[Bug 777] New: Suspect bug in __do_replace()

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Mar 13 17:24:15 CET 2012 

http://bugzilla.netfilter.org/show_bug.cgi?id=777

           Summary: Suspect bug in __do_replace()
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: pmodilaynen at gmail.com
   Estimated Hours: 0.0


Hello netfilter developers!

I suspect a small bug in /kernel/net/ipv4/netfilter/ip_tables.c __do_replace()
function. xt_replace_table() may return NULL when allocation of memory was not
successful by xt_replace_table->xt_jumpstack_alloc() (in my case I suspect
there were no free memory when it's happened):

        ...
    oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
    if (!oldinfo)
        goto put_module;

The full bactrace is 
WARNING: at /kernel/mm/vmalloc.c:107 vmap_page_range_noflush+0x120/0x1b4()
<4>[18835.587677] [<c00409dc>] (unwind_backtrace+0x0/0x164) from [<c0082a34>]
(warn_slowpath_common+0x4c/0x64)
<4>[18835.587707] [<c0082a34>] (warn_slowpath_common+0x4c/0x64) from
[<c0082a64>] (warn_slowpath_null+0x18/0x1c)
<4>[18835.587738] [<c0082a64>] (warn_slowpath_null+0x18/0x1c) from [<c01087bc>]
(vmap_page_range_noflush+0x120/0x1b4)
<4>[18835.587768] [<c01087bc>] (vmap_page_range_noflush+0x120/0x1b4) from
[<c010eb98>] (pcpu_populate_chunk+0x234/0x5c0)
<4>[18835.587768] [<c010eb98>] (pcpu_populate_chunk+0x234/0x5c0) from
[<c010f220>] (pcpu_alloc+0x2fc/0x3ec)
<4>[18835.587799] [<c010f220>] (pcpu_alloc+0x2fc/0x3ec) from [<c0462540>]
(xt_jumpstack_alloc+0x14/0x104)
<4>[18835.587829] [<c0462540>] (xt_jumpstack_alloc+0x14/0x104) from
[<c046264c>] (xt_replace_table+0x1c/0xd4)
<4>[18835.587829] [<c046264c>] (xt_replace_table+0x1c/0xd4) from [<c04a40e4>]
(do_replace.clone.0+0x1a0/0x310)
<4>[18835.587860] [<c04a40e4>] (do_replace.clone.0+0x1a0/0x310) from
[<c04a4298>] (do_ipt_set_ctl+0x44/0x228)
<4>[18835.588012] PERCPU: allocation failed, size=4 align=4, failed to populate

which is later causes kernel panic:
<1>[18836.008117] Unable to handle kernel paging request at virtual address
f7fe73a4
<1>[18836.008117] pgd = ca190000
<1>[18836.008148] [f7fe73a4] *pgd=1f783011, *pte=00000000, *ppte=00000000
<0>[18836.008178] Internal error: Oops: 7 [#1] PREEMPT SMP

I wonder, should it be something like:
        ... 
    oldinfo = xt_replace_table(t, num_counters, newinfo, &ret);
        if (res == -ENOMEM)
                goto out;
    if (!oldinfo)
        goto put_module;

BR,
Pavel Modilaynen

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list