mbox series

[SRU,j:linux-azure,0/1] kernel panic was caused by a fatal exception due to a null pointer dereference in the iptable_nat module

Message ID 20240808191946.362133-1-john.cabaj@canonical.com
Headers show
Series kernel panic was caused by a fatal exception due to a null pointer dereference in the iptable_nat module | expand

Message

John Cabaj Aug. 8, 2024, 7:19 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/2076291

[Impact]

* Microsoft has requested a patch to address a kernel panic issue similar to the upstream issue here - https://patchwork.kernel.org/project/netdevbpf/patch/20240731213046.6194-2-pablo@netfilter.org/

[Fix]

* Clean cherry-pick upstream commit 5830aa863981: "netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()"

[Test Plan]

* Build and boot tested

[Where problems could occur]

* Low regression risk, mostly shifting logic
* Change to order of register_pernet_subsys() and xt_register_template() could expose some other logic being held together under race condition

[Other info]

* SF #00391736

Kuniyuki Iwashima (1):
  netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

 net/ipv4/netfilter/iptable_nat.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

Comments

Aaron Jauregui Aug. 9, 2024, 5:07 a.m. UTC | #1 
On Thu, Aug 08, 2024 at 02:19:45PM -0500, John Cabaj wrote:
> BugLink: https://bugs.launchpad.net/bugs/2076291
> 
> [Impact]
> 
> * Microsoft has requested a patch to address a kernel panic issue similar to the upstream issue here - https://patchwork.kernel.org/project/netdevbpf/patch/20240731213046.6194-2-pablo@netfilter.org/
> 
> [Fix]
> 
> * Clean cherry-pick upstream commit 5830aa863981: "netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()"
> 
> [Test Plan]
> 
> * Build and boot tested
> 
> [Where problems could occur]
> 
> * Low regression risk, mostly shifting logic
> * Change to order of register_pernet_subsys() and xt_register_template() could expose some other logic being held together under race condition
> 
> [Other info]
> 
> * SF #00391736
> 
> Kuniyuki Iwashima (1):
>   netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
> 
>  net/ipv4/netfilter/iptable_nat.c | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)

Acked-by: Aaron Jauregui <aaron.jauregui@canonical.com>
Kuan-Ying Lee Aug. 9, 2024, 6:05 a.m. UTC | #2 
On Thu, Aug 08, 2024 at 02:19:45PM -0500, John Cabaj wrote:
> BugLink: https://bugs.launchpad.net/bugs/2076291
> 
> [Impact]
> 
> * Microsoft has requested a patch to address a kernel panic issue similar to the upstream issue here - https://patchwork.kernel.org/project/netdevbpf/patch/20240731213046.6194-2-pablo@netfilter.org/
> 
> [Fix]
> 
> * Clean cherry-pick upstream commit 5830aa863981: "netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()"
> 
> [Test Plan]
> 
> * Build and boot tested
> 
> [Where problems could occur]
> 
> * Low regression risk, mostly shifting logic
> * Change to order of register_pernet_subsys() and xt_register_template() could expose some other logic being held together under race condition
> 
> [Other info]
> 
> * SF #00391736
> 
> Kuniyuki Iwashima (1):
>   netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
> 
>  net/ipv4/netfilter/iptable_nat.c | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)

Acked-by: Kuan-Ying Lee <kuan-ying.lee@canonical.com>
John Cabaj Aug. 9, 2024, 2:44 p.m. UTC | #3 
On 8/8/24 2:19 PM, John Cabaj wrote:
> BugLink: https://bugs.launchpad.net/bugs/2076291
> 
> [Impact]
> 
> * Microsoft has requested a patch to address a kernel panic issue similar to the upstream issue here - https://patchwork.kernel.org/project/netdevbpf/patch/20240731213046.6194-2-pablo@netfilter.org/
> 
> [Fix]
> 
> * Clean cherry-pick upstream commit 5830aa863981: "netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()"
> 
> [Test Plan]
> 
> * Build and boot tested
> 
> [Where problems could occur]
> 
> * Low regression risk, mostly shifting logic
> * Change to order of register_pernet_subsys() and xt_register_template() could expose some other logic being held together under race condition
> 
> [Other info]
> 
> * SF #00391736
> 
> Kuniyuki Iwashima (1):
>   netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
> 
>  net/ipv4/netfilter/iptable_nat.c | 18 ++++++++++--------
>  1 file changed, 10 insertions(+), 8 deletions(-)
> 

Applied to jammy:linux-azure master-next branch.


Thanks,
John
John Cabaj Aug. 13, 2024, 6:53 p.m. UTC | #4 
On 8/9/24 9:44 AM, John Cabaj wrote:
> On 8/8/24 2:19 PM, John Cabaj wrote:
>> BugLink: https://bugs.launchpad.net/bugs/2076291
>>
>> [Impact]
>>
>> * Microsoft has requested a patch to address a kernel panic issue similar to the upstream issue here - https://patchwork.kernel.org/project/netdevbpf/patch/20240731213046.6194-2-pablo@netfilter.org/
>>
>> [Fix]
>>
>> * Clean cherry-pick upstream commit 5830aa863981: "netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init()"
>>
>> [Test Plan]
>>
>> * Build and boot tested
>>
>> [Where problems could occur]
>>
>> * Low regression risk, mostly shifting logic
>> * Change to order of register_pernet_subsys() and xt_register_template() could expose some other logic being held together under race condition
>>
>> [Other info]
>>
>> * SF #00391736
>>
>> Kuniyuki Iwashima (1):
>>   netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
>>
>>  net/ipv4/netfilter/iptable_nat.c | 18 ++++++++++--------
>>  1 file changed, 10 insertions(+), 8 deletions(-)
>>
> 
> Applied to jammy:linux-azure master-next branch.
> 
> 
> Thanks,
> John
> 

Also applied to noble:linux-azure and oracular:linux-azure master-next branches.


John