2021년 10월 4일 (월) 오후 9:01, Florian Westphal <fw@xxxxxxxxx>님이 작성:
>
> Juhee Kang <claudiajkang@xxxxxxxxx> wrote:
> > Currently, when the rule related to IDLETIMER is added, idletimer_tg timer
> > structure is initialized by kmalloc on executing idletimer_tg_create
> > function. However, in this process timer->timer_type is not defined to
> > a specific value. Thus, timer->timer_type has garbage value and it occurs
> > kernel panic. So, this commit fixes the panic by initializing
> > timer->timer_type using kzalloc instead of kmalloc.
> >
> > Test commands:
> > # iptables -A OUTPUT -j IDLETIMER --timeout 1 --label test
> > $ cat /sys/class/xt_idletimer/timers/test
> > Killed
> >
> > Splat looks like:
> > BUG: KASAN: user-memory-access in alarm_expires_remaining+0x49/0x70
> > Read of size 8 at addr 0000002e8c7bc4c8 by task cat/917
> > CPU: 12 PID: 917 Comm: cat Not tainted 5.14.0+ #3 79940a339f71eb14fc81aee1757a20d5bf13eb0e
> > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
> > Call Trace:
> > dump_stack_lvl+0x6e/0x9c
> > kasan_report.cold+0x112/0x117
> > ? alarm_expires_remaining+0x49/0x70
> > __asan_load8+0x86/0xb0
> > alarm_expires_remaining+0x49/0x70
> > idletimer_tg_show+0xe5/0x19b [xt_IDLETIMER 11219304af9316a21bee5ba9d58f76a6b9bccc6d]
>
> > Fixes: 0902b469bd250 ("netfilter: xtables: idletimer target implementation")
>
> Hmm, I don't think so.
>
> Probably:
> Fixes: 68983a354a65 ("netfilter: xtables: Add snapshot of hardidletimer target")
>
> ?
I will fix it and send v2 soon.
Thank you.
--
Best regards,
Juhee Kang
