On Sun, Nov 06, 2016 at 02:40:01PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@xxxxxxxxx>
>
> Dalegaard says:
> The following ruleset, when loaded with 'nft -f bad.txt'
> ----snip----
> flush ruleset
> table ip inlinenat {
> map sourcemap {
> type ipv4_addr : verdict;
> }
>
> chain postrouting {
> ip saddr vmap @sourcemap accept
> }
> }
> add chain inlinenat test
> add element inlinenat sourcemap { 100.123.10.2 : jump test }
> ----snip----
>
> results in a kernel oops:
> BUG: unable to handle kernel paging request at 0000000000001344
> IP: [<ffffffffa07bf704>] nf_tables_check_loops+0x114/0x1f0 [nf_tables]
> [...]
> Call Trace:
> [<ffffffffa07c2aae>] ? nft_data_init+0x13e/0x1a0 [nf_tables]
> [<ffffffffa07c1950>] nft_validate_register_store+0x60/0xb0 [nf_tables]
> [<ffffffffa07c74b5>] nft_add_set_elem+0x545/0x5e0 [nf_tables]
> [<ffffffffa07bfdd0>] ? nft_table_lookup+0x30/0x60 [nf_tables]
> [<ffffffff8132c630>] ? nla_strcmp+0x40/0x50
> [<ffffffffa07c766e>] nf_tables_newsetelem+0x11e/0x210 [nf_tables]
> [<ffffffff8132c400>] ? nla_validate+0x60/0x80
> [<ffffffffa030d9b4>] nfnetlink_rcv+0x354/0x5a7 [nfnetlink]
>
> Because we forget to fill the net pointer in bind_ctx, so dereferencing
> it may cause kernel crash.
Applied, thanks for fixing up this, that was fast.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
