lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 07 Nov 2011 02:53:02 +0000
From:	Qianhuibin <qianhuibin@...wei.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: kernel panic occurred when I do some operation about vlan.

Hi, all
A kernel panic occurred when I do some operation about vlan.

The operation is as below:
ifconfig eth2 up
modprobe bonding
modprobe 8021q
ifconfig bond0 up
ifenslave bond0 eth2
vconfig add eth2 3300
vconfig add bond0 33
vconfig rem eth2.3300

the panic stack is as below:
[<ffffffffa002f1c9>] panic_event+0x49/0x70 [ipmi_msghandler]
[<ffffffff80378917>] notifier_call_chain+0x37/0x70
[<ffffffff80372122>] panic+0xa2/0x195
[<ffffffff80376ed8>] oops_end+0xd8/0x140
[<ffffffff8001bea7>] no_context+0xf7/0x280
[<ffffffff8001c1a5>] __bad_area_nosemaphore+0x175/0x250
[<ffffffff80376318>] page_fault+0x28/0x30
[<ffffffffa039dabd>] igb_vlan_rx_kill_vid+0x4d/0x100 [igb]
[<ffffffffa044045f>] bond_vlan_rx_kill_vid+0x9f/0x290 [bonding]
[<ffffffffa047e636>] unregister_vlan_dev+0x136/0x180 [8021q]
[<ffffffffa047ed20>] vlan_ioctl_handler+0x170/0x3f0 [8021q]
[<ffffffff802c1d3f>] sock_ioctl+0x21f/0x280
[<ffffffff800e6d7f>] vfs_ioctl+0x2f/0xb0
[<ffffffff800e726b>] do_vfs_ioctl+0x3cb/0x5a0
[<ffffffff800e74e1>] sys_ioctl+0xa1/0xb0
[<ffffffff80007388>] system_call_fastpath+0x16/0x1b
[<00007f108a2b8bd7>] 0x7f108a2b8bd7

And the nic is as below:
[root@...alhost ~]# ethtool -i eth2
driver: igb
version: 3.0.6-k2
firmware-version: 1.2-1
bus-info: 0000:04:00.0

kernel version:
2.6.32.12-0.7 also happen in 2.6.32-131

I had tried the same operation on other nics, like tg3,bnx2. But they haven’t panic.
So I find the reason is that igb have two more netdev_ops (ndo_vlan_rx_add_vid and ndo_vlan_rx_kill_vid) than tg3 and bnx2.
I think the reason of panic is that when ndo_vlan_rx_kill_vid has been called, the vlgrp haven’t been correctly find. And it should be find in parameter like what have been done in ndo_vlan_rx_register.

Finally, I kown that it’s not a correct operation to creat a vlan interface on eth2 when it have been slaved by bond0, but it would cause a panic, so I think maybe some improve in ndo_vlan_rx_add_vid(add a vlgrp parameter in netdevice.h) like ndo_vlan_rx_register would be better.

Qin Chuanyu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ