Re: ipset causing a kernel crash

Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> · Mon, 9 Sep 2013 18:23:18 +0200 (CEST)

On Mon, 9 Sep 2013, Yoann Juet wrote:

> On 09/09/13 12:51, Jozsef Kadlecsik wrote:
> > On Mon, 9 Sep 2013, Yoann Juet wrote:
> > 
> > > We've experienced a recent kernel crash on a captive portal server running
> > > debian/wheezy with a standard kernel 3.2.0-4. The crash seems to be
> > > related to
> > > ipset that we're using to check bitmaps {ip,mac}. It has not been seen
> > > before
> > > on this production server.
> > 
> > A cleanup part is missing for the bitmap:ip,mac type with timeout in the
> > 3.2 kernel tree:
> > 
> > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > index 56096f5..725e431 100644
> > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > @@ -333,7 +333,11 @@ bitmap_ipmac_tlist(const struct ip_set *set,
> >   nla_put_failure:
> >   	nla_nest_cancel(skb, nested);
> >   	ipset_nest_end(skb, atd);
> > -	return -EMSGSIZE;
> > +	if (unlikely(id == first)) {
> > +		cb->args[2] = 0;
> > +		return -EMSGSIZE;
> > +	}
> > +	return 0;
> >   }
> > 
> >   static int
> > 
> > However, the missing part caused incomplete listing only. This case seems
> > to be different. So does the patch above help?
> 
> I'll make a try. I keep you in touch if the crash re-appears.

Re-checking again, you need the next patch:

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index b5d380c..c3eabfd 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1148,6 +1148,7 @@ release_refcount:
 	if (ret || !cb->args[2]) {
 		pr_debug("release set %s\n", ip_set_list[index]->name);
 		ip_set_put_byindex(index);
+		cb->args[2] = 0;
 	}
 out:
 	if (nlh) {

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







