From: Patrick McHardy <kaber@trash.net>
To: Pavel Emelyanov <xemul@openvz.org>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Natalie Protasevich <protasnb@gmail.com>,
Linux Netdev List <netdev@vger.kernel.org>,
andy@greyhouse.net
Subject: Re: 2.6.25-rc9: Reported regressions from 2.6.24
Date: Sun, 13 Apr 2008 22:18:54 +0200 [thread overview]
Message-ID: <48026AAE.8040500@trash.net> (raw)
In-Reply-To: <480267C0.6020402@trash.net>
[-- Attachment #1: Type: text/plain, Size: 1049 bytes --]
Patrick McHardy wrote:
>>>
>>> Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=10323
>>> Subject : panic using bridging on linus kernel 2.6.25-rc6
>>> Submitter : Andy Gospodarek <andy@greyhouse.net>
>>> Date : 2008-03-25 11:40 (20 days old)
>>
>> This looks like another network-namespace regression.
>> icmp_send() does:
>>
>> net = rt->u.dst.dev->nd_net;
>>
>> The bridge netfilter code attaches a fake dst_entry to the
>> skb which has dev == NULL when passing it to IPv4 netfilter.
>>
>> Pavel, do you have a better ideas for fixing this than
>> instantiating a dst_entry in br_netfilter.c for every
>> device (or at least for every namespace)?
>
> The description of the problem was not entirely correct, the
> bridge-netfilter dst_entry does have a proper device pointer,
> it points to a dummy net_device structure however that doesn't
> have a namespace associated with it. This blows up in
> __ip_route_output_key.
For now I suggest this fix. Andy, could you please test whether it
fixes the problem?
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1143 bytes --]
[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter
The bridge netfilter code attaches a fake dst_entry with a pointer to a
fake net_device structure to skbs it passes up to IPv4 netfilter. This
leads to crashes when the skb is passed to __ip_route_output_key when
dereferencing the namespace pointer.
Since bridging can currently only operate in the init_net namespace,
the easiest fix for now is to initialize the nd_net pointer of the
fake net_device struct to &init_net.
Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 1c0efd8..af7e8be 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -110,7 +110,8 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
* ipt_REJECT needs it. Future netfilter modules might
* require us to fill additional fields. */
static struct net_device __fake_net_device = {
- .hard_header_len = ETH_HLEN
+ .hard_header_len = ETH_HLEN,
+ .nd_net = &init_net,
};
static struct rtable __fake_rtable = {
next prev parent reply other threads:[~2008-04-13 20:22 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-13 18:53 2.6.25-rc9: Reported regressions from 2.6.24 Rafael J. Wysocki
2008-04-13 18:53 ` [Bug #9978] 2.6.25-rc1: volanoMark regression Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10156] KVM & Qemu crashed with infinite recursive kernel loop in the guest Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10082] 2.6.25-rc2-git4 - Kernel oops while running kernbench and tbench on powerpc Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10300] volume wheel does not work in 2.6.25-rc6 Rafael J. Wysocki
2008-04-14 7:34 ` Romano Giannetti
2008-04-13 18:56 ` [Bug #10117] 2.6.25-current-git sometimes hangs on boot - dual-core Sony Vaio Rafael J. Wysocki
2008-04-13 20:25 ` Carlos R. Mafra
2008-04-15 16:25 ` Carlos R. Mafra
2008-04-15 20:33 ` Rafael J. Wysocki
2008-04-15 20:45 ` Adrian Bunk
2008-04-15 21:03 ` Rafael J. Wysocki
2008-04-15 21:09 ` Pallipadi, Venkatesh
2008-04-15 21:18 ` Soeren Sonnenburg
2008-04-15 21:24 ` Rafael J. Wysocki
2008-04-15 21:33 ` Pallipadi, Venkatesh
2008-04-15 21:36 ` Soeren Sonnenburg
2008-04-15 21:38 ` Adrian Bunk
2008-04-15 21:44 ` Adrian Bunk
2008-04-15 21:36 ` Adrian Bunk
2008-04-15 21:24 ` [Bug #10117] 2.6.25-current-git sometimes hangs on boot -dual-core " Pallipadi, Venkatesh
2008-04-15 21:27 ` Soeren Sonnenburg
2008-04-15 21:29 ` Adrian Bunk
2008-04-15 22:54 ` Carlos R. Mafra
2008-04-16 0:19 ` Adrian Bunk
2008-04-16 0:50 ` Ingo Molnar
2008-04-15 21:09 ` [Bug #10117] 2.6.25-current-git sometimes hangs on boot - dual-core " Adrian Bunk
2008-04-13 18:56 ` [Bug #10235] 2.6.25-rc5: Blank Screen with Intel 945 Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10290] [BUG] Linux 2.6.25-rc6 - kernel BUG at fs/mpage.c:476! on powerpc Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10133] INFO: possible circular locking in the resume Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10153] (regression) kernel/timeconst.h bugs with HZ=128 Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10320] rt2x00 does not associate or give scan results Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10391] 2.6.25-rc7/8: Another resume regression Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10393] ext4 compile error on m68k Rafael J. Wysocki
2008-04-13 19:52 ` Adrian Bunk
2008-04-13 18:56 ` [Bug #10302] 2.6.25-git regression with snd-hda-intel on Dell XPS M1330, no analog sound Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10365] usb-storage, error reading the last 8 sectors, regression in 2.6.25-rc7 Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10366] 2.6.25-rc7: warn_on_slowpath triggered Rafael J. Wysocki
2008-04-13 19:48 ` Björn Steinbrink
2008-04-14 7:14 ` Ingo Molnar
2008-04-13 20:15 ` Bob Tracy
2008-04-13 18:56 ` [Bug #10427] e1000e broke e1000 Rafael J. Wysocki
2008-04-14 7:15 ` Ingo Molnar
2008-04-13 18:56 ` [Bug #10450] sh64: add missing #include <asm/fpu.h>'s Rafael J. Wysocki
2008-04-13 19:52 ` Adrian Bunk
2008-04-13 18:56 ` [Bug #10323] panic using bridging on linus kernel 2.6.25-rc6 Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10344] [2.6.25-rc6] possible regression: X server dying Rafael J. Wysocki
2008-04-14 1:08 ` Tilman Schmidt
2008-04-14 1:13 ` Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10434] 2.6.25-rc8: FTP transfer errors Rafael J. Wysocki
2008-04-13 19:48 ` David Miller
2008-04-13 20:02 ` Rafael J. Wysocki
2008-04-13 20:30 ` David Miller
2008-04-13 20:40 ` Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10421] Filesystem failing without any warning or etc Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10449] mm/slab.c boot crash in -git, "kernel BUG at mm/slab.c:2103!" Rafael J. Wysocki
2008-04-13 18:56 ` [Bug #10428] [rc8] Regression: key repeats and skips in music during compilation Rafael J. Wysocki
2008-04-13 22:51 ` Frans Pop
2008-04-13 18:56 ` [Bug #10369] The never ending BEEEEP/__smp_call_function_mask with 2.6.25-rc7 Rafael J. Wysocki
2008-04-13 20:02 ` Thomas Gleixner
2008-04-13 20:37 ` Chr
2008-04-14 12:51 ` Thomas Gleixner
2008-04-14 15:12 ` Chr
2008-04-13 18:56 ` [Bug #10412] BUG: scheduling while atomic: kmail/32546/0x00000003 Rafael J. Wysocki
2008-04-14 8:19 ` Plamen Petrov
2008-04-13 18:56 ` [Bug #10319] MacBookPro1,1: on resume (from console) s2ram -f -p does not anymore give me my display back Rafael J. Wysocki
2008-04-13 21:03 ` Soeren Sonnenburg
2008-04-13 18:56 ` [Bug #10377] Kernel usually freezes during boot when AC is unplugged - unless CPU_IDLE=n - Asus A6JC Rafael J. Wysocki
2008-04-13 19:45 ` 2.6.25-rc9: Reported regressions from 2.6.24 Patrick McHardy
2008-04-13 20:06 ` Patrick McHardy
2008-04-13 20:18 ` Patrick McHardy [this message]
2008-04-14 7:46 ` David Miller
2008-04-14 20:31 ` Andy Gospodarek
2008-04-15 13:14 ` Andy Gospodarek
2008-04-15 13:16 ` Patrick McHardy
2008-04-14 8:39 ` Pavel Emelyanov
2008-04-14 8:50 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48026AAE.8040500@trash.net \
--to=kaber@trash.net \
--cc=andy@greyhouse.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=protasnb@gmail.com \
--cc=rjw@sisk.pl \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.