmfc: Rename ipu_dmfc_init_channel to ipu_dmfc_config_wait4eot	2016-03-31 11:24:33 +02:00
xen	xen: Fix page <-> pfn conversion on 32 bit systems	2016-04-06 11:18:17 +01:00
Kbuild