From: Rusty Russell <rusty@rustcorp.com.au>
To: linux-kernel@vger.kernel.org
Cc: Matt Bernstein <matt@theBachChoir.org.uk>
Subject: Re: 2.4.7 crash with ipchains/netfilter as modules
Date: Mon, 30 Jul 2001 06:57:04 +1000 [thread overview]
Message-ID: <E15QxcZ-0001fC-00@localhost> (raw)
In-Reply-To: Your message of "Wed, 25 Jul 2001 20:03:34 +1000." <m15PLVv-000CDBC@localhost>
In message <m15PLVv-000CDBC@localhost> you write:
> > "modprobe -r ipchains" gives the following (possibly meaningless) oops.
>
> Known issue (usage count stays at 0, independent of usage).
>
> Try ipchains -L -n to get your output.
>
> I'll look into the removal code (Al found some loading problems before
> which I want to fix anyway)...
It looks like you unloaded the module while ipchains was reading
/proc. That's fixed too (and the same bug in the other code).
Please test this patch (v2.4.7), and see if it's any better...
Thanks,
Rusty.
--
Premature optmztion is rt of all evl. --DK
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_conntrack_standalone.c working-2.4.7-unclean/net/ipv4/netfilter/ip_conntrack_standalone.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_conntrack_standalone.c Sat Apr 28 07:15:01 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_conntrack_standalone.c Sun Jul 29 14:58:23 2001
@@ -226,6 +226,7 @@
static int init_or_cleanup(int init)
{
+ struct proc_dir_entry *proc;
int ret = 0;
if (!init) goto cleanup;
@@ -234,11 +235,14 @@
if (ret < 0)
goto cleanup_nothing;
- proc_net_create("ip_conntrack",0,list_conntracks);
+ proc = proc_net_create("ip_conntrack",0,list_conntracks);
+ if (!proc) goto cleanup_init;
+ proc->owner = THIS_MODULE;
+
ret = nf_register_hook(&ip_conntrack_in_ops);
if (ret < 0) {
printk("ip_conntrack: can't register in hook.\n");
- goto cleanup_init;
+ goto cleanup_proc;
}
ret = nf_register_hook(&ip_conntrack_local_out_ops);
if (ret < 0) {
@@ -266,8 +270,9 @@
nf_unregister_hook(&ip_conntrack_local_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_conntrack_in_ops);
- cleanup_init:
+ cleanup_proc:
proc_net_remove("ip_conntrack");
+ cleanup_init:
ip_conntrack_cleanup();
cleanup_nothing:
return ret;
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_fw_compat_masq.c working-2.4.7-unclean/net/ipv4/netfilter/ip_fw_compat_masq.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_fw_compat_masq.c Tue Sep 19 09:09:55 2000
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_fw_compat_masq.c Sun Jul 29 18:49:28 2001
@@ -14,6 +14,7 @@
#include <linux/inetdevice.h>
#include <linux/proc_fs.h>
#include <linux/version.h>
+#include <linux/module.h>
#include <net/route.h>
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock)
@@ -302,13 +303,22 @@
int __init masq_init(void)
{
int ret;
+ struct proc_dir_entry *proc;
ret = ip_conntrack_init();
if (ret == 0) {
ret = ip_nat_init();
- if (ret == 0)
- proc_net_create("ip_masquerade", 0, masq_procinfo);
- else
+ if (ret == 0) {
+ proc = proc_net_create("ip_masquerade",
+ 0, masq_procinfo);
+ if (proc)
+ proc->owner = THIS_MODULE;
+ else {
+ ip_nat_cleanup();
+ ip_conntrack_cleanup();
+ ret = -ENOMEM;
+ }
+ } else
ip_conntrack_cleanup();
}
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_queue.c working-2.4.7-unclean/net/ipv4/netfilter/ip_queue.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_queue.c Sun Jul 22 13:13:27 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_queue.c Sun Jul 29 17:33:24 2001
@@ -647,6 +647,7 @@
static int __init init(void)
{
int status = 0;
+ struct proc_dir_entry *proc;
nfnl = netlink_kernel_create(NETLINK_FIREWALL, netlink_receive_user_sk);
if (nfnl == NULL) {
@@ -662,8 +663,14 @@
sock_release(nfnl->socket);
return status;
}
+ proc = proc_net_create(IPQ_PROC_FS_NAME, 0, ipq_get_info);
+ if (proc) proc->owner = THIS_MODULE;
+ else {
+ ipq_destroy_queue(nlq);
+ sock_release(nfnl->socket);
+ return -ENOMEM;
+ }
register_netdevice_notifier(&ipq_dev_notifier);
- proc_net_create(IPQ_PROC_FS_NAME, 0, ipq_get_info);
ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0);
return status;
}
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_tables.c working-2.4.7-unclean/net/ipv4/netfilter/ip_tables.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_tables.c Tue May 15 18:29:35 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_tables.c Sun Jul 29 18:52:33 2001
@@ -1730,9 +1730,15 @@
}
#ifdef CONFIG_PROC_FS
- if (!proc_net_create("ip_tables_names", 0, ipt_get_tables)) {
+ {
+ struct proc_dir_entry *proc;
+
+ proc = proc_net_create("ip_tables_names", 0, ipt_get_tables);
+ if (!proc) {
nf_unregister_sockopt(&ipt_sockopts);
return -ENOMEM;
+ }
+ proc->owner = THIS_MODULE;
}
#endif
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipchains_core.c working-2.4.7-unclean/net/ipv4/netfilter/ipchains_core.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipchains_core.c Fri Apr 13 05:11:39 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipchains_core.c Sun Jul 29 18:56:20 2001
@@ -74,6 +74,7 @@
#include <linux/sched.h>
#include <linux/string.h>
#include <linux/errno.h>
+#include <linux/module.h>
#include <linux/socket.h>
#include <linux/sockios.h>
@@ -1100,9 +1101,9 @@
{
unsigned int i;
struct ip_chain *label
- = kmalloc(SIZEOF_STRUCT_IP_CHAIN, GFP_KERNEL);
+ = kmalloc(SIZEOF_STRUCT_IP_CHAIN, GFP_ATOMIC);
if (label == NULL)
- panic("Can't kmalloc for firewall chains.\n");
+ return NULL;
strcpy(label->label,name);
label->next = NULL;
label->chain = NULL;
@@ -1140,7 +1141,7 @@
* user defined chain *
* and therefore can be
* deleted */
- return 0;
+ return tmp->next ? 0 : ENOMEM;
}
/* This function simply changes the policy on one of the built in
@@ -1706,11 +1707,10 @@
int ipfw_init_or_cleanup(int init)
{
+ struct proc_dir_entry *proc;
int ret = 0;
unsigned long flags;
- FWC_WRITE_LOCK_IRQ(&ip_fw_lock, flags);
-
if (!init) goto cleanup;
#ifdef DEBUG_IP_FIREWALL_LOCKING
@@ -1727,17 +1727,24 @@
if (ret < 0)
goto cleanup_netlink;
- proc_net_create(IP_FW_PROC_CHAINS, S_IFREG | S_IRUSR | S_IWUSR, ip_chain_procinfo);
- proc_net_create(IP_FW_PROC_CHAIN_NAMES, S_IFREG | S_IRUSR | S_IWUSR, ip_chain_name_procinfo);
+ proc = proc_net_create(IP_FW_PROC_CHAINS, S_IFREG | S_IRUSR | S_IWUSR,
+ ip_chain_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
+ proc = proc_net_create(IP_FW_PROC_CHAIN_NAMES,
+ S_IFREG | S_IRUSR | S_IWUSR,
+ ip_chain_name_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
IP_FW_INPUT_CHAIN = ip_init_chain(IP_FW_LABEL_INPUT, 1, FW_ACCEPT);
IP_FW_FORWARD_CHAIN = ip_init_chain(IP_FW_LABEL_FORWARD, 1, FW_ACCEPT);
IP_FW_OUTPUT_CHAIN = ip_init_chain(IP_FW_LABEL_OUTPUT, 1, FW_ACCEPT);
- FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
return ret;
cleanup:
+ unregister_firewall(PF_INET, &ipfw_ops);
+
+ FWC_WRITE_LOCK_IRQ(&ip_fw_lock, flags);
while (ip_fw_chains) {
struct ip_chain *next = ip_fw_chains->next;
@@ -1745,18 +1752,16 @@
kfree(ip_fw_chains);
ip_fw_chains = next;
}
+ FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
proc_net_remove(IP_FW_PROC_CHAINS);
proc_net_remove(IP_FW_PROC_CHAIN_NAMES);
- unregister_firewall(PF_INET, &ipfw_ops);
-
cleanup_netlink:
#if defined(CONFIG_NETLINK_DEV) || defined(CONFIG_NETLINK_DEV_MODULE)
sock_release(ipfwsk->socket);
cleanup_nothing:
#endif
- FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
return ret;
}
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipfwadm_core.c working-2.4.7-unclean/net/ipv4/netfilter/ipfwadm_core.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipfwadm_core.c Sat Jul 7 07:49:55 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipfwadm_core.c Sun Jul 29 18:59:08 2001
@@ -3,6 +3,7 @@
*/
#include <linux/config.h>
+#include <linux/module.h>
#define CONFIG_IP_FIREWALL
#define CONFIG_IP_FIREWALL_VERBOSE
#define CONFIG_IP_MASQUERADE
@@ -1358,6 +1359,7 @@
int ipfw_init_or_cleanup(int init)
{
+ struct proc_dir_entry *proc;
int ret = 0;
if (!init)
@@ -1368,11 +1370,15 @@
goto cleanup_nothing;
#ifdef CONFIG_IP_ACCT
- proc_net_create("ip_acct", S_IFREG | S_IRUGO | S_IWUSR, ip_acct_procinfo);
+ proc = proc_net_create("ip_acct", S_IFREG | S_IRUGO | S_IWUSR, ip_acct_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
#endif
- proc_net_create("ip_input", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_in_procinfo);
- proc_net_create("ip_output", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_out_procinfo);
- proc_net_create("ip_forward", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_fwd_procinfo);
+ proc = proc_net_create("ip_input", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_in_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
+ proc = proc_net_create("ip_output", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_out_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
+ proc = proc_net_create("ip_forward", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_fwd_procinfo);
+ if (proc) proc->owner = THIS_MODULE;
/* Register for device up/down reports */
register_netdevice_notifier(&ipfw_dev_notifier);
@@ -1383,6 +1389,7 @@
return ret;
cleanup:
+ unregister_firewall(PF_INET, &ipfw_ops);
#ifdef CONFIG_IP_FIREWALL_NETLINK
sock_release(ipfwsk->socket);
#endif
@@ -1399,8 +1406,6 @@
free_fw_chain(chains[IP_FW_IN]);
free_fw_chain(chains[IP_FW_OUT]);
free_fw_chain(chains[IP_FW_ACCT]);
-
- unregister_firewall(PF_INET, &ipfw_ops);
cleanup_nothing:
return ret;
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c Sun Jul 22 13:13:27 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c Mon Jul 23 18:29:11 2001
@@ -331,6 +331,7 @@
tcpflags = ((u_int8_t *)tcph)[13];
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
+ && tcpflags != TH_RST
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK)
prev parent reply other threads:[~2001-07-29 22:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-07-25 10:04 2.4.7 crash with ipchains/netfilter as modules Matt Bernstein
2001-07-25 10:03 ` Rusty Russell
2001-07-29 20:57 ` Rusty Russell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E15QxcZ-0001fC-00@localhost \
--to=rusty@rustcorp.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=matt@theBachChoir.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.