Re: net: suspicious RCU usage in nf_hook

On Fri, 2017-01-27 at 17:00 -0800, Cong Wang wrote: > On Fri, Jan 27, 2017 at 3:35 PM, Eric Dumazet wrote: > > Oh well, I forgot to submit the official patch I think, Jan 9th. > > > > https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ > > > > Hmm, but why only

Re: net: suspicious RCU usage in nf_hook

On Fri, Jan 27, 2017 at 3:35 PM, Eric Dumazet wrote: > Oh well, I forgot to submit the official patch I think, Jan 9th. > > https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ > Hmm, but why only fragments need skb_orphan()? It seems like any kfree_skb() inside

Re: net: suspicious RCU usage in nf_hook

On Fri, Jan 27, 2017 at 1:15 PM, Dmitry Vyukov wrote: > stack backtrace: > CPU: 2 PID: 23111 Comm: syz-executor14 Not tainted 4.10.0-rc5+ #192 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:15

net: suspicious RCU usage in nf_hook

Hello, I've got the following report while running syzkaller fuzzer on fd694aaa46c7ed811b72eb47d5eb11ce7ab3f7f1: [ INFO: suspicious RCU usage. ] 4.10.0-rc5+ #192 Not tainted --- ./include/linux/rcupdate.h:561 Illegal context switch in RCU read-side critical section!

[ANNOUNCE] iptables 1.6.1 release

Hi! The Netfilter project proudly presents: iptables 1.6.1 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. This update contains accumulated bugfixes, several new

[PATCH 1/2 conntrack-tools] conntrackd: cthelper: Free pktb after use

According to valgrind, this currently leaks ~512B to 2kB for each packet sent to the userspace helper. Signed-off-by: Kevin Cernekee --- src/cthelper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/cthelper.c b/src/cthelper.c index 54eb830..f01c509 100644 ---

[PATCH 2/2 conntrack-tools] conntrackd: config: Free strdup()ed tokens

This frees T_IP, T_PATH_VAL, and T_STRING tokens. They were being flagged by valgrind as memory leaks. Lightly tested using doc/helper/conntrackd.conf and doc/stats/conntrackd.conf. Signed-off-by: Kevin Cernekee --- src/read_config_yy.y | 29

Re: [PATCH v2 net] net: free ip_vs_dest structs when refcnt=0

On Fri, Jan 27, 2017 at 01:21:11PM +0100, Pablo Neira Ayuso wrote: > On Fri, Jan 27, 2017 at 09:07:38AM +0100, Simon Horman wrote: > > On Thu, Jan 26, 2017 at 10:49:10PM +0200, Julian Anastasov wrote: > > > > > > Hello, > > > > > > On Mon, 23 Jan 2017, David Windsor wrote: > > > > > > >

Re: [PATCH 09/14] netfilter: conntrack: refine gc worker heuristics, redux

Le 26/01/2017 à 17:38, Pablo Neira Ayuso a écrit : > From: Florian Westphal > > This further refines the changes made to conntrack gc_worker in > commit e0df8cae6c16 ("netfilter: conntrack: refine gc worker heuristics"). > > The main idea of that change was to reduce the scan

[RFC PATCH] audit: normalize NETFILTER_PKT

Eliminate flipping in and out of message fields. https://github.com/linux-audit/audit-kernel/issues/11 Signed-off-by: Richard Guy Briggs --- net/netfilter/xt_AUDIT.c | 92 +- 1 files changed, 66 insertions(+), 26 deletions(-) diff

Re: [PATCH nft v3 1/6] src: Allow reset single stateful object

On Thu, Jan 26, 2017 at 03:09:44PM -0200, Elise Lennion wrote: > Currently the stateful objects can only be reseted in groups. With this > patch reseting a single object is allowed: > > $ nft reset counter filter https-traffic > table ip filter { > counter https-traffic { >

Re: [PATCH v2 net] net: free ip_vs_dest structs when refcnt=0

On Thu, Jan 26, 2017 at 10:49:10PM +0200, Julian Anastasov wrote: > > Hello, > > On Mon, 23 Jan 2017, David Windsor wrote: > > > Currently, the ip_vs_dest cache frees ip_vs_dest objects when their > > reference count becomes < 0. Aside from not being semantically sound, > > this is