netfilter: fix crash in flow offload by adding netns support

Commit fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices") enabled netns, which in turn lead to the crash in the flow offload target. When the flow offloading framework intends to delete a flow from the hardware table, it is necessary to retrieve the namespace from nf_flowtable->ft_net. However, no one ever wrote the namespace into nf_flowtable->ft_net in advance. So the framework will mistakenly use a NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to the kernel panic. Ref: FS#2321 Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices") Tested-by: Simon Tretter <simon@mediaarchitectu.re> Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com> [merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches] Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-12-14 19:04:39 +00:00 · 2019-06-21 00:44:42 +08:00 · 2019-06-21 00:44:42 +08:00 · d344591e72
commit d344591e72
parent 545bfbc3a9
2 changed files with 13 additions and 3 deletions
--- a/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.14/650-netfilter-add-xt_OFFLOAD-target.patch
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,403 @@
+@@ -0,0 +1,408 @@
 +/*
 + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
 + *
@ -342,12 +342,13 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +flowoffload_tg(struct sk_buff *skb, const struct xt_action_param *par)
 +{
 +	const struct xt_flowoffload_target_info *info = par->targinfo;
+	const struct nf_conn_help *help;
 +	enum ip_conntrack_info ctinfo;
 +	enum ip_conntrack_dir dir;
 +	struct nf_flow_route route;
 +	struct flow_offload *flow;
 +	struct nf_conn *ct;
-+	const struct nf_conn_help *help;
+	struct net *net;
 +
 +	if (xt_flowoffload_skip(skb))
 +		return XT_CONTINUE;
@ -396,6 +397,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	xt_flowoffload_check_device(xt_in(par));
 +	xt_flowoffload_check_device(xt_out(par));
 +
+	net = read_pnet(&nf_flowtable.ft_net);
+	if (!net)
+		write_pnet(&nf_flowtable.ft_net, xt_net(par));
+
 +	if (info->flags & XT_FLOWOFFLOAD_HW)
 +		nf_flow_offload_hw_add(xt_net(par), flow, ct);
 +
--- a/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
+++ b/target/linux/generic/hack-4.19/650-netfilter-add-xt_OFFLOAD-target.patch
@ -98,7 +98,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 --- /dev/null
 +++ b/net/netfilter/xt_FLOWOFFLOAD.c
-@@ -0,0 +1,366 @@
+@@ -0,0 +1,371 @@
 +/*
 + * Copyright (C) 2018 Felix Fietkau <nbd@nbd.name>
 + *
@ -344,6 +344,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	struct nf_flow_route route;
 +	struct flow_offload *flow;
 +	struct nf_conn *ct;
+	struct net *net;
 +
 +	if (xt_flowoffload_skip(skb))
 +		return XT_CONTINUE;
@ -391,6 +392,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	xt_flowoffload_check_device(xt_in(par));
 +	xt_flowoffload_check_device(xt_out(par));
 +
+	net = read_pnet(&nf_flowtable.ft_net);
+	if (!net)
+		write_pnet(&nf_flowtable.ft_net, xt_net(par));
+
 +	if (info->flags & XT_FLOWOFFLOAD_HW)
 +		nf_flow_offload_hw_add(xt_net(par), flow, ct);
 +