Taehee Yoo
095faf45e6
netfilter: nat: fix double register in masquerade modules
There is a reference counter to ensure that masquerade modules register
notifiers only once. However, the existing reference counter approach is
not safe, test commands are:
while :
do
modprobe ip6t_MASQUERADE &
modprobe nft_masq_ipv6 &
modprobe -rv ip6t_MASQUERADE &
modprobe -rv nft_masq_ipv6 &
done
numbers below represent the reference counter.
--------------------------------------------------------
CPU0 CPU1 CPU2 CPU3 CPU4
[insmod] [insmod] [rmmod] [rmmod] [insmod]
--------------------------------------------------------
0->1
register 1->2
returns 2->1
returns 1->0
0->1
register <--
unregister
--------------------------------------------------------
The unregistation of CPU3 should be processed before the
registration of CPU4.
In order to fix this, use a mutex instead of reference counter.
splat looks like:
[ 323.869557] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [modprobe:1381]
[ 323.869574] Modules linked in: nf_tables(+) nf_nat_ipv6(-) nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 n]
[ 323.869574] irq event stamp: 194074
[ 323.898930] hardirqs last enabled at (194073): [<ffffffff90004a0d>] trace_hardirqs_on_thunk+0x1a/0x1c
[ 323.898930] hardirqs last disabled at (194074): [<ffffffff90004a29>] trace_hardirqs_off_thunk+0x1a/0x1c
[ 323.898930] softirqs last enabled at (182132): [<ffffffff922006ec>] __do_softirq+0x6ec/0xa3b
[ 323.898930] softirqs last disabled at (182109): [<ffffffff90193426>] irq_exit+0x1a6/0x1e0
[ 323.898930] CPU: 0 PID: 1381 Comm: modprobe Not tainted 4.20.0-rc2+ #27
[ 323.898930] RIP: 0010:raw_notifier_chain_register+0xea/0x240
[ 323.898930] Code: 3c 03 0f 8e f2 00 00 00 44 3b 6b 10 7f 4d 49 bc 00 00 00 00 00 fc ff df eb 22 48 8d 7b 10 488
[ 323.898930] RSP: 0018:ffff888101597218 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
[ 323.898930] RAX: 0000000000000000 RBX: ffffffffc04361c0 RCX: 0000000000000000
[ 323.898930] RDX: 1ffffffff26132ae RSI: ffffffffc04aa3c0 RDI: ffffffffc04361d0
[ 323.898930] RBP: ffffffffc04361c8 R08: 0000000000000000 R09: 0000000000000001
[ 323.898930] R10: ffff8881015972b0 R11: fffffbfff26132c4 R12: dffffc0000000000
[ 323.898930] R13: 0000000000000000 R14: 1ffff110202b2e44 R15: ffffffffc04aa3c0
[ 323.898930] FS: 00007f813ed41540(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000
[ 323.898930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 323.898930] CR2: 0000559bf2c9f120 CR3: 000000010bc80000 CR4: 00000000001006f0
[ 323.898930] Call Trace:
[ 323.898930] ? atomic_notifier_chain_register+0x2d0/0x2d0
[ 323.898930] ? down_read+0x150/0x150
[ 323.898930] ? sched_clock_cpu+0x126/0x170
[ 323.898930] ? nf_tables_core_module_init+0xe4/0xe4 [nf_tables]
[ 323.898930] ? nf_tables_core_module_init+0xe4/0xe4 [nf_tables]
[ 323.898930] register_netdevice_notifier+0xbb/0x790
[ 323.898930] ? __dev_close_many+0x2d0/0x2d0
[ 323.898930] ? __mutex_unlock_slowpath+0x17f/0x740
[ 323.898930] ? wait_for_completion+0x710/0x710
[ 323.898930] ? nf_tables_core_module_init+0xe4/0xe4 [nf_tables]
[ 323.898930] ? up_write+0x6c/0x210
[ 323.898930] ? nf_tables_core_module_init+0xe4/0xe4 [nf_tables]
[ 324.127073] ? nf_tables_core_module_init+0xe4/0xe4 [nf_tables]
[ 324.127073] nft_chain_filter_init+0x1e/0xe8a [nf_tables]
[ 324.127073] nf_tables_module_init+0x37/0x92 [nf_tables]
[ ... ]
Fixes: 8dd33cc93e ("netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables")
Fixes: be6b635cd6 ("netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-11-27 00:36:46 +01:00
..
2018-07-24 14:10:42 -07:00
2018-11-27 00:36:46 +01:00
2018-05-22 10:51:09 +02:00
2018-10-25 16:21:31 -07:00
2018-10-08 10:39:05 -07:00
2018-11-02 23:54:56 -07:00
2017-11-15 11:56:19 -08:00
2018-11-05 13:36:27 -08:00
2018-07-05 20:15:26 +09:00
2018-08-01 09:50:04 -07:00
2018-07-27 09:33:37 -07:00
2018-08-29 08:02:43 +02:00
2018-05-07 23:50:27 -04:00
2015-09-02 15:31:00 -07:00
2018-07-05 20:15:26 +09:00
2017-09-01 20:33:42 -07:00
2018-05-11 00:10:56 +02:00
2017-05-21 13:42:36 -04:00
2018-08-13 08:42:25 -07:00
2017-01-28 10:33:06 -05:00
2018-08-11 01:58:46 +02:00
2018-10-24 14:18:16 -07:00
2018-11-05 17:04:54 -08:00
2018-07-07 10:58:49 +09:00
2018-09-16 15:32:59 -07:00
2017-11-02 11:10:55 +01:00
2018-09-19 21:23:01 -07:00
2018-09-13 12:09:32 -07:00
2016-04-07 16:53:29 -04:00
2018-09-18 09:33:27 -07:00
2018-10-18 16:54:40 -07:00
2016-11-02 15:18:36 -04:00
2018-08-29 17:51:44 -07:00
2018-10-24 14:06:25 -07:00
2016-11-04 14:45:23 -04:00
2018-09-13 08:17:27 -07:00
2018-07-24 14:10:43 -07:00
2017-11-02 11:10:55 +01:00
2015-08-13 17:08:39 -07:00
2018-10-19 11:03:06 -07:00
2016-12-25 17:21:23 +01:00
2018-10-26 15:58:06 -07:00
2018-11-27 00:12:20 +01:00
2017-11-24 01:37:35 +09:00
2018-07-07 10:58:49 +09:00
2018-05-16 07:24:30 +02:00
2017-03-24 13:17:07 -07:00
2018-10-05 14:45:34 -07:00
2018-09-21 19:45:52 -07:00
2018-10-24 14:36:38 -07:00
2018-07-03 10:29:26 +09:00
2018-07-18 15:10:47 -07:00
2018-07-31 09:22:48 +02:00
2018-06-22 13:43:27 +09:00
2018-09-26 20:30:55 -07:00
2018-03-25 20:53:54 -04:00
2018-04-25 13:02:15 -04:00
2018-07-21 19:31:46 -07:00
2018-06-26 11:33:04 +09:00
2015-11-03 10:52:13 -05:00
2017-11-02 11:10:55 +01:00
2018-10-05 11:52:38 -07:00
2018-10-26 16:03:08 -07:00
2018-05-16 07:24:30 +02:00
2018-09-04 10:26:30 +02:00
2017-06-16 11:48:39 -04:00
2018-07-11 15:26:35 +02:00
2018-09-04 10:26:30 +02:00
2018-03-07 10:54:29 +01:00
2018-09-03 07:37:57 +02:00
2018-10-11 13:24:46 +02:00
2017-02-09 10:22:17 +01:00
2018-04-26 07:51:48 +02:00
2018-04-16 07:50:09 +02:00