• Eric W. Biederman's avatar
    netns: Fix icmp shutdown. · 6eb07772
    Eric W. Biederman authored
    Recently I had a kernel panic in icmp_send during a network namespace
    cleanup.  There were packets in the arp queue that failed to be sent
    and we attempted to generate an ICMP host unreachable message, but
    failed because icmp_sk_exit had already been called.
    
    The network devices are removed from a network namespace and their
    arp queues are flushed before we do attempt to shutdown subsystems
    so this error should have been impossible.
    
    It turns out icmp_init is using register_pernet_device instead
    of register_pernet_subsys.  Which resulted in icmp being shut down
    while we still had the possibility of packets in flight, making
    a nasty NULL pointer deference in interrupt context possible.
    
    Changing this to register_pernet_subsys fixes the problem in
    my testing.
    Signed-off-by: default avatarEric W. Biederman <ebiederm@aristanetworks.com>
    Acked-by: default avatarDenis V. Lunev <den@openvz.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    6eb07772
icmp.c 28.4 KB