Re: Re: Panic in ipt_do_table with 2.6.16.13-xen

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matt Ayres <matta@tektonic.net>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
	Netfilter Development Mailinglist
	<netfilter-devel@lists.netfilter.org>,
	Patrick McHardy <kaber@trash.net>,
	James Morris <jmorris@namei.org>
Subject: Re: Re: Panic in ipt_do_table with 2.6.16.13-xen
Date: Tue, 23 May 2006 17:23:31 -0400	[thread overview]
Message-ID: <44737D53.9050006@tektonic.net> (raw)
In-Reply-To: <bf76eefc5234d32440c822acd2879a8a@cl.cam.ac.uk>



Keir Fraser wrote:
> 
> On 22 May 2006, at 15:43, Patrick McHardy wrote:
> 
>> Maybe this helps: there is not too much the Xen code could be doing
>> wrong here. If I read your crash correctly it happend in the FORWARD
>> chain, which could mean that the outgoing device (probably the Xen
>> virtual network driver) has some bugs, but iptables really only cares
>> about the names at this point, which practically can't be bogus.
>> The only other thing I can imagine is that something is wrong with
>> the per-CPU copy of the ruleset, i.e. either smp_processor_id is
>> returning garbage or for_each_possible_cpu misses a CPU during
>> initialization. I have no idea if Xen really does touch this code,
>> but other than that I don't really see what it could break.
> 
> Having looked at disassembly, the fault happens when accessing 
> e->ip.invflags in ip_packet_match() inlined inside ipt_do_table().
> 
>  e = private->entries[smp_processor_id()] + 
> private->hook_entry[NF_IP_FORWARD]
> 
> smp_processor_id() should be 0 (since the oops appears to occur on cpu0) 
> and presumably all the ipt_entry structures are static once set up. 
> Since this crash happens on a common path in ipt_do_table(), and since 
> it happens only after the system has been up a while (I believe?), it 
> rather looks as though something has either corrupted a pointer or 
> unmapped memory from under iptables' feet.
> 

As the concerned user, what does this mean to me?  It will only affect 
SMP systems?  It is a bug in Xen or netfilter?

I'd just like to understand what is going on.

Thanks,
Matt

WARNING: multiple messages have this Message-ID (diff)

From: Matt Ayres <matta@tektonic.net>
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: Patrick McHardy <kaber@trash.net>,
	"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
	Netfilter Development Mailinglist 
	<netfilter-devel@lists.netfilter.org>,
	James Morris <jmorris@namei.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen
Date: Tue, 23 May 2006 17:23:31 -0400	[thread overview]
Message-ID: <44737D53.9050006@tektonic.net> (raw)
In-Reply-To: <bf76eefc5234d32440c822acd2879a8a@cl.cam.ac.uk>



Keir Fraser wrote:
> 
> On 22 May 2006, at 15:43, Patrick McHardy wrote:
> 
>> Maybe this helps: there is not too much the Xen code could be doing
>> wrong here. If I read your crash correctly it happend in the FORWARD
>> chain, which could mean that the outgoing device (probably the Xen
>> virtual network driver) has some bugs, but iptables really only cares
>> about the names at this point, which practically can't be bogus.
>> The only other thing I can imagine is that something is wrong with
>> the per-CPU copy of the ruleset, i.e. either smp_processor_id is
>> returning garbage or for_each_possible_cpu misses a CPU during
>> initialization. I have no idea if Xen really does touch this code,
>> but other than that I don't really see what it could break.
> 
> Having looked at disassembly, the fault happens when accessing 
> e->ip.invflags in ip_packet_match() inlined inside ipt_do_table().
> 
>  e = private->entries[smp_processor_id()] + 
> private->hook_entry[NF_IP_FORWARD]
> 
> smp_processor_id() should be 0 (since the oops appears to occur on cpu0) 
> and presumably all the ipt_entry structures are static once set up. 
> Since this crash happens on a common path in ipt_do_table(), and since 
> it happens only after the system has been up a while (I believe?), it 
> rather looks as though something has either corrupted a pointer or 
> unmapped memory from under iptables' feet.
> 

As the concerned user, what does this mean to me?  It will only affect 
SMP systems?  It is a bug in Xen or netfilter?

I'd just like to understand what is going on.

Thanks,
Matt

next prev parent reply	other threads:[~2006-05-23 21:23 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-15 17:46 Panic in ipt_do_table with 2.6.16.13-xen Matt Ayres
2006-05-15 19:27 ` Patrick McHardy
2006-05-15 19:27   ` Patrick McHardy
2006-05-16  0:01   ` Matt Ayres
2006-05-16  0:01     ` Matt Ayres
2006-05-16  3:31     ` James Morris
2006-05-16 13:49       ` Matt Ayres
2006-05-16 13:49         ` [Xen-devel] " Matt Ayres
2006-05-16 15:28         ` James Morris
2006-05-18 23:58           ` Matt Ayres
2006-05-18 23:58             ` [Xen-devel] " Matt Ayres
2006-05-19  0:05             ` James Morris
2006-05-19  0:16               ` Matt Ayres
2006-05-19  0:16                 ` [Xen-devel] " Matt Ayres
2006-05-19  0:45                 ` Matt Ayres
2006-05-19  0:45                   ` [Xen-devel] " Matt Ayres
2006-05-21 17:43                   ` Patrick McHardy
2006-05-21 17:43                     ` Patrick McHardy
2006-05-22 14:31                     ` Matt Ayres
2006-05-22 14:31                       ` [Xen-devel] " Matt Ayres
2006-05-22 14:42                       ` Keir Fraser
2006-05-22 14:43                       ` Patrick McHardy
2006-05-22 14:43                         ` Patrick McHardy
2006-05-23  9:54                         ` Keir Fraser
2006-05-23  9:54                           ` [Xen-devel] " Keir Fraser
2006-05-23 12:03                           ` Matt Ayres
2006-05-23 12:03                             ` [Xen-devel] " Matt Ayres
2006-05-23 21:15                         ` Keir Fraser
2006-05-23 21:15                           ` [Xen-devel] " Keir Fraser
2006-05-23 21:23                           ` Matt Ayres [this message]
2006-05-23 21:23                             ` Matt Ayres
2006-05-23 21:27                             ` Keir Fraser
2006-05-23 21:27                               ` [Xen-devel] " Keir Fraser
2006-05-24  7:16                               ` Gerd Hoffmann
2006-05-24  7:16                                 ` [Xen-devel] " Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44737D53.9050006@tektonic.net \
    --to=matta@tektonic.net \
    --cc=Keir.Fraser@cl.cam.ac.uk \
    --cc=jmorris@namei.org \
    --cc=kaber@trash.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.