Re: 2.6.16-rc4 bridge/iptables Oops

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: 2.6.16-rc4 bridge/iptables Oops
       [not found] <200602201651.50217.list-lkml@net4u.de>
@ 2006-02-20 18:35 ` Patrick McHardy
  2006-02-21  1:11   ` Ernst Herzberg
  0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2006-02-20 18:35 UTC (permalink / raw)
  To: earny
  Cc: Kernel Netdev Mailing List, Netfilter Development Mailinglist,
	linux-kernel, David S. Miller

[-- Attachment #1: Type: text/plain, Size: 1638 bytes --]

Ernst Herzberg wrote:
> This machine oopses one to three (or more?) times a day. Occurs since upgrading 
> from -rc3 to -rc4 (and adding/reconfiguring raid).
> 
> It is reproducable, i have only to wait 10min to a couple of hours:-)
> 
> Opps copy/pasted from a serial console, long lines maybe truncated.
> dmesg is from the _previous_ boot/oops....
> 
> -------------------------------------------
> Oops: 0000 [#1]
> PREEMPT
> Modules linked in: ebt_log ebt_ip ebtable_filter ebtables nfsd exportfs lockd sunrpc w83627hf hwmon_vid i2c_isa xt_tcpudp xt_state ipt_MASQUERADE iptable_e
> CPU:    0
> EIP:    0060:[<b033fbf3>]    Not tainted VLI
> EFLAGS: 00010282   (2.6.16-rc4 #3)
> EIP is at xfrm_lookup+0x1f/0x47d
> eax: 00000000   ebx: b0452bb4   ecx: 00000000   edx: b0452bb4
> esi: b0452c90   edi: d6c9aa58   ebp: 80000000   esp: b0452b08
> ds: 007b   es: 007b   ss: 0068
> Process vtund (pid: 12035, threadinfo=b0452000 task=ef8cb030)
> Stack: <0>b0452000 d6c9aa58 b0452bc4 00000000 f153b56a b0452b84 d6c9aa58 f1546181
>        b03e5d20 00000000 b0452bb4 b0452bb0 b0452b84 b0452b94 f1546511 d804fd24
>        d6c9aa58 b0452b94 d6c9aa58 00000000 b0452b84 f15465a6 d6c9aa58 00000000
> Call Trace:
>  [<f153b56a>] ip_conntrack_tuple_taken+0x2c/0x3e [ip_conntrack]
>  [<f1546181>] ip_nat_used_tuple+0x1f/0x2b [ip_nat]
>  [<f1546511>] get_unique_tuple+0xca/0xe6 [ip_nat]
>  [<f15465a6>] ip_nat_setup_info+0x79/0x1fd [ip_nat]
>  [<b033ac28>] ip_xfrm_me_harder+0x5d/0x14b
>  [<f154b882>] ip_nat_out+0xb2/0xde [iptable_nat]
>  [<b034d154>] br_dev_queue_push_xmit+0x0/0x12a

This patch should fix it. Please test it and report if it helps.

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1309 bytes --]

[NETFILTER]: Fix crash with bridge-netfilter in xfrm_lookup

Bridge-netfilter attaches a fake dst entry without dst->ops to bridged
packets, which makes xfrm_lookup crash. Skip the lookup since IPsec
isn't supposed to work on a pure bridge anyway.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 98a533612cd7cc51482972b84ac9845a46e81bc9
tree 4b509dae626aaff8cd2e6521425d81ca0bcda1d4
parent d64d19d938ca48d1a4470010f8d48ceac28f4317
author Patrick McHardy <kaber@trash.net> Mon, 20 Feb 2006 19:34:57 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 20 Feb 2006 19:34:57 +0100

 net/ipv4/netfilter.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index ed42cdc..ae1e75d 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -87,6 +87,13 @@ int ip_xfrm_me_harder(struct sk_buff **p
 
 	if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)
 		return 0;
+#ifdef CONFIG_BRIDGE_NETFILTER
+	/* bridge netfilter attaches a fake dst entry without dst->ops to bridged
+	 * packets, which makes xfrm_lookup crash. Skip the lookup since IPsec
+	 * isn't supposed to work on a pure bridge anyway. */
+	if ((*pskb)->dst->ops == NULL)
+		return 0;
+#endif
 	if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0)
 		return -1;
 

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: 2.6.16-rc4 bridge/iptables Oops
  2006-02-20 18:35 ` 2.6.16-rc4 bridge/iptables Oops Patrick McHardy
@ 2006-02-21  1:11   ` Ernst Herzberg
  2006-02-21  3:08     ` Patrick McHardy
  0 siblings, 1 reply; 4+ messages in thread
From: Ernst Herzberg @ 2006-02-21  1:11 UTC (permalink / raw)
  To: linux-kernel
  Cc: Patrick McHardy, David S. Miller, Kernel Netdev Mailing List,
	Netfilter Development Mailinglist

On Monday 20 February 2006 19:35, Patrick McHardy wrote:
> Ernst Herzberg wrote:
> > This machine oopses one to three (or more?) times a day. Occurs since
> > upgrading from -rc3 to -rc4 (and adding/reconfiguring raid).
> >
> > It is reproducable, i have only to wait 10min to a couple of hours:-)
> >
> > Opps copy/pasted from a serial console, long lines maybe truncated.
> > dmesg is from the _previous_ boot/oops....
> >
> > -------------------------------------------
> > Oops: 0000 [#1]
> > PREEMPT
> > Modules linked in: ebt_log ebt_ip ebtable_filter ebtables nfsd exportfs
> > lockd sunrpc w83627hf hwmon_vid i2c_isa xt_tcpudp xt_state ipt_MASQUERADE
> > iptable_e CPU:    0
> > EIP:    0060:[<b033fbf3>]    Not tainted VLI
> > EFLAGS: 00010282   (2.6.16-rc4 #3)
> > EIP is at xfrm_lookup+0x1f/0x47d


> This patch should fix it. Please test it and report if it helps.

oernie:~ # uname -a ; uptime
Linux oernie 2.6.16-rc4 #1 PREEMPT Mon Feb 20 22:07:34 CET 2006 i686 Intel(R) 
Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
 02:06:00 up  3:53,  4 users,  load average: 0.08, 0.15, 0.10

No oops so far. Serial console still connected, will report if this or a 
similar problem occurs again.

Thanks!

<earn/>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: 2.6.16-rc4 bridge/iptables Oops
  2006-02-21  1:11   ` Ernst Herzberg
@ 2006-02-21  3:08     ` Patrick McHardy
  2006-02-21  4:07       ` David S. Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2006-02-21  3:08 UTC (permalink / raw)
  To: Ernst Herzberg
  Cc: Kernel Netdev Mailing List, Netfilter Development Mailinglist,
	linux-kernel, David S. Miller

[-- Attachment #1: Type: text/plain, Size: 634 bytes --]

Ernst Herzberg wrote:
>>This patch should fix it. Please test it and report if it helps.
> 
> 
> oernie:~ # uname -a ; uptime
> Linux oernie 2.6.16-rc4 #1 PREEMPT Mon Feb 20 22:07:34 CET 2006 i686 Intel(R) 
> Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
>  02:06:00 up  3:53,  4 users,  load average: 0.08, 0.15, 0.10
> 
> No oops so far. Serial console still connected, will report if this or a 
> similar problem occurs again.

Thanks for testing. Dave, please take this patch instead, it avoids
having to guess whether a packet originates from bridging in IP
netfilter by using DST_NOXFRM for bridge-netfilter's fake dst_entry.

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 2136 bytes --]

[NETFILTER]: Fix bridge netfilter related in xfrm_lookup

The bridge-netfilter code attaches a fake dst_entry with dst->ops == NULL
to purely bridged packets. When these packets are SNATed and a policy
lookup is done, xfrm_lookup crashes because it tries to dereference
dst->ops.

Change xfrm_lookup not to dereference dst->ops before checking for the
DST_NOXFRM flag and set this flag in the fake dst_entry.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 6f149cebfdad51205b405058496a501a550dfdb4
tree f87624178d8e9e8b255080f20a5b91a5c25d45e9
parent a8372f035aa2f6717123eb30679a08b619321dd4
author Patrick McHardy <kaber@trash.net> Tue, 21 Feb 2006 04:03:16 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 21 Feb 2006 04:03:16 +0100

 net/bridge/br_netfilter.c |    1 +
 net/xfrm/xfrm_policy.c    |    7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 6bb0c7e..e060aad 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -90,6 +90,7 @@ static struct rtable __fake_rtable = {
 			.dev			= &__fake_net_device,
 			.path			= &__fake_rtable.u.dst,
 			.metrics		= {[RTAX_MTU - 1] = 1500},
+			.flags			= DST_NOXFRM,
 		}
 	},
 	.rt_flags	= 0,
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 5e6b05a..8206025 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -782,7 +782,7 @@ int xfrm_lookup(struct dst_entry **dst_p
 	int nx = 0;
 	int err;
 	u32 genid;
-	u16 family = dst_orig->ops->family;
+	u16 family;
 	u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
 	u32 sk_sid = security_sk_sid(sk, fl, dir);
 restart:
@@ -796,13 +796,14 @@ restart:
 		if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
 			return 0;
 
-		policy = flow_cache_lookup(fl, sk_sid, family, dir,
-					   xfrm_policy_lookup);
+		policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
+					   dir, xfrm_policy_lookup);
 	}
 
 	if (!policy)
 		return 0;
 
+	family = dst_orig->ops->family;
 	policy->curlft.use_time = (unsigned long)xtime.tv_sec;
 
 	switch (policy->action) {

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: 2.6.16-rc4 bridge/iptables Oops
  2006-02-21  3:08     ` Patrick McHardy
@ 2006-02-21  4:07       ` David S. Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David S. Miller @ 2006-02-21  4:07 UTC (permalink / raw)
  To: kaber; +Cc: earny, linux-kernel, netdev, netfilter-devel

From: Patrick McHardy <kaber@trash.net>
Date: Tue, 21 Feb 2006 04:08:41 +0100

> Thanks for testing. Dave, please take this patch instead, it avoids
> having to guess whether a packet originates from bridging in IP
> netfilter by using DST_NOXFRM for bridge-netfilter's fake dst_entry.

Applied, thanks Patrick.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2006-02-21  4:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <200602201651.50217.list-lkml@net4u.de>
2006-02-20 18:35 ` 2.6.16-rc4 bridge/iptables Oops Patrick McHardy
2006-02-21  1:11   ` Ernst Herzberg
2006-02-21  3:08     ` Patrick McHardy
2006-02-21  4:07       ` David S. Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).