bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-13 16:24 UTC
[Bug 777] New: Suspect bug in __do_replace()
http://bugzilla.netfilter.org/show_bug.cgi?id=777
Summary: Suspect bug in __do_replace()
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: pmodilaynen at gmail.com
Estimated Hours: 0.0
Hello netfilter developers!
I suspect a small bug in /kernel/net/ipv4/netfilter/ip_tables.c __do_replace()
function. xt_replace_table() may return NULL when allocation of memory was not
successful by xt_replace_table->xt_jumpstack_alloc() (in my case I suspect
there were no free memory when it's happened):
...
oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
if (!oldinfo)
goto put_module;
The full bactrace is
WARNING: at /kernel/mm/vmalloc.c:107 vmap_page_range_noflush+0x120/0x1b4()
<4>[18835.587677] [<c00409dc>] (unwind_backtrace+0x0/0x164) from
[<c0082a34>]
(warn_slowpath_common+0x4c/0x64)
<4>[18835.587707] [<c0082a34>] (warn_slowpath_common+0x4c/0x64) from
[<c0082a64>] (warn_slowpath_null+0x18/0x1c)
<4>[18835.587738] [<c0082a64>] (warn_slowpath_null+0x18/0x1c) from
[<c01087bc>]
(vmap_page_range_noflush+0x120/0x1b4)
<4>[18835.587768] [<c01087bc>] (vmap_page_range_noflush+0x120/0x1b4)
from
[<c010eb98>] (pcpu_populate_chunk+0x234/0x5c0)
<4>[18835.587768] [<c010eb98>] (pcpu_populate_chunk+0x234/0x5c0)
from
[<c010f220>] (pcpu_alloc+0x2fc/0x3ec)
<4>[18835.587799] [<c010f220>] (pcpu_alloc+0x2fc/0x3ec) from
[<c0462540>]
(xt_jumpstack_alloc+0x14/0x104)
<4>[18835.587829] [<c0462540>] (xt_jumpstack_alloc+0x14/0x104) from
[<c046264c>] (xt_replace_table+0x1c/0xd4)
<4>[18835.587829] [<c046264c>] (xt_replace_table+0x1c/0xd4) from
[<c04a40e4>]
(do_replace.clone.0+0x1a0/0x310)
<4>[18835.587860] [<c04a40e4>] (do_replace.clone.0+0x1a0/0x310) from
[<c04a4298>] (do_ipt_set_ctl+0x44/0x228)
<4>[18835.588012] PERCPU: allocation failed, size=4 align=4, failed to
populate
which is later causes kernel panic:
<1>[18836.008117] Unable to handle kernel paging request at virtual
address
f7fe73a4
<1>[18836.008117] pgd = ca190000
<1>[18836.008148] [f7fe73a4] *pgd=1f783011, *pte=00000000, *ppte=00000000
<0>[18836.008178] Internal error: Oops: 7 [#1] PREEMPT SMP
I wonder, should it be something like:
...
oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
if (res == -ENOMEM)
goto out;
if (!oldinfo)
goto put_module;
BR,
Pavel Modilaynen
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-13 16:28 UTC
[Bug 777] Suspect bug in __do_replace()
http://bugzilla.netfilter.org/show_bug.cgi?id=777 --- Comment #1 from Pavel Modilaynen <pmodilaynen at gmail.com> 2012-03-13 17:28:07 CET --- Sorry, of course I meant "ret" instead of "res". -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.