kernel BUG at kernel/sched.c:2833!

Thu Nov 17 01:36:35 CET 2005

Krzysztof Oledzki wrote:
> On Mon, 14 Nov 2005, Pablo Neira wrote:
> 
>> Krzysztof Oledzki wrote:
>>
>>> EIP is at sub_preempt_count+0x35/0x40
>>>
>>> AFAIK there were some small fixes that went into 2.6.15-rc1 which were
>>> supposed to fix such problems with conntrack -L. Shuldn't we send them
>>> to -stable to make 2.6.14.x also usable?
>>
>> I think so, at the least Yasuyuki's:
>> [NETFILTER] refcount leak of proto when ctnetlink dumping tuple
>>
>> That fixes the problem that you're reporting.
> 
> What about this one?

I realised that Yasuyuki's patch is incomplete. Could you give a try to
the patch attached. Thanks.

-- 
Pablo
-------------- next part --------------
[NETFILTER] Fix ip_conntrack_proto_find_get badness

The function ip_conntrack_proto_find_get always returns a valid pointer. The 
generic protocol helper is returned when no specific protocol helper is found.
This patch fixes as well a missing putting at dump_protoinfo, when no to_attr
is found.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index f5e5e31..b797ef9 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -59,11 +59,13 @@ ctnetlink_dump_tuples_proto(struct sk_bu
 
 	NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
 
+	/* If no protocol helper is found, this function will return the
+	 * generic protocol helper, so proto won't *ever* be NULL */
 	proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
-	if (likely(proto && proto->tuple_to_nfattr)) {
+	if (likely(proto->tuple_to_nfattr))
 		ret = proto->tuple_to_nfattr(skb, tuple);
-		ip_conntrack_proto_put(proto);
-	}
+
+	ip_conntrack_proto_put(proto);
 
 	return ret;
 
@@ -128,9 +130,11 @@ ctnetlink_dump_protoinfo(struct sk_buff 
 
 	struct nfattr *nest_proto;
 	int ret;
-	
-	if (!proto || !proto->to_nfattr)
+
+	if (!proto->to_nfattr) {
+		ip_conntrack_proto_put(proto);
 		return 0;
+	}
 	
 	nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
 
