From patchwork Tue Dec 11 01:20:17 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 205113 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 9F2602C031C for ; Tue, 11 Dec 2012 12:20:27 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751472Ab2LKBU0 (ORCPT ); Mon, 10 Dec 2012 20:20:26 -0500 Received: from mail.us.es ([193.147.175.20]:32838 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751470Ab2LKBUZ (ORCPT ); Mon, 10 Dec 2012 20:20:25 -0500 Received: (qmail 23827 invoked from network); 11 Dec 2012 02:20:24 +0100 Received: from unknown (HELO us.es) (192.168.2.13) by us.es with SMTP; 11 Dec 2012 02:20:24 +0100 Received: (qmail 6303 invoked by uid 507); 11 Dec 2012 01:20:24 -0000 X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus3 (envelope-from , uid 501) with qmail-scanner-2.10 (clamdscan: 0.97.6/15718. spamassassin: 3.3.2. Clear:RC:1(127.0.0.1):SA:0(-99.2/7.5):. Processed in 2.1268 secs); 11 Dec 2012 01:20:24 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus3 X-Spam-Level: X-Spam-Status: No, score=-99.2 required=7.5 tests=BAYES_50, RP_MATCHES_RCVD, SPF_HELO_FAIL, USER_IN_WHITELIST autolearn=disabled version=3.3.2 X-Envelope-From: pneira@us.es Received: from unknown (HELO antivirus3) (127.0.0.1) by us.es with SMTP; 11 Dec 2012 01:20:21 -0000 Received: from 192.168.1.13 (192.168.1.13) by antivirus3 (F-Secure/fsigk_smtp/407/antivirus3); Tue, 11 Dec 2012 02:20:21 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/407/antivirus3) Received: (qmail 23045 invoked from network); 11 Dec 2012 02:20:21 +0100 Received: from 1984.lsi.us.es (HELO us.es) (1984lsi@150.214.188.80) by us.es with AES128-SHA encrypted SMTP; 11 Dec 2012 02:20:21 +0100 Date: Tue, 11 Dec 2012 02:20:17 +0100 From: Pablo Neira Ayuso To: "Vitaly E. Lavrov" Cc: netfilter-devel@vger.kernel.org Subject: Re: xt_recent BUG() in kernel 3.2/3.4 & patch Message-ID: <20121211012017.GA15044@1984> References: <50C4730D.2080401@guap.ru> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <50C4730D.2080401@guap.ru> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On Sun, Dec 09, 2012 at 03:16:29PM +0400, Vitaly E. Lavrov wrote: > Appears when stopping container without emptying tables (iptables > -F/iptables -t mangle -F) > > Problem: recent_mt_destroy called after __net_exit recent_net_exit() ! > > xt_hashlimit contains a BUG () and should be corrected similarly I'll be really happy if we find a way to reverse the order of those calls, so we don't need to hack xt_recent and xt_hashlimit. Could you test this patch? Thanks. > Possible patch for xt_recent is below > ============= > diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c > index d2ff15a..0fc5c32 100644 > --- a/net/netfilter/xt_recent.c > +++ b/net/netfilter/xt_recent.c > @@ -75,6 +75,9 @@ struct recent_entry { > struct recent_table { > struct list_head list; > char name[XT_RECENT_NAME_LEN]; > +#ifdef CONFIG_PROC_FS > + struct proc_dir_entry *pe; > +#endif > unsigned int refcnt; > unsigned int entries; > struct list_head lru_list; > @@ -375,6 +378,7 @@ static int recent_mt_check(const struct > xt_mtchk_param *par) > } > pde->uid = ip_list_uid; > pde->gid = ip_list_gid; > + t->pe = pde; > #endif > spin_lock_bh(&recent_lock); > list_add_tail(&t->list, &recent_net->tables); > @@ -398,7 +402,8 @@ static void recent_mt_destroy(const struct > xt_mtdtor_param *par) > list_del(&t->list); > spin_unlock_bh(&recent_lock); > #ifdef CONFIG_PROC_FS > - remove_proc_entry(t->name, recent_net->xt_recent); > + if(t->pe) > + remove_proc_entry(t->name, recent_net->xt_recent); > #endif > recent_table_flush(t); > kfree(t); > @@ -607,7 +612,19 @@ static void __net_exit recent_net_exit(struct net *net) > { > struct recent_net *recent_net = recent_pernet(net); > > - BUG_ON(!list_empty(&recent_net->tables)); > + if(!list_empty(&recent_net->tables)) { > +#ifdef CONFIG_PROC_FS > + struct recent_table *t; > + spin_lock_bh(&recent_lock); > + list_for_each_entry(t, &recent_net->tables, list) { > + t->pe = NULL; > + remove_proc_entry(t->name, recent_net->xt_recent); > + } > + spin_unlock_bh(&recent_lock); > +#endif > + printk(KERN_INFO "%s net %x: Warning! Tables not empty!\n", > + __func__,(u32)net); > + } > recent_proc_net_exit(net); > } > ================== > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 17c5e06..532ae92 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -2266,5 +2266,5 @@ static void __exit ip_tables_fini(void) EXPORT_SYMBOL(ipt_register_table); EXPORT_SYMBOL(ipt_unregister_table); EXPORT_SYMBOL(ipt_do_table); -module_init(ip_tables_init); +core_initcall(ip_tables_init); module_exit(ip_tables_fini); diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 125a90d..5dc3c7e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -2275,5 +2275,5 @@ EXPORT_SYMBOL(ip6t_register_table); EXPORT_SYMBOL(ip6t_unregister_table); EXPORT_SYMBOL(ip6t_do_table); -module_init(ip6_tables_init); +core_initcall(ip6_tables_init); module_exit(ip6_tables_fini); diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 8d987c3..afcea11 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1390,6 +1390,6 @@ static void __exit xt_fini(void) kfree(xt); } -module_init(xt_init); +core_initcall(xt_init); module_exit(xt_fini);