Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-04 18:13:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
b12f7bad5a
linux/net/ipv4/netfilter
History
Taehee Yoo b12f7bad5a netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine 
When network namespace is destroyed, both clusterip_tg_destroy() and
clusterip_net_exit() are called. and clusterip_net_exit() is called
before clusterip_tg_destroy().
Hence cleanup check code in clusterip_net_exit() doesn't make sense.

test commands:
   %ip netns add vm1
   %ip netns exec vm1 bash
   %ip link set lo up
   %iptables -A INPUT -p tcp -i lo -d 192.168.0.5 --dport 80 \
	-j CLUSTERIP --new --hashmode sourceip \
	--clustermac 01:00:5e:00:00:20 --total-nodes 2 --local-node 1
   %exit
   %ip netns del vm1

splat looks like:
[  341.184508] WARNING: CPU: 1 PID: 87 at net/ipv4/netfilter/ipt_CLUSTERIP.c:840 clusterip_net_exit+0x319/0x380 [ipt_CLUSTERIP]
[  341.184850] Modules linked in: ipt_CLUSTERIP nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp iptable_filter bpfilter ip_tables x_tables
[  341.184850] CPU: 1 PID: 87 Comm: kworker/u4:2 Not tainted 4.19.0-rc5+ #16
[  341.227509] Workqueue: netns cleanup_net
[  341.227509] RIP: 0010:clusterip_net_exit+0x319/0x380 [ipt_CLUSTERIP]
[  341.227509] Code: 0f 85 7f fe ff ff 48 c7 c2 80 64 2c c0 be a8 02 00 00 48 c7 c7 a0 63 2c c0 c6 05 18 6e 00 00 01 e8 bc 38 ff f5 e9 5b fe ff ff <0f> 0b e9 33 ff ff ff e8 4b 90 50 f6 e9 2d fe ff ff 48 89 df e8 de
[  341.227509] RSP: 0018:ffff88011086f408 EFLAGS: 00010202
[  341.227509] RAX: dffffc0000000000 RBX: 1ffff1002210de85 RCX: 0000000000000000
[  341.227509] RDX: 1ffff1002210de85 RSI: ffff880110813be8 RDI: ffffed002210de58
[  341.227509] RBP: ffff88011086f4d0 R08: 0000000000000000 R09: 0000000000000000
[  341.227509] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1002210de81
[  341.227509] R13: ffff880110625a48 R14: ffff880114cec8c8 R15: 0000000000000014
[  341.227509] FS:  0000000000000000(0000) GS:ffff880116600000(0000) knlGS:0000000000000000
[  341.227509] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  341.227509] CR2: 00007f11fd38e000 CR3: 000000013ca16000 CR4: 00000000001006e0
[  341.227509] Call Trace:
[  341.227509]  ? __clusterip_config_find+0x460/0x460 [ipt_CLUSTERIP]
[  341.227509]  ? default_device_exit+0x1ca/0x270
[  341.227509]  ? remove_proc_entry+0x1cd/0x390
[  341.227509]  ? dev_change_net_namespace+0xd00/0xd00
[  341.227509]  ? __init_waitqueue_head+0x130/0x130
[  341.227509]  ops_exit_list.isra.10+0x94/0x140
[  341.227509]  cleanup_net+0x45b/0x900
[ ... ]

Fixes: 613d0776d3 ("netfilter: exit_net cleanup check added")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-12-18 01:18:09 +01:00
..
arp_tables.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
arpt_mangle.c
arptable_filter.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ip_tables.c netfilter: x_tables: set module owner for icmp(6) matches 2018-07-05 11:45:11 +02:00
ipt_ah.c netfilter: ipt_ah: return boolean instead of integer 2018-03-05 23:15:43 +01:00
ipt_CLUSTERIP.c netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine 2018-12-18 01:18:09 +01:00
ipt_ECN.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
ipt_MASQUERADE.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
ipt_REJECT.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
ipt_rpfilter.c netfilter: rpfilter: Convert rpfilter_lookup_reverse to new dev helper 2018-09-20 20:01:52 -07:00
ipt_SYNPROXY.c netfilter: ctnetlink: synproxy support 2018-03-20 14:39:31 +01:00
iptable_filter.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
iptable_mangle.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
iptable_nat.c netfilter: nf_nat: add nat type hooks to nat core 2018-05-23 09:14:06 +02:00
iptable_raw.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
iptable_security.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
Kconfig netfilter: nat: remove l4proto->manip_pkt 2018-12-17 23:33:29 +01:00
Makefile netfilter: nat: remove nf_nat_l4proto struct 2018-12-17 23:33:31 +01:00
nf_defrag_ipv4.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_dup_ipv4.c
nf_flow_table_ipv4.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_log_arp.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_log_ipv4.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_nat_h323.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_l3proto_ipv4.c netfilter: nat: remove nf_nat_l4proto struct 2018-12-17 23:33:31 +01:00
nf_nat_masquerade_ipv4.c netfilter: masquerade: don't flush all conntracks if only one address deleted on device 2018-09-28 14:28:26 +02:00
nf_nat_pptp.c netfilter: nat: remove l4proto->manip_pkt 2018-12-17 23:33:29 +01:00
nf_nat_snmp_basic_main.c netfilter: nf_nat_snmp_basic: add missing helper alias name 2018-10-16 10:01:50 +02:00
nf_nat_snmp_basic.asn1 netfilter: nf_nat_snmp_basic: use asn1 decoder library 2018-01-19 13:59:07 +01:00
nf_reject_ipv4.c netfilter: nf_reject_ipv4: Fix use-after-free in send_reset 2017-11-01 12:15:29 +01:00
nf_socket_ipv4.c netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} 2018-03-24 21:17:14 +01:00
nf_tproxy_ipv4.c netfilter: nf_tproxy: fix possible non-linear access to transport header 2018-07-06 14:32:44 +02:00
nft_chain_nat_ipv4.c netfilter: nf_nat: add nat type hooks to nat core 2018-05-23 09:14:06 +02:00
nft_chain_route_ipv4.c netfilter: nf_tables: nft_register_chain_type() returns void 2018-03-30 11:29:18 +02:00
nft_dup_ipv4.c
nft_fib_ipv4.c netfilter: nft_fib: Convert nft_fib4_eval to new dev helper 2018-09-20 20:01:53 -07:00
nft_masq_ipv4.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nft_redir_ipv4.c
nft_reject_ipv4.c