From: Mark Huang <mlhuang@CS.Princeton.EDU>
To: netfilter-devel@lists.netfilter.org
Subject: [PATCH] Fix ipt_ULOG panics on SMP kernels
Date: Thu, 10 Aug 2006 12:31:10 -0400 [thread overview]
Message-ID: <44DB5F4E.2080608@cs.princeton.edu> (raw)
[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]
I've run into the same kernel panic as these reports:
https://lists.gnumonks.org/pipermail/ulogd/2005-August/000776.html
http://lists.netfilter.org/pipermail/netfilter/2006-January/064509.html
https://lists.gnumonks.org/pipermail/ulogd/2006-April/000853.html
On various SMP machines. The culprit is a null ub->skb in ulog_send(). I believe
that this can occur for the following reason. If ulog_timer() has already been
scheduled on one CPU and is spinning on the lock, and ipt_ulog_packet() flushes
the queue on another CPU by calling ulog_send() right before it exits (because
the threshold is reached), there will be no skbuff when ulog_timer() acquires
the lock and calls ulog_send(). Cancelling the timer in ulog_send() doesn't help
because it has already been scheduled and is running on the first CPU.
There are two solutions that I can see: re-allocate ub->skb at the end of
ipt_ulog_packet(), just like it does toward the beginning of the function. But
the problem will still happen if the allocation fails. The second solution,
implemented by the attached patch, is to just return from ulog_send() if ub->skb
is null.
Regards,
--Mark
[-- Attachment #2: ipt_ULOG.patch --]
[-- Type: text/x-patch, Size: 684 bytes --]
Index: linux-2.6/net/ipv4/netfilter/ipt_ULOG.c
===================================================================
RCS file: /cvs/linux-2.6/net/ipv4/netfilter/ipt_ULOG.c,v
retrieving revision 1.6
diff -u -r1.6 ipt_ULOG.c
--- linux-2.6/net/ipv4/netfilter/ipt_ULOG.c 27 Jul 2006 22:00:49 -0000 1.6
+++ linux-2.6/net/ipv4/netfilter/ipt_ULOG.c 10 Aug 2006 16:30:42 -0000
@@ -120,6 +120,11 @@
if (ub->qlen > 1)
ub->lastnlh->nlmsg_type = NLMSG_DONE;
+ if (!ub->skb) {
+ DEBUGP("ipt_ULOG: ulog_send: nothing to send\n");
+ return;
+ }
+
NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1;
DEBUGP("ipt_ULOG: throwing %d packets to netlink group %u\n",
ub->qlen, nlgroupnum + 1);
next reply other threads:[~2006-08-10 16:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-10 16:31 Mark Huang [this message]
2006-08-11 16:19 ` [PATCH] Fix ipt_ULOG panics on SMP kernels Patrick McHardy
2006-08-11 16:45 ` Mark Huang
2006-08-11 17:13 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44DB5F4E.2080608@cs.princeton.edu \
--to=mlhuang@cs.princeton.edu \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.