From patchwork Sun Mar 4 11:01:51 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 144485 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 246C6B6F9D for ; Sun, 4 Mar 2012 22:02:14 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752782Ab2CDLB4 (ORCPT ); Sun, 4 Mar 2012 06:01:56 -0500 Received: from mail.us.es ([193.147.175.20]:46572 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752216Ab2CDLBz (ORCPT ); Sun, 4 Mar 2012 06:01:55 -0500 Received: (qmail 22892 invoked from network); 4 Mar 2012 12:01:53 +0100 Received: from unknown (HELO us.es) (192.168.2.12) by us.es with SMTP; 4 Mar 2012 12:01:53 +0100 Received: (qmail 10434 invoked by uid 507); 4 Mar 2012 11:01:52 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on antivirus2 X-Spam-Level: X-Spam-Status: No, score=-99.2 required=7.5 tests=BAYES_50,SPF_HELO_FAIL, USER_IN_WHITELIST autolearn=disabled version=3.3.1 Received: from 127.0.0.1 by antivirus2 (envelope-from , uid 501) with qmail-scanner-2.08 (clamdscan: 0.97.3/14580. Clear:RC:1(127.0.0.1):. Processed in 0.05689 secs); 04 Mar 2012 11:01:52 -0000 Received: from unknown (HELO antivirus2) (127.0.0.1) by us.es with SMTP; 4 Mar 2012 11:01:51 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus2 (F-Secure/fsigk_smtp/407/antivirus2); Sun, 04 Mar 2012 12:01:51 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/407/antivirus2) Received: (qmail 8650 invoked from network); 4 Mar 2012 12:01:51 +0100 Received: from 1984.lsi.us.es (HELO us.es) (1984lsi@150.214.188.80) by us.es with AES128-SHA encrypted SMTP; 4 Mar 2012 12:01:51 +0100 Date: Sun, 4 Mar 2012 12:01:51 +0100 From: Pablo Neira Ayuso To: Kerin Millar Cc: netfilter-devel@vger.kernel.org Subject: Re: scheduling while atomic followed by oops upon conntrackd -c execution Message-ID: <20120304110151.GA22404@1984> References: <4F50E30B.6000704@gmail.com> <20120303133002.GA18802@1984> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Hi Kerin, On Sat, Mar 03, 2012 at 06:47:27PM +0000, Kerin Millar wrote: > Hi, > > On 03/03/2012 13:30, Pablo Neira Ayuso wrote: > >I just posted another patch to the ML that is a relative fix to > >Jozsef's patch. You have to apply that as well. > > I've now tested 3.3-rc5 with the addition of the above mentioned > follow-on patch. The behaviour during conntrackd -c execution is > clearly much improved - in so far as it doesn't generate much noise > - but the crash that follows remains. Here's a netconsole capture:- > > http://paste.pocoo.org/raw/560439/ Great to know :-). Regarding your previous email, I'm sorry, by reading your email I thought you were using 2.6.32 which was not the case, your configuration is perfectly reasonable. It seems we still have problems regarding early_drop, but this time with reliable event delivery enabled (15 seconds is the time that is required to retry sending the destroy event). If you can test the following patch, I'll appreciate. Thank you. From 1320c099d618a278fa17715127d6fecca2786a36 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 4 Mar 2012 11:34:06 +0100 Subject: [PATCH] netfilter: nf_conntrack: fix early_drop with reliable event delivery With reliable event delivery is enabled, if we fail to deliver the destroy event in early_drop, we put out one entry that is still in the dying list. Reported-by: Kerin Millar Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_conntrack_core.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index ed86a3b..7d2d641 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -635,6 +635,11 @@ static noinline int early_drop(struct net *net, unsigned int hash) if (del_timer(&ct->timeout)) { death_by_timeout((unsigned long)ct); + /* Check if we indeed killed this entry. Reliable event + delivery may insert this into the dying list. */ + if (!test_bit(IPS_DYING_BIT, &ct->status)) + return dropped; + dropped = 1; NF_CT_STAT_INC_ATOMIC(net, early_drop); } -- 1.7.7.3