Re: [nf-failover] Oops in ctnetlink_create_conntrack

Re: [nf-failover] Oops in ctnetlink_create_conntrack

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 943 bytes --]

Simon Lodal wrote:
> Hello
> 
> I got an oops in ctnetlink_create_conntrack when running 'conntrackd -c', with 
> a 'conntrackd -d' running. I hope this is the right place to report this bug.

Please CC netfilter-devel on bugreports.

> BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
>  printing eip:
> *pde = 00000000
> Oops: 0000 [#1]
> SMP 
> Modules linked in: generic piix softdog e752x_edac eeprom i2c_dev i2c_i801 i2c_core parport_pc parport sd_mod ide_cd cdrom ide_disk usb_storage ide_core usbserial ehci_hcd uhci_hcd usbcore thermal processor fan ata_piix libata scsi_mod raid1 md_mod
> CPU:    1
> EIP:    0060:[<4029f2a7>]    Not tainted VLI
> EFLAGS: 00010202   (2.6.18.5-r2.8-p4smp #1) 
> EIP is at ctnetlink_create_conntrack+0x6e/0x3a7

I *think* this is already fixed in 2.6.19 by the attached patch.

Can you verify whether the patch fixes the problem? If it does
I'll push it to -stable.



[-- Attachment #2: x --]
[-- Type: text/plain, Size: 2014 bytes --]

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received
to create a new conntrack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit bbb3357d14f6becd156469220992ef7ab0f10e69
tree f24b5b6491c76d3b384bc09307d6b841fbc0370c
parent 1b683b551209ca46ae59b29572018001db5af078
author Pablo Neira Ayuso <pablo@netfilter.org> Wed, 29 Nov 2006 02:35:31 +0100
committer David S. Miller <davem@sunset.davemloft.net> Sat, 02 Dec 2006 21:31:27 -0800

 net/ipv4/netfilter/ip_conntrack_netlink.c |    8 +++++---
 net/netfilter/nf_conntrack_netlink.c      |    8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 3d277aa..d5d2efd 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7357b8f..ba77183 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);

Re: [nf-failover] Oops in ctnetlink_create_conntrack

[Simon Lodal]

Yes, verified.

Thanks a lot!


Regards
Simon


On Saturday 13 January 2007 16:21, Patrick McHardy wrote:
> Simon Lodal wrote:
> > Hello
> >
> > I got an oops in ctnetlink_create_conntrack when running 'conntrackd -c',
> > with a 'conntrackd -d' running. I hope this is the right place to report
> > this bug.
>
> Please CC netfilter-devel on bugreports.
>
> > BUG: unable to handle kernel NULL pointer dereference at virtual address
> > 00000004 printing eip:
> > *pde = 00000000
> > Oops: 0000 [#1]
> > SMP
> > Modules linked in: generic piix softdog e752x_edac eeprom i2c_dev
> > i2c_i801 i2c_core parport_pc parport sd_mod ide_cd cdrom ide_disk
> > usb_storage ide_core usbserial ehci_hcd uhci_hcd usbcore thermal
> > processor fan ata_piix libata scsi_mod raid1 md_mod CPU:    1
> > EIP:    0060:[<4029f2a7>]    Not tainted VLI
> > EFLAGS: 00010202   (2.6.18.5-r2.8-p4smp #1)
> > EIP is at ctnetlink_create_conntrack+0x6e/0x3a7
>
> I *think* this is already fixed in 2.6.19 by the attached patch.
>
> Can you verify whether the patch fixes the problem? If it does
> I'll push it to -stable.

Re: [nf-failover] Oops in ctnetlink_create_conntrack

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

Simon Lodal wrote:
> I got an oops in ctnetlink_create_conntrack when running 'conntrackd -c', with 
> a 'conntrackd -d' running. I hope this is the right place to report this bug.
> 
> Trigger: Executed 'conntrackd -c' twice. First time it succeeded, second time 
> it produced an oops.
> Reproducible: Yes, every time.
> [...]
> EIP: [<4029f2a7>] ctnetlink_create_conntrack+0x6e/0x3a7 SS:ESP 0068:5fbc1bb8

Does the patch attached fix the problem that you're reporting? It was
already committed to the upcoming 2.6.20 [1]

[1]
http://lists.netfilter.org/pipermail/netfilter-devel/2006-November/026212.html

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

[-- Attachment #2: 02fixstatus.patch --]
[-- Type: text/plain, Size: 1678 bytes --]

[CTNETLINK] Check for status flags existence on conntrack creation

Check that status flags are available in the netlink message received 
to create a new conntrack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: linux-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c
===================================================================
--- linux-2.6.git.orig/net/ipv4/netfilter/ip_conntrack_netlink.c	2006-11-08 23:54:28.000000000 +0100
+++ linux-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c	2006-11-08 23:54:55.000000000 +0100
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
Index: linux-2.6.git/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- linux-2.6.git.orig/net/netfilter/nf_conntrack_netlink.c	2006-11-08 23:55:06.000000000 +0100
+++ linux-2.6.git/net/netfilter/nf_conntrack_netlink.c	2006-11-08 23:55:49.000000000 +0100
@@ -961,9 +961,11 @@ ctnetlink_create_conntrack(struct nfattr
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);

Re: [nf-failover] Oops in ctnetlink_create_conntrack

[Pablo Neira Ayuso]

Pablo Neira Ayuso wrote:
> Does the patch attached fix the problem that you're reporting? It was
> already committed to the upcoming 2.6.20 [1]

Damn, I didn't notice that Patrick already did the trick. Thanks ;)

@Patrick: Would it make sense pushing this to -stable even if ctnetlink
is still marked as experimental?

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: [nf-failover] Oops in ctnetlink_create_conntrack

[Patrick McHardy]

Pablo Neira Ayuso wrote:
> Pablo Neira Ayuso wrote:
> 
>>Does the patch attached fix the problem that you're reporting? It was
>>already committed to the upcoming 2.6.20 [1]
> 
> 
> Damn, I didn't notice that Patrick already did the trick. Thanks ;)
> 
> @Patrick: Would it make sense pushing this to -stable even if ctnetlink
> is still marked as experimental?

Yes, I'll push it to -stable.