Re: netfilter QUEUE target and packet socket interactions buggy or not

Patrick McHardy wrote:
> Nuutti Kotivuori wrote:
>>
>> Appended here is a backtrace with the tg3 driver. Also, it seems that
>> the bug cannot be reproduced with uniprocessor, only SMP.
>>
>> Unable to handle kernel NULL pointer dereference at virtual address 00000018
>
> This means inode->i_security was NULL. AFAICT it is only set to NULL in
> inode_free_security() when the inode is freed. This shouldn't happen
> while the packet is queued since the skb should hold a reference to
> the socket on the output path. So it could be some protocol forgetting
> to increase the refcnt when taking a reference.

Right.

> What kind of packet is this? And what kernel version are you
> running? Until recently ip_conntrack did some fiddling with skb->sk
> which could lead to a packet on the output path with skb->sk set but
> no reference taken.

This happens on Red Hat Enterprise Linux 4, with a 2.6.9 kernel (with
a gazillion of Red Hat patches in it, latest ones being from 2.6.11)
and the ip_queue patch that adds the bottom-half disabling. I will
know for sure tomorrow, but it seems that it doesn't appear on vanilla
2.6.13.1 or without SMP.

It is very hard to know which packet specifically triggers this. The
machine is under heavy load in general, a lot of packets are handled
via a QUEUE target, and some packets are captured via packet socket.

I will post more details tomorrow, but if you could point me towards
the changes in ip_conntrack that affected this, it would be very
helpful. I could check if they are in the Red Hat kernel and if not,
patch them manually and see if it makes a difference. The problem is
now reproduciable in a couple hours, so it shouldn't be too hard.

Thanks,
-- Naked

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • netfilter QUEUE target and packet socket interactions buggy or not
    • From: Nuutti Kotivuori <[email protected]>
  • Re: netfilter QUEUE target and packet socket interactions buggy or not
    • From: "David S. Miller" <[email protected]>
  • Re: netfilter QUEUE target and packet socket interactions buggy or not
    • From: Nuutti Kotivuori <[email protected]>
  • Re: netfilter QUEUE target and packet socket interactions buggy or not
    • From: Nuutti Kotivuori <[email protected]>
  • Re: netfilter QUEUE target and packet socket interactions buggy or not
    • From: Patrick McHardy <[email protected]>

• Prev by Date: Re: Missing #include <config.h>
• Next by Date: Re: Missing #include <config.h>
• Previous by thread: Re: netfilter QUEUE target and packet socket interactions buggy or not
• Next by thread: Re: netfilter QUEUE target and packet socket interactions buggy or not
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]