netns: crash during namespace destroy

Bug #1256988 reported by Chris J Arges on 2013-12-02
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Precise
Medium
Chris J Arges
Quantal
Medium
Chris J Arges
Raring
Undecided
Unassigned

Bug Description

[Impact]
* When restoring an iptable in a network namespace, if the network namespace is deleted the kernel crashes.

[Test Case]
$ sudo -s
# ip netns add foobar
# ip netns exec foobar iptables -A OUTPUT -m recent --rcheck --rsource
# ip netns del foobar

[Regression Potential]
* The following patches fix the issue:
665e205c1
32263dd1b

In addition this patch is required to fix a potential regression introduced by the original fix:
https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=b4ef4ce09308955d1aa54a289c0162607b3aa16c

Two are upstream linux patches, the last it still in the netfilter upstream tree.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1256988

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Chris J Arges (arges) on 2013-12-02
Changed in linux (Ubuntu):
status: Incomplete → In Progress
importance: Undecided → Medium
Chris J Arges (arges) on 2013-12-02
description: updated
Chris J Arges (arges) on 2013-12-04
Changed in linux (Ubuntu Raring):
status: New → Fix Released
Changed in linux (Ubuntu Precise):
assignee: nobody → Chris J Arges (arges)
Changed in linux (Ubuntu Quantal):
assignee: nobody → Chris J Arges (arges)
Changed in linux (Ubuntu):
assignee: Chris J Arges (arges) → nobody
status: In Progress → Fix Released
Changed in linux (Ubuntu Precise):
status: New → In Progress
Changed in linux (Ubuntu Quantal):
status: New → In Progress
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu):
importance: Medium → Undecided
Chris J Arges (arges) on 2013-12-11
description: updated
description: updated
Chris J Arges (arges) on 2013-12-12
description: updated
Chris J Arges (arges) on 2013-12-13
description: updated
Tim Gardner (timg-tpi) on 2013-12-14
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-precise' to 'verification-done-precise'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-precise
tags: added: verification-needed-quantal
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Chris J Arges (arges) on 2014-02-06
tags: added: verification-done-precise
removed: verification-needed-precise
Chris J Arges (arges) wrote :

This is easily verified in a VM, did it with both P/Q and the -proposed kernel works!

tags: added: verification-done-quantal
removed: verification-needed-quantal
Launchpad Janitor (janitor) wrote :
Download full text (14.4 KiB)

This bug was fixed in the package linux - 3.2.0-59.90

---------------
linux (3.2.0-59.90) precise; urgency=low

  [ Brad Figg ]

  * UBUNTU: Disable modules checking for armel and armhf for this upload; the staging/tidspbridge has been disabled

linux (3.2.0-59.89) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1266551

  [ Andy Whitcroft ]

  * [Debian] Improve tools version message
    - LP: #1257715

  [ Sergey Popovich ]

  * SAUCE: netfilter: xt_hashlimit: fix proc entry leak in netns destroy
    path
    - LP: #1256988

  [ Tim Gardner ]

  * [Config] Enable CONFIG_VT6656
    - LP: #162671

  [ Upstream Kernel Changes ]

  * netfilter: xt_recent: fix namespace destroy path
    - LP: #1256988
  * netfilter: xt_hashlimit: fix namespace destroy path
    - LP: #1256988
  * selinux: correct locking in selinux_netlbl_socket_connect)
    - LP: #1266546
  * NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk()
    - LP: #1266546
  * USB: mos7840: fix tiocmget error handling
    - LP: #1266546
  * usb: Disable USB 2.0 Link PM before device reset.
    - LP: #1266546
  * usb: hub: Clear Port Reset Change during init/resume
    - LP: #1266546
  * rt2400pci: fix RSSI read
    - LP: #1266546
  * rt2x00: check if device is still available on rt2x00mac_flush()
    - LP: #1266546
  * alarmtimer: return EINVAL instead of ENOTSUPP if rtcdev doesn't exist
    - LP: #1266546
  * USB:add new zte 3g-dongle's pid to option.c
    - LP: #1266546
  * libata: Fix display of sata speed
    - LP: #1266546
  * ahci: disabled FBS prior to issuing software reset
    - LP: #1266546
  * drivers/libata: Set max sector to 65535 for Slimtype DVD A DS8A9SH
    drive
    - LP: #1266546
  * ALSA: 6fire: Fix probe of multiple cards
    - LP: #1266546
  * ARM: sa11x0/assabet: ensure CS2 is configured appropriately
    - LP: #1266546
  * usb: wusbcore: set the RPIPE wMaxPacketSize value correctly
    - LP: #1266546
  * usb: wusbcore: change WA_SEGS_MAX to a legal value
    - LP: #1266546
  * powerpc/vio: Fix modalias_show return values
    - LP: #1266546
  * powerpc/vio: use strcpy in modalias_show
    - LP: #1266546
  * dm: allocate buffer for messages with small number of arguments using
    GFP_NOIO
    - LP: #1266546
  * can: c_can: Fix RX message handling, handle lost message before EOB
    - LP: #1266546
  * dm mpath: fix race condition between multipath_dtr and pg_init_done
    - LP: #1266546
  * ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea()
    - LP: #1266546
  * ASoC: ak4642: prevent un-necessary changes to SG_SL1
    - LP: #1266546
  * ahci: Add Device IDs for Intel Wildcat Point-LP
    - LP: #1266546
  * KVM: IOMMU: hva align mapping page size
    - LP: #1266546
  * crypto: s390 - Fix aes-cbc IV corruption
    - LP: #1266546
  * audit: printk USER_AVC messages when audit isn't enabled
    - LP: #1266546
  * audit: fix info leak in AUDIT_GET requests
    - LP: #1266546
  * audit: use nlmsg_len() to get message payload length
    - LP: #1266546
  * drm/ttm: Fix memory type compatibility check
    - LP: #1266546
  * PM / hibernate: Avoid overflow in hibernate_preallocate_memory()
    - LP: #1266546
  * ALSA: hda - Add...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (7.6 KiB)

This bug was fixed in the package linux - 3.5.0-46.70

---------------
linux (3.5.0-46.70) quantal; urgency=low

  [ Brad Figg ]

  * UBUNTU: Disable abi and module checking due to broken modules being
    disabled and we have bumped the abi.

linux (3.5.0-46.69) quantal; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1266857

  [ Sergey Popovich ]

  * SAUCE: (no-up) netfilter: xt_hashlimit: fix proc entry leak in netns
    destroy path
    - LP: #1256988

  [ Tim Gardner ]

  * [Config] Enable CONFIG_VT6656
    - LP: #162671

  [ Upstream Kernel Changes ]

  * Revert "ima: policy for RAMFS"
    - LP: #1265562
  * netfilter: xt_recent: fix namespace destroy path
    - LP: #1256988
  * netfilter: xt_hashlimit: fix namespace destroy path
    - LP: #1256988
  * ACPICA: Interpreter: Fix Store() when implicit conversion is not
    possible.
    - LP: #1265562
  * ACPICA: DeRefOf operator: Update to fully resolve FieldUnit and
    BufferField refs.
    - LP: #1265562
  * ACPICA: Return error if DerefOf resolves to a null package element.
    - LP: #1265562
  * ACPICA: Fix for a Store->ArgX when ArgX contains a reference to a
    field.
    - LP: #1265562
  * aacraid: prevent invalid pointer dereference
    - LP: #1265562
  * libertas: potential oops in debugfs
    - LP: #1265562
  * ARM: sa11x0/assabet: ensure CS2 is configured appropriately
    - LP: #1265562
  * dm: allocate buffer for messages with small number of arguments using
    GFP_NOIO
    - LP: #1265562
  * ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea()
    - LP: #1265562
  * drm/radeon/si: fix define for MC_SEQ_TRAIN_WAKEUP_CNTL
    - LP: #1265562
  * drm/ttm: Handle in-memory region copies
    - LP: #1265562
  * drm/ttm: Fix ttm_bo_move_memcpy
    - LP: #1265562
  * drm/ttm: Fix memory type compatibility check
    - LP: #1265562
  * PM / hibernate: Avoid overflow in hibernate_preallocate_memory()
    - LP: #1265562
  * mtd: nand: hack ONFI for non-power-of-2 dimensions
    - LP: #1265562
  * mtd: map: fixed bug in 64-bit systems
    - LP: #1265562
  * mtd: m25p80: fix allocation size
    - LP: #1265562
  * block: fix race between request completion and timeout handling
    - LP: #1265562
  * blk-core: Fix memory corruption if blkcg_init_queue fails
    - LP: #1265562
  * loop: fix crash if blk_alloc_queue fails
    - LP: #1265562
  * block: fix a probe argument to blk_register_region
    - LP: #1265562
  * block: properly stack underlying max_segment_size to DM device
    - LP: #1265562
  * xen/blkback: fix reference counting
    - LP: #1265562
  * loop: fix crash when using unassigned loop device
    - LP: #1265562
  * SUNRPC: Fix a data corruption issue when retransmitting RPC calls
    - LP: #1265562
  * mtd: gpmi: fix kernel BUG due to racing DMA operations
    - LP: #1265562
  * ALSA: msnd: Avoid duplicated driver name
    - LP: #1265562
  * x86/microcode/amd: Tone down printk(), don't treat a missing firmware
    file as an error
    - LP: #1265562
  * SUNRPC: Avoid deep recursion in rpc_release_client
    - LP: #1265562
  * ALSA: hda - Don't clear the power state at snd_hda_codec_reset()
    - LP: #1265562
  * ASoC: blackfin: Fix missing ...

Read more...

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers