From: Stefan Lippers-Hollmann on
Hi

On Wednesday 03 February 2010, gregkh(a)suse.de wrote:
> This is a note to let you know that we have just queued up the patch titled
>
> Subject: net: restore ip source validation
>
> to the 2.6.32-stable tree. Its filename is
>
> net-restore-ip-source-validation.patch
>
> A git repo of this tree can be found at
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
>
> From 0813ef21a1a15a3c8b6b98c8ff3ef119f5e242ac Mon Sep 17 00:00:00 2001
> From: Jamal Hadi Salim <hadi(a)cyberus.ca>
> Date: Fri, 25 Dec 2009 17:30:22 -0800
> Subject: net: restore ip source validation
>
> From: Jamal Hadi Salim <hadi(a)cyberus.ca>
>
> [ Upstream commit 28f6aeea3f12d37bd258b2c0d5ba891bff4ec479 ]

This patch, as part of the current 2.6.32 stable queue, breaks booting with
an oops very early, before the framebuffer got a chance to initialize
(unfortunately most of it is cut with the unavoidable vga=0, so I didn't
write it down yet), on amd64 and i386 (kernel configs attached). Removing
just this patch from queue-2.6.32 fixes the problem for me; kernel 2.6.33
HEAD doesn't seem to be affected.

Regards
Stefan Lippers-Hollmann

--
> when using policy routing and the skb mark:
> there are cases where a back path validation requires us
> to use a different routing table for src ip validation than
> the one used for mapping ingress dst ip.
> One such a case is transparent proxying where we pretend to be
> the destination system and therefore the local table
> is used for incoming packets but possibly a main table would
> be used on outbound.
> Make the default behavior to allow the above and if users
> need to turn on the symmetry via sysctl src_valid_mark
>
> Signed-off-by: Jamal Hadi Salim <hadi(a)cyberus.ca>
> Signed-off-by: David S. Miller <davem(a)davemloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh(a)suse.de>
>
> ---
> include/linux/inetdevice.h | 1 +
> include/linux/sysctl.h | 1 +
> net/ipv4/devinet.c | 1 +
> net/ipv4/fib_frontend.c | 2 ++
> 4 files changed, 5 insertions(+)
>
> --- a/include/linux/inetdevice.h
> +++ b/include/linux/inetdevice.h
> @@ -83,6 +83,7 @@ static inline void ipv4_devconf_setall(s
> #define IN_DEV_FORWARD(in_dev) IN_DEV_CONF_GET((in_dev), FORWARDING)
> #define IN_DEV_MFORWARD(in_dev) IN_DEV_ANDCONF((in_dev), MC_FORWARDING)
> #define IN_DEV_RPFILTER(in_dev) IN_DEV_MAXCONF((in_dev), RP_FILTER)
> +#define IN_DEV_SRC_VMARK(in_dev) IN_DEV_ORCONF((in_dev), SRC_VMARK)
> #define IN_DEV_SOURCE_ROUTE(in_dev) IN_DEV_ANDCONF((in_dev), \
> ACCEPT_SOURCE_ROUTE)
> #define IN_DEV_BOOTP_RELAY(in_dev) IN_DEV_ANDCONF((in_dev), BOOTP_RELAY)
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -490,6 +490,7 @@ enum
> NET_IPV4_CONF_PROMOTE_SECONDARIES=20,
> NET_IPV4_CONF_ARP_ACCEPT=21,
> NET_IPV4_CONF_ARP_NOTIFY=22,
> + NET_IPV4_CONF_SRC_VMARK=24,
> __NET_IPV4_CONF_MAX
> };
>
> --- a/net/ipv4/devinet.c
> +++ b/net/ipv4/devinet.c
> @@ -1450,6 +1450,7 @@ static struct devinet_sysctl_table {
> DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
> DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
> "accept_source_route"),
> + DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
> DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
> DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
> DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
> --- a/net/ipv4/fib_frontend.c
> +++ b/net/ipv4/fib_frontend.c
> @@ -251,6 +251,8 @@ int fib_validate_source(__be32 src, __be
> if (in_dev) {
> no_addr = in_dev->ifa_list == NULL;
> rpf = IN_DEV_RPFILTER(in_dev);
> + if (mark && !IN_DEV_SRC_VMARK(in_dev))
> + fl.mark = 0;
> }
> rcu_read_unlock();
>
From: Stefan Lippers-Hollmann on
Hi

On Thursday 04 February 2010, jamal wrote:
> Hi there,
>
> I am downloading 2.6.32-7 to see if i can reproduce it. My gut is
> telling me it will be hard to see in my setup.
> Can you try to see if it something in your boot initialization i.e with
> no init e.g something like init=/bin/sh and then initcall_debug?

I just managed to catch a bootlog through a serial console now:

Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.32-7.slh.2-sidux-686 (Debian 2.6.32-33) (s.l-h(a)gmx.de) (gcc version 4.0
KERNEL supported cpus:
Intel GenuineIntel
AMD AuthenticAMD
NSC Geode by NSC
Cyrix CyrixInstead
Centaur CentaurHauls
Transmeta GenuineTMx86
Transmeta TransmetaCPU
UMC UMC UMC UMC
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000ec000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 0000000017ff0000 (usable)
BIOS-e820: 0000000017ff0000 - 0000000017ff8000 (ACPI data)
BIOS-e820: 0000000017ff8000 - 0000000018000000 (ACPI NVS)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
DMI 2.3 present.
AMI BIOS detected: BIOS may corrupt low RAM, working around it.
last_pfn = 0x17ff0 max_arch_pfn = 0x100000
x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
init_memory_mapping: 0000000000000000-0000000017ff0000
RAMDISK: 17792000 - 17fdf2ff
ACPI: RSDP 000fa7b0 00014 (v00 AMI )
ACPI: RSDT 17ff0000 00028 (v01 AMIINT VIA_K7 00000010 MSFT 00000097)
ACPI: FACP 17ff0030 00074 (v01 AMIINT VIA_K7 00000011 MSFT 00000097)
ACPI: DSDT 17ff00b0 02AC4 (v01 VIA VT8371 00001000 MSFT 0100000B)
ACPI: FACS 17ff8000 00040
0MB HIGHMEM available.
383MB LOWMEM available.
mapped low ram: 0 - 17ff0000
low ram: 0 - 17ff0000
node 0 low ram: 00000000 - 17ff0000
node 0 bootmap 00012000 - 00015000
(9 early reservations) ==> bootmem [0000000000 - 0017ff0000]
#0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
#1 [0000001000 - 0000002000] EX TRAMPOLINE ==> [0000001000 - 0000002000]
#2 [0000006000 - 0000007000] TRAMPOLINE ==> [0000006000 - 0000007000]
#3 [0000100000 - 00005cf2a4] TEXT DATA BSS ==> [0000100000 - 00005cf2a4]
#4 [0017792000 - 0017fdf2ff] RAMDISK ==> [0017792000 - 0017fdf2ff]
#5 [000009fc00 - 0000100000] BIOS reserved ==> [000009fc00 - 0000100000]
#6 [00005d0000 - 00005d210c] BRK ==> [00005d0000 - 00005d210c]
#7 [0000010000 - 0000012000] PGTABLE ==> [0000010000 - 0000012000]
#8 [0000012000 - 0000015000] BOOTMAP ==> [0000012000 - 0000015000]
Zone PFN ranges:
DMA 0x00000010 -> 0x00001000
Normal 0x00001000 -> 0x00017ff0
HighMem 0x00017ff0 -> 0x00017ff0
Movable zone start PFN for each node
early_node_map[2] active PFN ranges
0: 0x00000010 -> 0x0000009f
0: 0x00000100 -> 0x00017ff0
Using APIC driver default
ACPI: PM-Timer IO Port: 0x808
SMP: Allowing 1 CPUs, 0 hotplug CPUs
Local APIC disabled by BIOS -- you can enable it with "lapic"
APIC: disable apic facility
PM: Registered nosave memory: 000000000009f000 - 00000000000a0000
PM: Registered nosave memory: 00000000000a0000 - 00000000000ec000
PM: Registered nosave memory: 00000000000ec000 - 0000000000100000
Allocating PCI resources starting at 18000000 (gap: 18000000:e7ff0000)
Booting paravirtualized kernel on bare hardware
NR_CPUS:32 nr_cpumask_bits:32 nr_cpu_ids:1 nr_node_ids:1
PERCPU: Embedded 14 pages/cpu @c1400000 s34392 r0 d22952 u4194304
pcpu-alloc: s34392 r0 d22952 u4194304 alloc=1*4194304
pcpu-alloc: [0] 0
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 97407
Kernel command line: root=LABEL=debian ro vga=0 console=ttyS0,115200 console=tty
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
Initializing HighMem for node 0 (00000000:00000000)
Memory: 375384k/393152k available (2987k kernel code, 17016k reserved, 1100k data, 404k )
virtual kernel memory layout:
fixmap : 0xffd55000 - 0xfffff000 (2728 kB)
pkmap : 0xff400000 - 0xff800000 (4096 kB)
vmalloc : 0xd87f0000 - 0xff3fe000 ( 620 MB)
lowmem : 0xc0000000 - 0xd7ff0000 ( 383 MB)
.init : 0xc04ff000 - 0xc0564000 ( 404 kB)
.data : 0xc03eae37 - 0xc04fe068 (1100 kB)
.text : 0xc0100000 - 0xc03eae37 (2987 kB)
Checking if this processor honours the WP bit even in supervisor mode...Ok.
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Experimental preemptable hierarchical RCU implementation.
NR_IRQS:2304 nr_irqs:256
Console: colour VGA+ 80x25
console [tty0] enabled
console [ttyS0] enabled
Fast TSC calibration using PIT
Detected 1102.332 MHz processor.
Calibrating delay loop (skipped), value calculated using timer frequency.. 2204.66 BogoM)
Security Framework initialized
SELinux: Disabled at boot.
Mount-cache hash table entries: 512
Initializing cgroup subsys ns
Initializing cgroup subsys cpuacct
Initializing cgroup subsys devices
Initializing cgroup subsys freezer
Initializing cgroup subsys net_cls
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
CPU: L2 Cache: 64K (64 bytes/line)
mce: CPU supports 4 MCE banks
Performance Events: AMD PMU driver.
.... version: 0
.... bit width: 48
.... generic registers: 4
.... value mask: 0000ffffffffffff
.... max period: 00007fffffffffff
.... fixed-purpose events: 0
.... event mask: 000000000000000f
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 11k freed
ACPI: Core revision 20090903
ACPI: setting ELCR to 0200 (from 0e20)
weird, boot CPU (#0) not listed by the BIOS.
SMP motherboard not detected.
Local APIC not detected. Using dummy APIC emulation.
SMP disabled
Brought up 1 CPUs
Total of 1 processors activated (2204.66 BogoMIPS).
devtmpfs: initialized
regulator: core version 0.5
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: PCI BIOS revision 2.10 entry at 0xfdb61, last bus=1
PCI: Using configuration type 1 for base access
bio: create slab <bio-0> at 0
ACPI: Interpreter enabled
ACPI: (supports S0 S3 S4 S5)
ACPI: Using PIC for interrupt routing
ACPI: Power Resource [URP1] (off)
ACPI: Power Resource [URP2] (off)
ACPI: Power Resource [FDDP] (off)
ACPI: Power Resource [LPTP] (off)
ACPI: No dock devices found.
ACPI: PCI Root Bridge [PCI0] (0000:00)
pci 0000:00:07.4: quirk: region 0800-08ff claimed by vt82c586 ACPI
pci 0000:00:07.4: quirk: region 0c00-0c7f claimed by vt82c686 HW-mon
pci 0000:00:07.4: quirk: region 0400-040f claimed by vt82c686 SMB
pci 0000:00:0f.0: PME# supported from D0 D1 D2 D3hot D3cold
pci 0000:00:0f.0: PME# disabled
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 9 10 *11 12 14 15)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 7 9 *10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 *5 6 7 9 10 11 12 14 15)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 7 *9 10 11 12 14 15)
vgaarb: device added: PCI:0000:01:00.0,decodes=io+mem,owns=io+mem,locks=none
vgaarb: loaded
PCI: Using ACPI for IRQ routing
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
Switching to clocksource tsc
pnp: PnP ACPI init
ACPI: bus type pnp registered
pnp: PnP ACPI: found 11 devices
ACPI: ACPI bus type pnp unregistered
PnPBIOS: Disabled by ACPI PNP
pci 0000:00:01.0: PCI bridge, secondary bus 0000:01
pci 0000:00:01.0: IO window: 0x9000-0x9fff
pci 0000:00:01.0: MEM window: 0xddc00000-0xdfcfffff
pci 0000:00:01.0: PREFETCH window: 0xcda00000-0xddafffff
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
sysctl table check failed: /net/ipv4/conf/all/src_valid_mark .3.5.16.-2.24 Unknown syscth
Pid: 1, comm: swapper Not tainted 2.6.32-7.slh.2-sidux-686 #1
Call Trace:
[<c015fa69>] ? set_fail+0x49/0x50
[<c015fd9d>] ? sysctl_check_table+0x32d/0x640
[<c015fa0e>] ? sysctl_check_lookup+0x11e/0x130
[<c015fdb5>] ? sysctl_check_table+0x345/0x640
[<c015fa0e>] ? sysctl_check_lookup+0x11e/0x130
[<c015fdb5>] ? sysctl_check_table+0x345/0x640
[<c015fa0e>] ? sysctl_check_lookup+0x11e/0x130
[<c015fdb5>] ? sysctl_check_table+0x345/0x640
[<c015fa0e>] ? sysctl_check_lookup+0x11e/0x130
[<c015fdb5>] ? sysctl_check_table+0x345/0x640
[<c0144dd9>] ? sysctl_set_parent+0x19/0x30
[<c0146267>] ? __register_sysctl_paths+0xc7/0x2c0
[<c03d82ad>] ? register_net_sysctl_table+0x4d/0x60
[<c03a6168>] ? __devinet_sysctl_register+0xc8/0x100
[<c03a6819>] ? devinet_init_net+0xa9/0x190
[<c052d444>] ? inet_init+0x0/0x1d1
[<c0350cdb>] ? register_pernet_operations+0x5b/0xe0
[<c052d444>] ? inet_init+0x0/0x1d1
[<c0350e99>] ? register_pernet_subsys+0x19/0x30
[<c052d3db>] ? devinet_init+0xd/0x76
[<c052d444>] ? inet_init+0x0/0x1d1
[<c052cc9f>] ? ip_rt_init+0x180/0x250
[<c052ce85>] ? ip_init+0x5/0xf
[<c052d55c>] ? inet_init+0x118/0x1d1
[<c0350ea5>] ? register_pernet_subsys+0x25/0x30
[<c010112f>] ? do_one_initcall+0x2f/0x190
[<c04ff31e>] ? kernel_init+0x126/0x17b
[<c04ff1f8>] ? kernel_init+0x0/0x17b
[<c0104477>] ? kernel_thread_helper+0x7/0x10
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<c03a6253>] inetdev_init+0x63/0x180
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP
last sysfs file:
Modules linked in:

Pid: 1, comm: swapper Not tainted (2.6.32-7.slh.2-sidux-686 #1)
EIP: 0060:[<c03a6253>] EFLAGS: 00010286 CPU: 0
EIP is at inetdev_init+0x63/0x180
EAX: c05cca60 EBX: d701e000 ECX: 0000001a EDX: 00000000
ESI: 00000000 EDI: d701e068 EBP: d70b5800 ESP: d7023eec
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process swapper (pid: 1, ti=d7022000 task=d7024000 task.ti=d7022000)
Stack:
c03a618d d7023efc c047df33 d701e000 00000000 00000005 d70b5800 c05cca60
<0> c03a66a1 00000010 d70c00a8 fffffffe 00000000 00000000 d70b5800 c05cca60
<0> c04f28c0 c04f2920 c03a6819 c04f2840 d7023f48 c05cca98 c04f23b0 d70b5800
Call Trace:
[<c03a618d>] ? __devinet_sysctl_register+0xed/0x100
[<c03a66a1>] ? inetdev_event+0x331/0x400
[<c03a6819>] ? devinet_init_net+0xa9/0x190
[<c03567e3>] ? register_netdevice_notifier+0x73/0x1b0
[<c052d444>] ? inet_init+0x0/0x1d1
[<c052d3f4>] ? devinet_init+0x26/0x76
[<c052d444>] ? inet_init+0x0/0x1d1
[<c052cc9f>] ? ip_rt_init+0x180/0x250
[<c052ce85>] ? ip_init+0x5/0xf
[<c052d55c>] ? inet_init+0x118/0x1d1
[<c0350ea5>] ? register_pernet_subsys+0x25/0x30
[<c010112f>] ? do_one_initcall+0x2f/0x190
[<c04ff31e>] ? kernel_init+0x126/0x17b
[<c04ff1f8>] ? kernel_init+0x0/0x17b
[<c0104477>] ? kernel_thread_helper+0x7/0x10
Code: 35 e4 ea 4c c0 85 d2 89 c3 0f 85 d4 00 00 00 85 db 89 5c 24 0c 74 61 8b 85 24 02 0
EIP: [<c03a6253>] inetdev_init+0x63/0x180 SS:ESP 0068:d7023eec
CR2: 0000000000000000
---[ end trace a7919e7f17c0a725 ]---
Kernel panic - not syncing: Attempted to kill init!
Pid: 1, comm: swapper Tainted: G D 2.6.32-7.slh.2-sidux-686 #1
Call Trace:
[<c03e7522>] ? panic+0x4d/0xf3
[<c0140f80>] ? do_exit+0x600/0x700
[<c03e75df>] ? printk+0x17/0x20
[<c010745b>] ? oops_end+0x8b/0xd0
[<c0123f8a>] ? no_context+0xba/0x150
[<c01242e0>] ? do_page_fault+0x0/0x300
[<c012418f>] ? bad_area_nosemaphore+0xf/0x20
[<c03ea306>] ? error_code+0x66/0x6c
[<c01242e0>] ? do_page_fault+0x0/0x300
[<c03a6253>] ? inetdev_init+0x63/0x180
[<c03a618d>] ? __devinet_sysctl_register+0xed/0x100
[<c03a66a1>] ? inetdev_event+0x331/0x400
[<c03a6819>] ? devinet_init_net+0xa9/0x190
[<c03567e3>] ? register_netdevice_notifier+0x73/0x1b0
[<c052d444>] ? inet_init+0x0/0x1d1
[<c052d3f4>] ? devinet_init+0x26/0x76
[<c052d444>] ? inet_init+0x0/0x1d1
[<c052cc9f>] ? ip_rt_init+0x180/0x250
[<c052ce85>] ? ip_init+0x5/0xf
[<c052d55c>] ? inet_init+0x118/0x1d1
[<c0350ea5>] ? register_pernet_subsys+0x25/0x30
[<c010112f>] ? do_one_initcall+0x2f/0x190
[<c04ff31e>] ? kernel_init+0x126/0x17b
[<c04ff1f8>] ? kernel_init+0x0/0x17b
[<c0104477>] ? kernel_thread_helper+0x7/0x10

> cheers,
> jamal
>
> On Wed, 2010-02-03 at 21:14 +0100, Stefan Lippers-Hollmann wrote:
> > This patch, as part of the current 2.6.32 stable queue, breaks booting with
> > an oops very early, before the framebuffer got a chance to initialize
> > (unfortunately most of it is cut with the unavoidable vga=0, so I didn't
> > write it down yet), on amd64 and i386 (kernel configs attached). Removing
> > just this patch from queue-2.6.32 fixes the problem for me; kernel 2.6.33
> > HEAD doesn't seem to be affected.

Greg, please note that this patch is still part of your 2.6.32.8-rc1 stable
review, it reliably crashes all amd64/ i386 systems very early in the
system boot for me; 2.6.33 HEAD is not affected.

Regards
Stefan Lippers-Hollmann
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Stefan Lippers-Hollmann on
Hi

On Thursday 04 February 2010, jamal wrote:
> On Thu, 2010-02-04 at 18:50 +0100, Stefan Lippers-Hollmann wrote:
> > sysctl table check failed
>
> Can you look at your patched source include/linux/sysctl.h
> and see whether you see the following lines:
> ----
> NET_IPV4_CONF_ARP_ACCEPT=21,
> NET_IPV4_CONF_ARP_NOTIFY=22,
> NET_IPV4_CONF_ACCEPT_LOCAL=23,
> NET_IPV4_CONF_SRC_VMARK=24,
> __NET_IPV4_CONF_MAX
> ---
>
> I have a feeling you are missing NET_IPV4_CONF_ACCEPT_LOCAL

Yes, you're 100% right - such a hunk is missing from queue-2.6.32 [1]

http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=queue-2.6.32/net-restore-ip-source-validation.patch;h=8cc634adad59c2f67626f853e0fcce5ca8f1d579;hb=HEAD

and from 2.6.32.8-rc1 [2]

$ wget -qO- kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.32.8-rc1.gz | zgrep NET_IPV4_CONF_ACCEPT_LOCAL
$

Regards
Stefan Lippers-Hollmann

[1] git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git
[2] [46/74] net: restore ip source validation, Message-Id: <20100204171514.263483751(a)linux.site>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Stefan Lippers-Hollmann on
Hi

On Thursday 04 February 2010, jamal wrote:
> On Thu, 2010-02-04 at 19:31 +0100, Stefan Lippers-Hollmann wrote:
> > Hi
> >
> > On Thursday 04 February 2010, jamal wrote:
>
> > > ----
> > > NET_IPV4_CONF_ARP_ACCEPT=21,
> > > NET_IPV4_CONF_ARP_NOTIFY=22,
> > > NET_IPV4_CONF_ACCEPT_LOCAL=23,
> > > NET_IPV4_CONF_SRC_VMARK=24,
> > > __NET_IPV4_CONF_MAX
> > > ---
> > >
> > > I have a feeling you are missing NET_IPV4_CONF_ACCEPT_LOCAL
> >
> > Yes, you're 100% right - such a hunk is missing from queue-2.6.32 [1]
> >
>
> Do you mind changing to NET_IPV4_CONF_SRC_VMARK=23 in that patch?
> As i mentioned in my other email it is a wild guess - so it likely will
> have no effect but worth a try if you have time.

just enumerating NET_IPV4_CONF_ACCEPT_LOCAL, without the actual
implementation behind it, which only came with

commit 8ec1e0ebe26087bfc5c0394ada5feb5758014fc8
Author: Patrick McHardy <kaber(a)trash.net>
Date: Thu Dec 3 12:16:35 2009 +0100

ipv4: add sysctl to accept packets with local source addresses

Change fib_validate_source() to accept packets with a local source address when
the "accept_local" sysctl is set for the incoming inet device. Combined with the
previous patches, this allows to communicate between multiple local interfaces
over the wire.

Signed-off-by: Patrick McHardy <kaber(a)trash.net>

Signed-off-by: David S. Miller <davem(a)davemloft.net>

post 2.6.32 and hasn't made it into the stable tree either

--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -490,6 +490,7 @@ enum
NET_IPV4_CONF_PROMOTE_SECONDARIES=20,
NET_IPV4_CONF_ARP_ACCEPT=21,
NET_IPV4_CONF_ARP_NOTIFY=22,
+ NET_IPV4_CONF_ACCEPT_LOCAL=23,
NET_IPV4_CONF_SRC_VMARK=24,
__NET_IPV4_CONF_MAX
};

isn't sufficient, 2.6.32.8-rc1 plus the suggested patch above fails to boot
as well (this time on amd64):

sysctl table check failed: /net/ipv4/conf/all/src_valid_mark .3.5.16.-2.24 Unknown sysctl binary path
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff8132c54e>] inetdev_init+0x7e/0x230
PGD 0
Oops: 0000 [#1] PREEMPT SMP
last sysfs file:
CPU 0
Modules linked in:
Pid: 1, comm: swapper Not tainted 2.6.32-7.slh.6-sidux-amd64 #1 MS-7185
RIP: 0010:[<ffffffff8132c54e>] [<ffffffff8132c54e>] inetdev_init+0x7e/0x230
RSP: 0018:ffff88007fb7bdb0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88007f091200 RCX: 0000000000000000
RDX: ffff88007f0912c0 RSI: ffffffff814fd0c0 RDI: ffff88007f136800
RBP: ffff88007f136800 R08: 0000000000000000 R09: ffff88007f091200
R10: 0000000000000014 R11: 0000000000000000 R12: ffff88007f091200
R13: 0000000000000000 R14: 000000000008c000 R15: ffffffff81674340
FS: 0000000000000000(0000) GS:ffff880001800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000001001000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 1, threadinfo ffff88007fb7a000, task ffff88007fb80000)
Stack:
ffffffff8142498a ffff88007f136800 0000000000000000 0000000000000005
<0> 0000000000000000 ffffffff8132cad8 0000000000000000 0000000000000000
<0> ffffffff8151c1c4 ffffffff814fdba0 ffffffff81674340 ffffffff814fdc20
Call Trace:
[<ffffffff8132cad8>] ? inetdev_event+0x3d8/0x490
[<ffffffff812d1714>] ? register_netdevice_notifier+0x94/0x1b0
[<ffffffff81568c9c>] ? inet_init+0x0/0x1ff
[<ffffffff81568c53>] ? devinet_init+0x2d/0x76
[<ffffffff81568404>] ? ip_rt_init+0x1a2/0x287
[<ffffffff81568c9c>] ? inet_init+0x0/0x1ff
[<ffffffff81568620>] ? ip_init+0x9/0x14
[<ffffffff81568dd5>] ? inet_init+0x139/0x1ff
[<ffffffff8100a044>] ? do_one_initcall+0x34/0x1a0
[<ffffffff81534701>] ? kernel_init+0x157/0x1ad
[<ffffffff810130da>] ? child_rip+0xa/0x20
[<ffffffff815345aa>] ? kernel_init+0x0/0x1ad
[<ffffffff810130d0>] ? child_rip+0x0/0x20
Code: 48 85 db 49 89 dc 0f 84 e7 00 00 00 48 8b 85 c8 03 00 00 48 8d 93 c0 00 00 00 48 c7 c6 c0 d0 4f 81 48 89 ef 48 8b 80 e0 01 00 00 <48> 8b 08 48 89 8b c0 00 00 00 48 8b 48 08 48 89 4a 08 48 8b 48
RIP [<ffffffff8132c54e>] inetdev_init+0x7e/0x230
RSP <ffff88007fb7bdb0>
CR2: 0000000000000000
---[ end trace a7919e7f17c0a725 ]---
Kernel panic - not syncing: Attempted to kill init!
Pid: 1, comm: swapper Tainted: G D 2.6.32-7.slh.6-sidux-amd64 #1
Call Trace:
[<ffffffff81374cc6>] ? panic+0x8a/0x146
[<ffffffff8105e106>] ? do_exit+0x6e6/0x800
[<ffffffff81016a53>] ? oops_end+0xa3/0xf0
[<ffffffff8103b05a>] ? no_context+0xfa/0x260
[<ffffffff81063f32>] ? __register_sysctl_paths+0x352/0x360
[<ffffffff81378395>] ? page_fault+0x25/0x30
[<ffffffff8132c54e>] ? inetdev_init+0x7e/0x230
[<ffffffff8132cad8>] ? inetdev_event+0x3d8/0x490
[<ffffffff812d1714>] ? register_netdevice_notifier+0x94/0x1b0
[<ffffffff81568c9c>] ? inet_init+0x0/0x1ff
[<ffffffff81568c53>] ? devinet_init+0x2d/0x76
[<ffffffff81568404>] ? ip_rt_init+0x1a2/0x287
[<ffffffff81568c9c>] ? inet_init+0x0/0x1ff
[<ffffffff81568620>] ? ip_init+0x9/0x14
[<ffffffff81568dd5>] ? inet_init+0x139/0x1ff
[<ffffffff8100a044>] ? do_one_initcall+0x34/0x1a0
[<ffffffff81534701>] ? kernel_init+0x157/0x1ad
[<ffffffff810130da>] ? child_rip+0xa/0x20
[<ffffffff815345aa>] ? kernel_init+0x0/0x1ad
[<ffffffff810130d0>] ? child_rip+0x0/0x20

Regards
Stefan Lippers-Hollmann
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Stefan Lippers-Hollmann on
Hi

On Thursday 04 February 2010, jamal wrote:
> Ok, I was able to reproduce it finally. This fixes it:
>
> ---
> diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
> index b6e7aae..469193c 100644
> --- a/kernel/sysctl_check.c
> +++ b/kernel/sysctl_check.c
> @@ -220,6 +220,7 @@ static const struct trans_ctl_table
> trans_net_ipv4_conf_vars_table[] = {
> { NET_IPV4_CONF_PROMOTE_SECONDARIES, "promote_secondaries" },
> { NET_IPV4_CONF_ARP_ACCEPT, "arp_accept" },
> { NET_IPV4_CONF_ARP_NOTIFY, "arp_notify" },
> + { NET_IPV4_CONF_SRC_VMARK, "src_valid_mark" },
> {}
> };
> ---

2.6.32.8-rc1 + this patch boots fine for me on amd64, no problems left.

> Note we dont have that code anymore in current tree - thats why it
> was missed...
> If this works, Greg/Dave - please include it in the -stable patch.
[...]

Thanks a lot
Stefa Lippers-Hollmann
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/