From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
Adrian Bunk <bunk@stusta.de>,
Mark Huang <mlhuang@cs.princeton.edu>,
Patrick McHardy <kaber@trash.net>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 10/20] : ulog: fix panic on SMP kernels
Date: Mon, 21 Aug 2006 11:46:54 -0700 [thread overview]
Message-ID: <20060821184654.GK21938@kroah.com> (raw)
In-Reply-To: <20060821184527.GA21938@kroah.com>
[-- Attachment #1: ulog-fix-panic-on-smp-kernels.patch --]
[-- Type: text/plain, Size: 2114 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Mark Huang <mlhuang@cs.princeton.edu>
[NETFILTER]: ulog: fix panic on SMP kernels
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.
Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/bridge/netfilter/ebt_ulog.c | 3 +++
net/ipv4/netfilter/ipt_ULOG.c | 5 +++++
net/netfilter/nfnetlink_log.c | 3 +++
3 files changed, 11 insertions(+)
--- linux-2.6.17.9.orig/net/bridge/netfilter/ebt_ulog.c
+++ linux-2.6.17.9/net/bridge/netfilter/ebt_ulog.c
@@ -75,6 +75,9 @@ static void ulog_send(unsigned int nlgro
if (timer_pending(&ub->timer))
del_timer(&ub->timer);
+ if (!ub->skb)
+ return;
+
/* last nlmsg needs NLMSG_DONE */
if (ub->qlen > 1)
ub->lastnlh->nlmsg_type = NLMSG_DONE;
--- linux-2.6.17.9.orig/net/ipv4/netfilter/ipt_ULOG.c
+++ linux-2.6.17.9/net/ipv4/netfilter/ipt_ULOG.c
@@ -116,6 +116,11 @@ static void ulog_send(unsigned int nlgro
del_timer(&ub->timer);
}
+ if (!ub->skb) {
+ DEBUGP("ipt_ULOG: ulog_send: nothing to send\n");
+ return;
+ }
+
/* last nlmsg needs NLMSG_DONE */
if (ub->qlen > 1)
ub->lastnlh->nlmsg_type = NLMSG_DONE;
--- linux-2.6.17.9.orig/net/netfilter/nfnetlink_log.c
+++ linux-2.6.17.9/net/netfilter/nfnetlink_log.c
@@ -366,6 +366,9 @@ __nfulnl_send(struct nfulnl_instance *in
if (timer_pending(&inst->timer))
del_timer(&inst->timer);
+ if (!inst->skb)
+ return 0;
+
if (inst->qlen > 1)
inst->lastnlh->nlmsg_type = NLMSG_DONE;
--
next prev parent reply other threads:[~2006-08-21 18:49 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060821183818.155091391@quad.kroah.org>
2006-08-21 18:45 ` [patch 00/20] 2.6.17-stable review Greg KH
2006-08-21 18:45 ` [patch 01/20] Have ext3 reject file handles with bad inode numbers early Greg KH
2006-08-21 18:45 ` [patch 02/20] sky2: phy power problem on 88e805x Greg KH
2006-08-21 18:46 ` [patch 03/20] Kill HASH_HIGHMEM from route cache hash sizing Greg KH
2006-08-21 18:46 ` [patch 04/20] Fix timer race in dst GC code Greg KH
2006-08-21 18:46 ` [patch 05/20] Fix IFLA_ADDRESS handling Greg KH
2006-08-21 18:46 ` [patch 06/20] Fix BeFS slab corruption Greg KH
2006-08-21 18:46 ` [patch 07/20] disable debugging version of write_lock() Greg KH
2006-08-21 18:46 ` [patch 08/20] ipx: header length validation needed Greg KH
2006-08-21 18:46 ` [patch 09/20] tpm: interrupt clear fix Greg KH
2006-08-21 18:46 ` Greg KH [this message]
2006-08-21 18:47 ` [patch 11/20] sys_getppid oopses on debug kernel Greg KH
2006-08-21 18:47 ` [patch 12/20] SERIAL: icom: select FW_LOADER Greg KH
2006-08-21 18:47 ` [patch 13/20] PCI: fix ICH6 quirks Greg KH
2006-08-21 18:47 ` [patch 14/20] : ip_tables: fix table locking in ipt_do_table Greg KH
2006-08-21 18:47 ` [patch 15/20] IA64: local DoS with corrupted ELFs Greg KH
2006-08-21 18:47 ` [patch 16/20] Fix ipv4 routing locking bug Greg KH
2006-08-21 18:47 ` Greg KH
2006-08-21 18:48 ` [patch 17/20] dm: BUG/OOPS fix Greg KH
2006-08-21 18:48 ` [patch 18/20] swsusp: Fix swap_type_of Greg KH
2006-08-21 18:48 ` [patch 19/20] MD: Fix a potential NULL dereference in md/raid1 Greg KH
2006-08-21 18:48 ` [patch 20/20] 1394: fix for recently added firewire patch that breaks things on ppc Greg KH
2006-08-22 9:03 ` Stefan Richter
2006-08-21 19:46 ` [patch 00/20] 2.6.17-stable review Dave Jones
2006-08-21 21:43 ` Greg KH
2006-08-22 13:49 ` John Stoffel
2006-08-22 13:59 ` Kyle Moffett
2006-08-22 14:53 ` John Stoffel
2006-08-22 19:13 ` Herbert Xu's paged unique skb trimming patch? Nix
2006-08-22 19:17 ` Greg KH
2006-08-22 20:41 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060821184654.GK21938@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jmforbes@linuxtx.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mlhuang@cs.princeton.edu \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.