kernel panic - null pointer dereference on ipset operations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Xenial |
Fix Released
|
Critical
|
Unassigned |
Bug Description
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
tags: | added: cscc |
Status changed to 'Confirmed' because the bug affects multiple users.