Confirm netfilter: repeatable oops in 2.4.15-pre2

[J Sloan <jjs@pobox.com>]

[-- Attachment #1: Type: text/plain, Size: 1037 bytes --]

Confirmation, backing out the following 4 netfilter
diffs makes 2.4.15-pre2 work fine on my firewall.

cu

jjs



"David S. Miller" wrote:

>    From: Matthew Kirkwood <matthew@hairy.beasts.org>
>    Date: Sat, 10 Nov 2001 11:53:11 +0000 (GMT)
>
>    On Fri, 9 Nov 2001, J Sloan wrote:
>
>    > I have been running the 2.4.15-pre kernels and
>    > have found an interesting oops. I can reproduce
>    > it immediately, and reliably, just by issuing an ssh
>    > command (as a normal user).
>
>    I'm seeing the same thing on my gateway, though I haven't
>    yet found my serial cable to get the oops translated.  I
>    am back to 2.4.10 for now.
>
> Just back out the netfilter changes in 2.4.15-pre1, that
> is the cause.
>
> Franks a lot,
> David S. Miller
> davem@redhat.com
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

[-- Attachment #2: netfilter-2.4.15-pre2.patch --]
[-- Type: text/plain, Size: 2802 bytes --]

diff -u --recursive --new-file v2.4.14/linux/net/ipv4/netfilter/ip_fw_compat.c linux/net/ipv4/netfilter/ip_fw_compat.c
--- v2.4.14/linux/net/ipv4/netfilter/ip_fw_compat.c	Fri Apr 27 14:15:01 2001
+++ linux/net/ipv4/netfilter/ip_fw_compat.c	Wed Nov  7 14:39:36 2001
@@ -78,11 +78,19 @@
 {
 	int ret = FW_BLOCK;
 	u_int16_t redirpt;
+	struct sk_buff *nskb;
 
 	/* Assume worse case: any hook could change packet */
 	(*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
 	if ((*pskb)->ip_summed == CHECKSUM_HW)
 		(*pskb)->ip_summed = CHECKSUM_NONE;
+
+	/* Firewall rules can alter TOS: raw socket may have clone of
+           skb: don't disturb it --RR */
+	nskb = skb_unshare(*pskb, GFP_ATOMIC);
+	if (!nskb)
+		return NF_DROP;
+	*pskb = nskb;
 
 	switch (hooknum) {
 	case NF_IP_PRE_ROUTING:
diff -u --recursive --new-file v2.4.14/linux/net/ipv4/netfilter/ip_nat_core.c linux/net/ipv4/netfilter/ip_nat_core.c
--- v2.4.14/linux/net/ipv4/netfilter/ip_nat_core.c	Wed May 16 10:31:27 2001
+++ linux/net/ipv4/netfilter/ip_nat_core.c	Wed Nov  7 14:39:36 2001
@@ -734,6 +734,15 @@
 	   synchronize_bh()) can vanish. */
 	READ_LOCK(&ip_nat_lock);
 	for (i = 0; i < info->num_manips; i++) {
+		struct sk_buff *nskb;
+		/* raw socket may have clone of skb: don't disturb it --RR */
+		nskb = skb_unshare(*pskb, GFP_ATOMIC);
+		if (!nskb) {
+			READ_UNLOCK(&ip_nat_lock);
+			return NF_DROP;
+		}
+		*pskb = nskb;
+
 		if (info->manips[i].direction == dir
 		    && info->manips[i].hooknum == hooknum) {
 			DEBUGP("Mangling %p: %s to %u.%u.%u.%u %u\n",
diff -u --recursive --new-file v2.4.14/linux/net/ipv4/netfilter/ipt_TCPMSS.c linux/net/ipv4/netfilter/ipt_TCPMSS.c
--- v2.4.14/linux/net/ipv4/netfilter/ipt_TCPMSS.c	Tue Oct  9 17:06:53 2001
+++ linux/net/ipv4/netfilter/ipt_TCPMSS.c	Wed Nov  7 14:39:36 2001
@@ -48,6 +48,13 @@
 	u_int16_t tcplen, newtotlen, oldval, newmss;
 	unsigned int i;
 	u_int8_t *opt;
+	struct sk_buff *nskb;
+
+	/* raw socket may have clone of skb: don't disturb it --RR */
+	nskb = skb_unshare(*pskb, GFP_ATOMIC);
+	if (!nskb)
+		return NF_DROP;
+	*pskb = nskb;
 
 	tcplen = (*pskb)->len - iph->ihl*4;
 
diff -u --recursive --new-file v2.4.14/linux/net/ipv4/netfilter/ipt_TOS.c linux/net/ipv4/netfilter/ipt_TOS.c
--- v2.4.14/linux/net/ipv4/netfilter/ipt_TOS.c	Tue Oct  9 17:06:53 2001
+++ linux/net/ipv4/netfilter/ipt_TOS.c	Wed Nov  7 14:39:36 2001
@@ -19,7 +19,14 @@
 	const struct ipt_tos_target_info *tosinfo = targinfo;
 
 	if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
+		struct sk_buff *nskb;
 		u_int16_t diffs[2];
+
+		/* raw socket may have clone of skb: don't disturb it --RR */
+		nskb = skb_unshare(*pskb, GFP_ATOMIC);
+		if (!nskb)
+			return NF_DROP;
+		*pskb = nskb;
 
 		diffs[0] = htons(iph->tos) ^ 0xFFFF;
 		iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;