Re: 2.4.7 crash with ipchains/netfilter as modules

Re: 2.4.7 crash with ipchains/netfilter as modules

[Rusty Russell]

In message <Pine.LNX.4.33.0107251054420.1834-100000@nick.dcs.qmw.ac.uk> you wri
te:
> ipchains               37568   0  (unused)
> unix                   16992  27  (autoclean)
> 
> ..but "ipchains -L" does produce some output (though it takes many
> minutes), and the kernel has logged some DENY packets. Attempting
> "modprobe -r ipchains" gives the following (possibly meaningless) oops.

Known issue (usage count stays at 0, independent of usage).

Try ipchains -L -n to get your output.

I'll look into the removal code (Al found some loading problems before
which I want to fix anyway)...

Thanks,
Rusty.
--
Premature optmztion is rt of all evl. --DK

2.4.7 crash with ipchains/netfilter as modules

[Matt Bernstein]

Just upgraded a fileserver (dual Pentium II/440BX) running Debian potato +
the bunk 2.4 support debs from 2.2.19, modularising what I can, without
resorting to initrd.

/proc/version:
Linux version 2.4.7 (mb@custard) (gcc version 2.95.2 20000220 (Debian GNU/Linux)) #1 SMP Wed Jul 25 09:07:05 BST 2001

Unfortunately the firewalling code is confused.

# lsmod
Module                  Size  Used by
nfs                    79168   3  (autoclean)
lockd                  49888   1  (autoclean) [nfs]
sunrpc                 66496   1  (autoclean) [nfs lockd]
floppy                 45744   1  (autoclean)
ipip                    6448   0  (unused)
eepro100               16336   1
acenic                125824   1
ipchains               37568   0  (unused)
unix                   16992  27  (autoclean)

..but "ipchains -L" does produce some output (though it takes many
minutes), and the kernel has logged some DENY packets. Attempting
"modprobe -r ipchains" gives the following (possibly meaningless) oops.

ksymoops 2.3.7 on i686 2.4.7.  Options used
     -V (default)
     -k /proc/ksyms (default)
     -l /proc/modules (default)
     -o /lib/modules/2.4.7/ (default)
     -m /boot/System.map-2.4.7 (default)

Warning: You did not tell me where to find symbol information.  I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc.  ksymoops -h explains the options.

Warning (compare_maps): mismatch on symbol nlmsvc_grace_period  , lockd
says f8969e14, /lib/modules/2.4.7/kernel/fs/lockd/lockd.o says f896922c.
Ignoring /lib/modules/2.4.7/kernel/fs/lockd/lockd.o entry
Warning (compare_maps): mismatch on symbol nlmsvc_ops  , lockd says
f8969e10, /lib/modules/2.4.7/kernel/fs/lockd/lockd.o says f8969228.
Ignoring /lib/modules/2.4.7/kernel/fs/lockd/lockd.o entryWarning
(compare_maps): mismatch on symbol nlmsvc_timeout  , lockd says f8969e18,
/lib/modules/2.4.7/kernel/fs/lockd/lockd.o says f8969230.  Ignoring
/lib/modules/2.4.7/kernel/fs/lockd/lockd.o entry
Warning (compare_maps): mismatch on symbol nfs_debug  , sunrpc says
f895c3a8, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c068.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol nfsd_debug  , sunrpc says
f895c3ac, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c06c.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol nlm_debug  , sunrpc says
f895c3b0, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c070.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol rpc_debug  , sunrpc says
f895c3a4, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c064.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol rpc_garbage_args  , sunrpc says
f895c384, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c044.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol rpc_success  , sunrpc says
f895c374, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c034.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol rpc_system_err  , sunrpc says
f895c388, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c048.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol xdr_one  , sunrpc says
f895c36c, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c02c.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol xdr_two  , sunrpc says
f895c370, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c030.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol xdr_zero  , sunrpc says
f895c368, /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o says f895c028.
Ignoring /lib/modules/2.4.7/kernel/net/sunrpc/sunrpc.o entry
Warning (compare_maps): mismatch on symbol floppy  , floppy says f8944258,
/lib/modules/2.4.7/kernel/drivers/block/floppy.o says f89435f8.  Ignoring
/lib/modules/2.4.7/kernel/drivers/block/floppy.o entry
Warning (compare_maps): mismatch on symbol unix_socket_table  , unix says
f8808dc0, /lib/modules/2.4.7/kernel/net/unix/unix.o says f8808a20.
Ignoring /lib/modules/2.4.7/kernel/net/unix/unix.o entry
Reading Oops report from the terminal
Unable to handle kernel paging request at virtual address f895f3bc
 printing eip:
f895f3bc
*pde = 37db0067
*pte = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<f895f3bc>]
EFLAGS: 00010282
eax: f895f3bc   ebx: f71d9140   ecx: f76f2240   edx: f71d9160
esi: 00000400   edi: f6ef2000   ebp: 00000400   esp: f6c7bf68
ds: 0018   es: 0018   ss: 0018
Process ipchains (pid: 3589, stackpage=f6c7b000)
Stack: c014fcdf f6ef2000 f6c7bf98 00000000 00000400 f71d9140 ffffffea 00000000
       00000400 f76f2240 00000000 00000000 00000000 c01330c7 f71d9140 40014000
       00000400 f71d9160 f6c7a000 08052438 00000000 bffffa3c c0106cfb 00000003
Call Trace: [<c014fcdf>] [<c01330c7>] [<c0106cfb>]

Code:  Bad EIP value.
Unable to handle kernel paging request at virtual address f895f3bc
f895f3bc
*pde = 37db0067
Oops: 0000
CPU:    0
EIP:    0010:[<f895f3bc>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010282
eax: f895f3bc   ebx: f71d9140   ecx: f76f2240   edx: f71d9160
esi: 00000400   edi: f6ef2000   ebp: 00000400   esp: f6c7bf68
ds: 0018   es: 0018   ss: 0018
Process ipchains (pid: 3589, stackpage=f6c7b000)
Stack: c014fcdf f6ef2000 f6c7bf98 00000000 00000400 f71d9140 ffffffea 00000000
       00000400 f76f2240 00000000 00000000 00000000 c01330c7 f71d9140 40014000
       00000400 f71d9160 f6c7a000 08052438 00000000 bffffa3c c0106cfb 00000003
Call Trace: [<c014fcdf>] [<c01330c7>] [<c0106cfb>]
Code:  Bad EIP value.

>>EIP; f895f3bc <[lockd]nlm_lookup_host+1e4/2a4>   <=====
Trace; c014fcdf <proc_file_read+b7/194>
Trace; c01330c7 <sys_read+8f/c4>
Trace; c0106cfb <system_call+33/38>


16 warnings issued.  Results may not be reliable.



Any help gratefully received. Any further information willingly offered!

Matt

Re: 2.4.7 crash with ipchains/netfilter as modules

[Rusty Russell]

In message <m15PLVv-000CDBC@localhost> you write:
> > "modprobe -r ipchains" gives the following (possibly meaningless) oops.
> 
> Known issue (usage count stays at 0, independent of usage).
> 
> Try ipchains -L -n to get your output.
> 
> I'll look into the removal code (Al found some loading problems before
> which I want to fix anyway)...

It looks like you unloaded the module while ipchains was reading
/proc.  That's fixed too (and the same bug in the other code).

Please test this patch (v2.4.7), and see if it's any better...
Thanks,
Rusty.
--
Premature optmztion is rt of all evl. --DK

diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_conntrack_standalone.c working-2.4.7-unclean/net/ipv4/netfilter/ip_conntrack_standalone.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_conntrack_standalone.c	Sat Apr 28 07:15:01 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_conntrack_standalone.c	Sun Jul 29 14:58:23 2001
@@ -226,6 +226,7 @@
 
 static int init_or_cleanup(int init)
 {
+	struct proc_dir_entry *proc;
 	int ret = 0;
 
 	if (!init) goto cleanup;
@@ -234,11 +235,14 @@
 	if (ret < 0)
 		goto cleanup_nothing;
 
-	proc_net_create("ip_conntrack",0,list_conntracks);
+	proc = proc_net_create("ip_conntrack",0,list_conntracks);
+	if (!proc) goto cleanup_init;
+	proc->owner = THIS_MODULE;
+
 	ret = nf_register_hook(&ip_conntrack_in_ops);
 	if (ret < 0) {
 		printk("ip_conntrack: can't register in hook.\n");
-		goto cleanup_init;
+		goto cleanup_proc;
 	}
 	ret = nf_register_hook(&ip_conntrack_local_out_ops);
 	if (ret < 0) {
@@ -266,8 +270,9 @@
 	nf_unregister_hook(&ip_conntrack_local_out_ops);
  cleanup_inops:
 	nf_unregister_hook(&ip_conntrack_in_ops);
- cleanup_init:
+ cleanup_proc:
 	proc_net_remove("ip_conntrack");
+ cleanup_init:
 	ip_conntrack_cleanup();
  cleanup_nothing:
 	return ret;
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_fw_compat_masq.c working-2.4.7-unclean/net/ipv4/netfilter/ip_fw_compat_masq.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_fw_compat_masq.c	Tue Sep 19 09:09:55 2000
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_fw_compat_masq.c	Sun Jul 29 18:49:28 2001
@@ -14,6 +14,7 @@
 #include <linux/inetdevice.h>
 #include <linux/proc_fs.h>
 #include <linux/version.h>
+#include <linux/module.h>
 #include <net/route.h>
 
 #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock)
@@ -302,13 +303,22 @@
 int __init masq_init(void)
 {
 	int ret;
+	struct proc_dir_entry *proc;
 
 	ret = ip_conntrack_init();
 	if (ret == 0) {
 		ret = ip_nat_init();
-		if (ret == 0)
-			proc_net_create("ip_masquerade", 0, masq_procinfo);
-		else
+		if (ret == 0) {
+			proc = proc_net_create("ip_masquerade",
+					       0, masq_procinfo);
+			if (proc)
+				proc->owner = THIS_MODULE;
+			else {
+				ip_nat_cleanup();
+				ip_conntrack_cleanup();
+				ret = -ENOMEM;
+			}
+		} else
 			ip_conntrack_cleanup();
 	}
 
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_queue.c working-2.4.7-unclean/net/ipv4/netfilter/ip_queue.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_queue.c	Sun Jul 22 13:13:27 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_queue.c	Sun Jul 29 17:33:24 2001
@@ -647,6 +647,7 @@
 static int __init init(void)
 {
 	int status = 0;
+	struct proc_dir_entry *proc;
 	
 	nfnl = netlink_kernel_create(NETLINK_FIREWALL, netlink_receive_user_sk);
 	if (nfnl == NULL) {
@@ -662,8 +663,14 @@
 		sock_release(nfnl->socket);
 		return status;
 	}
+	proc = proc_net_create(IPQ_PROC_FS_NAME, 0, ipq_get_info);
+	if (proc) proc->owner = THIS_MODULE;
+	else {
+		ipq_destroy_queue(nlq);
+		sock_release(nfnl->socket);
+		return -ENOMEM;
+	}
 	register_netdevice_notifier(&ipq_dev_notifier);
-	proc_net_create(IPQ_PROC_FS_NAME, 0, ipq_get_info);
 	ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0);
 	return status;
 }
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ip_tables.c working-2.4.7-unclean/net/ipv4/netfilter/ip_tables.c
--- linux-2.4.7-official/net/ipv4/netfilter/ip_tables.c	Tue May 15 18:29:35 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ip_tables.c	Sun Jul 29 18:52:33 2001
@@ -1730,9 +1730,15 @@
 	}
 
 #ifdef CONFIG_PROC_FS
-	if (!proc_net_create("ip_tables_names", 0, ipt_get_tables)) {
+	{
+	struct proc_dir_entry *proc;
+
+	proc = proc_net_create("ip_tables_names", 0, ipt_get_tables);
+	if (!proc) {
 		nf_unregister_sockopt(&ipt_sockopts);
 		return -ENOMEM;
+	}
+	proc->owner = THIS_MODULE;
 	}
 #endif
 
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipchains_core.c working-2.4.7-unclean/net/ipv4/netfilter/ipchains_core.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipchains_core.c	Fri Apr 13 05:11:39 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipchains_core.c	Sun Jul 29 18:56:20 2001
@@ -74,6 +74,7 @@
 #include <linux/sched.h>
 #include <linux/string.h>
 #include <linux/errno.h>
+#include <linux/module.h>
 
 #include <linux/socket.h>
 #include <linux/sockios.h>
@@ -1100,9 +1101,9 @@
 {
 	unsigned int i;
 	struct ip_chain *label
-		= kmalloc(SIZEOF_STRUCT_IP_CHAIN, GFP_KERNEL);
+		= kmalloc(SIZEOF_STRUCT_IP_CHAIN, GFP_ATOMIC);
 	if (label == NULL)
-		panic("Can't kmalloc for firewall chains.\n");
+		return NULL;
 	strcpy(label->label,name);
 	label->next = NULL;
 	label->chain = NULL;
@@ -1140,7 +1141,7 @@
 					      * user defined chain *
 					      * and therefore can be
 					      * deleted */
-	return 0;
+	return tmp->next ? 0 : ENOMEM;
 }
 
 /* This function simply changes the policy on one of the built in
@@ -1706,11 +1707,10 @@
 
 int ipfw_init_or_cleanup(int init)
 {
+	struct proc_dir_entry *proc;
 	int ret = 0;
 	unsigned long flags;
 
-	FWC_WRITE_LOCK_IRQ(&ip_fw_lock, flags);
-
 	if (!init) goto cleanup;
 
 #ifdef DEBUG_IP_FIREWALL_LOCKING
@@ -1727,17 +1727,24 @@
 	if (ret < 0)
 		goto cleanup_netlink;
 
-	proc_net_create(IP_FW_PROC_CHAINS, S_IFREG | S_IRUSR | S_IWUSR, ip_chain_procinfo);
-	proc_net_create(IP_FW_PROC_CHAIN_NAMES, S_IFREG | S_IRUSR | S_IWUSR, ip_chain_name_procinfo);
+	proc = proc_net_create(IP_FW_PROC_CHAINS, S_IFREG | S_IRUSR | S_IWUSR,
+			       ip_chain_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
+	proc = proc_net_create(IP_FW_PROC_CHAIN_NAMES,
+			       S_IFREG | S_IRUSR | S_IWUSR,
+			       ip_chain_name_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
 
 	IP_FW_INPUT_CHAIN = ip_init_chain(IP_FW_LABEL_INPUT, 1, FW_ACCEPT);
 	IP_FW_FORWARD_CHAIN = ip_init_chain(IP_FW_LABEL_FORWARD, 1, FW_ACCEPT);
 	IP_FW_OUTPUT_CHAIN = ip_init_chain(IP_FW_LABEL_OUTPUT, 1, FW_ACCEPT);
 
-	FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
 	return ret;
 
  cleanup:
+	unregister_firewall(PF_INET, &ipfw_ops);
+
+	FWC_WRITE_LOCK_IRQ(&ip_fw_lock, flags);
 	while (ip_fw_chains) {
 		struct ip_chain *next = ip_fw_chains->next;
 
@@ -1745,18 +1752,16 @@
 		kfree(ip_fw_chains);
 		ip_fw_chains = next;
 	}
+	FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
 
 	proc_net_remove(IP_FW_PROC_CHAINS);
 	proc_net_remove(IP_FW_PROC_CHAIN_NAMES);
 
-	unregister_firewall(PF_INET, &ipfw_ops);
-
  cleanup_netlink:
 #if defined(CONFIG_NETLINK_DEV) || defined(CONFIG_NETLINK_DEV_MODULE)
 	sock_release(ipfwsk->socket);
 
  cleanup_nothing:
 #endif
-	FWC_WRITE_UNLOCK_IRQ(&ip_fw_lock, flags);
 	return ret;
 }
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipfwadm_core.c working-2.4.7-unclean/net/ipv4/netfilter/ipfwadm_core.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipfwadm_core.c	Sat Jul  7 07:49:55 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipfwadm_core.c	Sun Jul 29 18:59:08 2001
@@ -3,6 +3,7 @@
 */
 
 #include <linux/config.h>
+#include <linux/module.h>
 #define CONFIG_IP_FIREWALL
 #define CONFIG_IP_FIREWALL_VERBOSE
 #define CONFIG_IP_MASQUERADE
@@ -1358,6 +1359,7 @@
 
 int ipfw_init_or_cleanup(int init)
 {
+	struct proc_dir_entry *proc;
 	int ret = 0;
 
 	if (!init)
@@ -1368,11 +1370,15 @@
 		goto cleanup_nothing;
 
 #ifdef CONFIG_IP_ACCT
-	proc_net_create("ip_acct", S_IFREG | S_IRUGO | S_IWUSR, ip_acct_procinfo);
+	proc = proc_net_create("ip_acct", S_IFREG | S_IRUGO | S_IWUSR, ip_acct_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
 #endif
-	proc_net_create("ip_input", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_in_procinfo);
-	proc_net_create("ip_output", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_out_procinfo);
-	proc_net_create("ip_forward", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_fwd_procinfo);
+	proc = proc_net_create("ip_input", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_in_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
+	proc = proc_net_create("ip_output", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_out_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
+	proc = proc_net_create("ip_forward", S_IFREG | S_IRUGO | S_IWUSR, ip_fw_fwd_procinfo);
+	if (proc) proc->owner = THIS_MODULE;
 
 	/* Register for device up/down reports */
 	register_netdevice_notifier(&ipfw_dev_notifier);
@@ -1383,6 +1389,7 @@
 	return ret;
 
  cleanup:
+	unregister_firewall(PF_INET, &ipfw_ops);
 #ifdef CONFIG_IP_FIREWALL_NETLINK
 	sock_release(ipfwsk->socket);
 #endif
@@ -1399,8 +1406,6 @@
 	free_fw_chain(chains[IP_FW_IN]);
 	free_fw_chain(chains[IP_FW_OUT]);
 	free_fw_chain(chains[IP_FW_ACCT]);
-
-	unregister_firewall(PF_INET, &ipfw_ops);
 
  cleanup_nothing:
 	return ret;
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c
--- linux-2.4.7-official/net/ipv4/netfilter/ipt_unclean.c	Sun Jul 22 13:13:27 2001
+++ working-2.4.7-unclean/net/ipv4/netfilter/ipt_unclean.c	Mon Jul 23 18:29:11 2001
@@ -331,6 +331,7 @@
 	tcpflags = ((u_int8_t *)tcph)[13];
 	if (tcpflags != TH_SYN
 	    && tcpflags != (TH_SYN|TH_ACK)
+	    && tcpflags != TH_RST
 	    && tcpflags != (TH_RST|TH_ACK)
 	    && tcpflags != (TH_RST|TH_ACK|TH_PUSH)
 	    && tcpflags != (TH_FIN|TH_ACK)