Re: iptables OOPS (all recent kernels on x86_64)

[Patrick McHardy <kaber@trash.net>]

[-- Attachment #1: Type: text/plain, Size: 2607 bytes --]

David Ford wrote:

> Up until 2.6.9, when I changed link status after the initial 
> configuration, I would get a kernel OOPS.  Now with 2.6.9, I get a 
> crash immediately on boot with network device configuration.   
> Attached is my boot log.

Apparently SCTP corrupted the inetaddr notifier chain by registering
the same notifier_block for IPv4 and IPv6, so masq_inet_event got a
struct inet6_ifaddr instead of a struct in_ifaddr. This patch should
fix it.

Regards
Patrick

>
>
> general protection fault: 0000 [1] PREEMPT
> CPU 0
> Modules linked in: ipt_TCPMSS ipt_REJECT iptable_filter iptable_mangle 
> ipt_MASQUERADE ipt_REDIRECT ipta
> Pid: 841, comm: ip Not tainted 2.6.9
> RIP: 0010:[<ffffffffa00494a8>] 
> <ffffffffa00494a8>{:ipt_MASQUERADE:device_cmp+152}
> RSP: 0018:000001003a883c08  EFLAGS: 00010202
> RAX: 82f363feffa60e02 RBX: 0000010006260d90 RCX: ffffff000032c000
> RDX: ffffff000032cc40 RSI: 0000010006260d90 RDI: 0000010038077658
> RBP: 0000010038077658 R08: 0000000000000000 R09: 000001003ae4ea88
> R10: 0000000000000000 R11: 000001003c4aa3c0 R12: 0000000000000000
> R13: ffffffffa0049410 R14: 0000000000000000 R15: 0000000000000000
> FS:  0000002a959a6d40(0000) GS:ffffffff808f0d00(0000) 
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000002a9582f6d0 CR3: 0000000000101000 CR4: 00000000000006e0
> Process ip (pid: 841, threadinfo 000001003a882000, task 0000010037864cf0)
> Stack: 0000010038077820 000001003a883c34 0000010006260d90 
> ffffffffa002e7ef
>       0000000000000001 000000c4805da6c9 ffffffffa004a400 0000010006260d90
>       0000000000000001 000001003ae2a4d8
> Call Trace:<ffffffffa002e7ef>{:ip_conntrack:ip_ct_selective_cleanup+271}
>       <ffffffffa0049559>{:ipt_MASQUERADE:masq_inet_event+25}
>       <ffffffff801535f0>{notifier_call_chain+32} 
> <ffffffff8058af01>{ipv6_add_addr+1361}
>       <ffffffff8058e466>{addrconf_add_linklocal+22} 
> <ffffffff8059226f>{addrconf_notify+2383}
>       <ffffffff80530cf5>{rt_cache_flush+581} 
> <ffffffff801535f0>{notifier_call_chain+32}
>       <ffffffff804fc36c>{dev_open+124} 
> <ffffffff804fde18>{dev_change_flags+104}
>       <ffffffff80562755>{devinet_ioctl+773} 
> <ffffffff80563e6c>{inet_ioctl+92}
>       <ffffffff804f1353>{sock_ioctl+867} 
> <ffffffff801b586d>{sys_ioctl+1117}
>       <ffffffff80110f4a>{system_call+126}
>
> Code: 48 8b 00 8b 40 50 39 85 98 01 00 00 75 12 8b 43 24 39 85 e0
> RIP <ffffffffa00494a8>{:ipt_MASQUERADE:device_cmp+152} RSP 
> <000001003a883c08>
> <0>Kernel panic - not syncing: Aiee, killing interrupt handler!
> <0>Rebooting in 20 seconds..cable
>


[-- Attachment #2: x --]
[-- Type: text/plain, Size: 2530 bytes --]

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/11/15 08:58:09+01:00 kaber@coreworks.de 
#   [SCTP]: Fix inetaddr notifier chain corruption
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/sctp/protocol.c
#   2004/11/15 08:58:03+01:00 kaber@coreworks.de +3 -3
#   [SCTP]: Fix inetaddr notifier chain corruption
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/sctp/ipv6.c
#   2004/11/15 08:58:03+01:00 kaber@coreworks.de +6 -3
#   [SCTP]: Fix inetaddr notifier chain corruption
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/sctp/ipv6.c b/net/sctp/ipv6.c
--- a/net/sctp/ipv6.c	2004-11-15 08:58:42 +01:00
+++ b/net/sctp/ipv6.c	2004-11-15 08:58:42 +01:00
@@ -78,7 +78,10 @@
 
 #include <asm/uaccess.h>
 
-extern struct notifier_block sctp_inetaddr_notifier;
+extern int sctp_inetaddr_event(struct notifier_block *, unsigned long, void *);
+static struct notifier_block sctp_inet6addr_notifier = {
+	.notifier_call = sctp_inetaddr_event,
+};
 
 /* ICMP error handler. */
 void sctp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
@@ -983,7 +986,7 @@
 	sctp_register_af(&sctp_ipv6_specific);
 
 	/* Register notifier for inet6 address additions/deletions. */
-	register_inet6addr_notifier(&sctp_inetaddr_notifier);
+	register_inet6addr_notifier(&sctp_inet6addr_notifier);
 	rc = 0;
 out:
 	return rc;
@@ -999,6 +1002,6 @@
 	inet6_del_protocol(&sctpv6_protocol, IPPROTO_SCTP);
 	inet6_unregister_protosw(&sctpv6_seqpacket_protosw);
 	inet6_unregister_protosw(&sctpv6_stream_protosw);
-	unregister_inet6addr_notifier(&sctp_inetaddr_notifier);
+	unregister_inet6addr_notifier(&sctp_inet6addr_notifier);
 	sk_free_slab(&sctpv6_prot);
 }
diff -Nru a/net/sctp/protocol.c b/net/sctp/protocol.c
--- a/net/sctp/protocol.c	2004-11-15 08:58:42 +01:00
+++ b/net/sctp/protocol.c	2004-11-15 08:58:42 +01:00
@@ -622,8 +622,8 @@
 /* Event handler for inet address addition/deletion events.
  * Basically, whenever there is an event, we re-build our local address list.
  */
-static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
-			       void *ptr)
+int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
+                        void *ptr)
 {
 	unsigned long flags;
 
@@ -824,7 +824,7 @@
 };
 
 /* Notifier for inetaddr addition/deletion events.  */
-struct notifier_block sctp_inetaddr_notifier = {
+static struct notifier_block sctp_inetaddr_notifier = {
 	.notifier_call = sctp_inetaddr_event,
 };