lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m1tzr7w4gp.fsf@ebiederm.dsl.xmission.com>
Date:	Fri, 10 Aug 2007 13:54:14 -0600
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Gabriel C <nix.or.die@...glemail.com>,
	Michal Piotrowski <michal.k.k.piotrowski@...il.com>,
	linux-kernel@...r.kernel.org, Netdev <netdev@...r.kernel.org>,
	coreteam@...filter.org
Subject: Re: 2.6.23-rc2-mm2

Andrew Morton <akpm@...ux-foundation.org> writes:

> On Fri, 10 Aug 2007 11:33:41 -0600
> ebiederm@...ssion.com (Eric W. Biederman) wrote:
>
>> Gabriel C <nix.or.die@...glemail.com> writes:
>> 
>> > Michal Piotrowski wrote:
>> >> Andrew Morton pisze:
>> >>>
>> >
> ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc2/2.6.23-rc2-mm2/
>> >>>
>> >> 
>> >> Yet another sysctl table check failed
>> >> 
>> >> [   88.949055] Netfilter messages via NETLINK v0.30.
>> >> [   89.485399] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
>> >> [ 89.491892] sysctl table check failed:
>> > /net/netfilter/nf_conntrack_generic_timeout .3.19.13 Missing strategy
>> >> [   89.558178] xt_state: Unknown symbol nf_conntrack_untracked
>> >> [   89.563942] xt_state: Unknown symbol nf_ct_l3proto_module_put
>> >> [   89.569870] xt_state: Unknown symbol nf_ct_l3proto_try_module_get
>> >> [   90.852319] NET: Registered protocol family 17
>> >>
>> >
>> > And maybe this ?
>> 
>> Could be.
>> 
>> sysctl table check failure looks legitimate.
>> At a quick skim I can't tell for certain if failure to register the
>> sysctl table will keep the module from loading but it might.
>> 
>> It looks like another canidate on the pile of kill the broken
>> binary sysctl.
>> 
>
> There seems to be rather a lot of damage here.
>
> I assume that the sysctl changes are what caused the netfilter oopses.
>
> - nf_conntrack_init() calls nf_conntrack_expect_init() which fails due to
>   sysctl problems.  
>
> - nf_conntrack_init() bales out without calling nf_conntrack_helper_init()
>
>   So nf_ct_helper_hsize never gets initialised.
>
> - Later, netfilter client code calls helper_hash(), which gets a
>   divide-by-zero due to nf_ct_helper_hsize==0.
>
>
> yeah, that's a netfilter bug, but we're trying to get kernels tested here. 
> If I'm feeling energetic I'll drop the sysctl changes and do rc2-mm3. 
> Probably I won't feel energetic, but we'll need a lot of fixes here before
> I can release the sysctl changes in another -mm, please.

Under construction.

Eric

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ