diff options
| author | Hans Schillstrom <hans@schillstrom.com> | 2013-05-14 21:23:45 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-05-15 08:11:07 -0400 |
| commit | 8cdb46da06ea94543a3b2e53e3e92736421d1093 (patch) | |
| tree | 2f3d5703ee736daf10a3556c5c80f6bcca8731b8 /net/netfilter | |
| parent | 42010ed0c669aeb1c5b015f5edf590c73919380c (diff) | |
netfilter: log: netns NULL ptr bug when calling from conntrack
Since (69b34fb netfilter: xt_LOG: add net namespace support
for xt_LOG), we hit this:
[ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
[ 4224.709074] IP: [<ffffffff8147f699>] ipt_log_packet+0x29/0x270
when callling log functions from conntrack both in and out
are NULL i.e. the net pointer is invalid.
Adding struct net *net in call to nf_logfn() will secure that
there always is a vaild net ptr.
Reported as netfilter's bugzilla bug 818:
https://bugzilla.netfilter.org/show_bug.cgi?id=818
Reported-by: Ronald <ronald645@gmail.com>
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_log.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_LOG.c | 13 | ||||
| -rw-r--r-- | net/netfilter/xt_NFLOG.c | 3 |
4 files changed, 12 insertions, 10 deletions
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index 757951d251e3..3b18dd1be7d9 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c | |||
| @@ -148,7 +148,7 @@ void nf_log_packet(struct net *net, | |||
| 148 | va_start(args, fmt); | 148 | va_start(args, fmt); |
| 149 | vsnprintf(prefix, sizeof(prefix), fmt, args); | 149 | vsnprintf(prefix, sizeof(prefix), fmt, args); |
| 150 | va_end(args); | 150 | va_end(args); |
| 151 | logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix); | 151 | logger->logfn(net, pf, hooknum, skb, in, out, loginfo, prefix); |
| 152 | } | 152 | } |
| 153 | rcu_read_unlock(); | 153 | rcu_read_unlock(); |
| 154 | } | 154 | } |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index d83d881002a6..962e9792e317 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -602,7 +602,8 @@ static struct nf_loginfo default_loginfo = { | |||
| 602 | 602 | ||
| 603 | /* log handler for internal netfilter logging api */ | 603 | /* log handler for internal netfilter logging api */ |
| 604 | void | 604 | void |
| 605 | nfulnl_log_packet(u_int8_t pf, | 605 | nfulnl_log_packet(struct net *net, |
| 606 | u_int8_t pf, | ||
| 606 | unsigned int hooknum, | 607 | unsigned int hooknum, |
| 607 | const struct sk_buff *skb, | 608 | const struct sk_buff *skb, |
| 608 | const struct net_device *in, | 609 | const struct net_device *in, |
| @@ -615,7 +616,6 @@ nfulnl_log_packet(u_int8_t pf, | |||
| 615 | const struct nf_loginfo *li; | 616 | const struct nf_loginfo *li; |
| 616 | unsigned int qthreshold; | 617 | unsigned int qthreshold; |
| 617 | unsigned int plen; | 618 | unsigned int plen; |
| 618 | struct net *net = dev_net(in ? in : out); | ||
| 619 | struct nfnl_log_net *log = nfnl_log_pernet(net); | 619 | struct nfnl_log_net *log = nfnl_log_pernet(net); |
| 620 | 620 | ||
| 621 | if (li_user && li_user->type == NF_LOG_TYPE_ULOG) | 621 | if (li_user && li_user->type == NF_LOG_TYPE_ULOG) |
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index fe573f6c9e91..491c7d821a0b 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c | |||
| @@ -466,7 +466,8 @@ log_packet_common(struct sbuff *m, | |||
| 466 | 466 | ||
| 467 | 467 | ||
| 468 | static void | 468 | static void |
| 469 | ipt_log_packet(u_int8_t pf, | 469 | ipt_log_packet(struct net *net, |
| 470 | u_int8_t pf, | ||
| 470 | unsigned int hooknum, | 471 | unsigned int hooknum, |
| 471 | const struct sk_buff *skb, | 472 | const struct sk_buff *skb, |
| 472 | const struct net_device *in, | 473 | const struct net_device *in, |
| @@ -475,7 +476,6 @@ ipt_log_packet(u_int8_t pf, | |||
| 475 | const char *prefix) | 476 | const char *prefix) |
| 476 | { | 477 | { |
| 477 | struct sbuff *m; | 478 | struct sbuff *m; |
| 478 | struct net *net = dev_net(in ? in : out); | ||
| 479 | 479 | ||
| 480 | /* FIXME: Disabled from containers until syslog ns is supported */ | 480 | /* FIXME: Disabled from containers until syslog ns is supported */ |
| 481 | if (!net_eq(net, &init_net)) | 481 | if (!net_eq(net, &init_net)) |
| @@ -797,7 +797,8 @@ fallback: | |||
| 797 | } | 797 | } |
| 798 | 798 | ||
| 799 | static void | 799 | static void |
| 800 | ip6t_log_packet(u_int8_t pf, | 800 | ip6t_log_packet(struct net *net, |
| 801 | u_int8_t pf, | ||
| 801 | unsigned int hooknum, | 802 | unsigned int hooknum, |
| 802 | const struct sk_buff *skb, | 803 | const struct sk_buff *skb, |
| 803 | const struct net_device *in, | 804 | const struct net_device *in, |
| @@ -806,7 +807,6 @@ ip6t_log_packet(u_int8_t pf, | |||
| 806 | const char *prefix) | 807 | const char *prefix) |
| 807 | { | 808 | { |
| 808 | struct sbuff *m; | 809 | struct sbuff *m; |
| 809 | struct net *net = dev_net(in ? in : out); | ||
| 810 | 810 | ||
| 811 | /* FIXME: Disabled from containers until syslog ns is supported */ | 811 | /* FIXME: Disabled from containers until syslog ns is supported */ |
| 812 | if (!net_eq(net, &init_net)) | 812 | if (!net_eq(net, &init_net)) |
| @@ -833,17 +833,18 @@ log_tg(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 833 | { | 833 | { |
| 834 | const struct xt_log_info *loginfo = par->targinfo; | 834 | const struct xt_log_info *loginfo = par->targinfo; |
| 835 | struct nf_loginfo li; | 835 | struct nf_loginfo li; |
| 836 | struct net *net = dev_net(par->in ? par->in : par->out); | ||
| 836 | 837 | ||
| 837 | li.type = NF_LOG_TYPE_LOG; | 838 | li.type = NF_LOG_TYPE_LOG; |
| 838 | li.u.log.level = loginfo->level; | 839 | li.u.log.level = loginfo->level; |
| 839 | li.u.log.logflags = loginfo->logflags; | 840 | li.u.log.logflags = loginfo->logflags; |
| 840 | 841 | ||
| 841 | if (par->family == NFPROTO_IPV4) | 842 | if (par->family == NFPROTO_IPV4) |
| 842 | ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, | 843 | ipt_log_packet(net, NFPROTO_IPV4, par->hooknum, skb, par->in, |
| 843 | par->out, &li, loginfo->prefix); | 844 | par->out, &li, loginfo->prefix); |
| 844 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) | 845 | #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) |
| 845 | else if (par->family == NFPROTO_IPV6) | 846 | else if (par->family == NFPROTO_IPV6) |
| 846 | ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in, | 847 | ip6t_log_packet(net, NFPROTO_IPV6, par->hooknum, skb, par->in, |
| 847 | par->out, &li, loginfo->prefix); | 848 | par->out, &li, loginfo->prefix); |
| 848 | #endif | 849 | #endif |
| 849 | else | 850 | else |
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index a17dd0f589b2..fb7497c928a0 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
| @@ -26,13 +26,14 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 26 | { | 26 | { |
| 27 | const struct xt_nflog_info *info = par->targinfo; | 27 | const struct xt_nflog_info *info = par->targinfo; |
| 28 | struct nf_loginfo li; | 28 | struct nf_loginfo li; |
| 29 | struct net *net = dev_net(par->in ? par->in : par->out); | ||
| 29 | 30 | ||
| 30 | li.type = NF_LOG_TYPE_ULOG; | 31 | li.type = NF_LOG_TYPE_ULOG; |
| 31 | li.u.ulog.copy_len = info->len; | 32 | li.u.ulog.copy_len = info->len; |
| 32 | li.u.ulog.group = info->group; | 33 | li.u.ulog.group = info->group; |
| 33 | li.u.ulog.qthreshold = info->threshold; | 34 | li.u.ulog.qthreshold = info->threshold; |
| 34 | 35 | ||
| 35 | nfulnl_log_packet(par->family, par->hooknum, skb, par->in, | 36 | nfulnl_log_packet(net, par->family, par->hooknum, skb, par->in, |
| 36 | par->out, &li, info->prefix); | 37 | par->out, &li, info->prefix); |
| 37 | return XT_CONTINUE; | 38 | return XT_CONTINUE; |
| 38 | } | 39 | } |