lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071007120653.GA16184@rhlx01.hs-esslingen.de> Date: Sun, 7 Oct 2007 14:06:53 +0200 From: Andreas Mohr <andi@...as.de> To: isdn4linux@...tserv.isdn4linux.de Cc: netdev@...r.kernel.org, akpm@...ux-foundation.org Subject: 2.6.23-rc8-mm2 BUG: register_netdevice() issue as (ab)used by ISDN [not necessarily a very recent regression, used 2.6.19 kernels before...] Hi all, wondered why my main internet server (headless!) didn't come up properly on a new 2.6.23-rc8-mm2 (connections almost completely refused: firewalling not executed due to earlier OOPS?). Upon LILO emergency fallback into an older version (2.6.16...) saw this in /var/log/messages: Oct 7 13:07:34 gate kernel: e100: Intel(R) PRO/100 Network Driver, 3.5.23-k4-NAPI Oct 7 13:07:34 gate kernel: e100: Copyright(c) 1999-2006 Intel Corporation Oct 7 13:07:34 gate kernel: Atmel at76x USB Wireless LAN Driver 0.16 loading Oct 7 13:07:34 gate kernel: eth2: MAC address 00:05:5d:95:ab:f0 Oct 7 13:07:34 gate kernel: eth2: firmware version 1.101.5-84 Oct 7 13:07:34 gate kernel: eth2: regulatory domain 0x30: ETSI (most of Europe) Oct 7 13:07:34 gate kernel: usbcore: registered new interface driver at76_usb Oct 7 13:07:34 gate kernel: Netfilter messages via NETLINK v0.30. Oct 7 13:07:34 gate kernel: nf_conntrack version 0.5.0 (2048 buckets, 8192 max) Oct 7 13:07:34 gate kernel: nf_conntrack_ipv4: Unknown parameter `hashsize' Oct 7 13:07:34 gate kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Oct 7 13:07:34 gate kernel: process `syslogd' is using obsolete setsockopt SO_BSD COMPAT Oct 7 13:07:40 gate kernel: ------------[ cut here ]------------ Oct 7 13:07:40 gate kernel: kernel BUG at net/core/dev.c:3485! Oct 7 13:07:40 gate kernel: invalid opcode: 0000 [#1] Oct 7 13:07:40 gate kernel: last sysfs file: /devices/platform/sis5595.656/temp1_ max Oct 7 13:07:40 gate kernel: Modules linked in: xt_state xt_limit xt_tcpudp xt_mul tiport iptable_mangle iptable_nat nf_conntrack_ipv4 iptable_filter ip_tables nf_na t_tftp nf_conntrack_tftp nf_nat_h323 nf_conntrack_h323 nf_nat_irc nf_nat_ftp nf_co nntrack_irc nf_conntrack_ftp ipt_MASQUERADE nf_nat nf_conntrack nfnetlink ipt_REJE CT ipt_LOG x_tables at76_usb firmware_class e100 ohci_hcd usbcore i2c_sis630 i2c_s is5595 i2c_core sis5595 hisax isdn eepro100 Oct 7 13:07:40 gate kernel: Oct 7 13:07:40 gate kernel: Pid: 2235, comm: isdnctrl Not tainted (2.6.23-rc8-mm2 -gate #1) Oct 7 13:07:40 gate kernel: EIP: 0060:[<c029ad8a>] EFLAGS: 00010246 CPU: 0 Oct 7 13:07:40 gate kernel: EIP is at register_netdevice+0x6d/0x2c1 Oct 7 13:07:40 gate kernel: EAX: 00000000 EBX: c786501c ECX: 00000000 EDX: 00000d 99 Oct 7 13:07:40 gate kernel: ESI: c786501c EDI: 00000000 EBP: c1657d08 ESP: c1657c ec Oct 7 13:07:40 gate kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Oct 7 13:07:40 gate kernel: Process isdnctrl (pid: 2235, ti=c1656000 task=c14c306 0 task.ti=c1656000) Oct 7 13:07:40 gate kernel: Stack: c786501c 00000000 c1657d00 c0309ec6 c1657d68 c 786501c 00000000 c1657d18 Oct 7 13:07:40 gate kernel: c029b010 c1657d68 c7865000 c1657d38 c885a0fa c 884e39c c8864598 c786501c Oct 7 13:07:40 gate kernel: c1657d68 00000000 bfbf779d c1657f60 c886484d c 212ef80 c1561980 c1805ab0 Oct 7 13:07:40 gate kernel: Call Trace: Oct 7 13:07:40 gate kernel: [<c029b010>] register_netdev+0x32/0x3f Oct 7 13:07:40 gate kernel: [<c885a0fa>] isdn_net_new+0x111/0x2ca [isdn] Oct 7 13:07:40 gate kernel: [<c886484d>] isdn_ioctl+0x2b5/0xb46 [isdn] Oct 7 13:07:40 gate kernel: [<c015f53c>] do_ioctl+0x40/0x50 Oct 7 13:07:40 gate kernel: [<c015f738>] vfs_ioctl+0x1ec/0x203 Oct 7 13:07:40 gate kernel: [<c015f780>] sys_ioctl+0x31/0x49 Oct 7 13:07:40 gate kernel: [<c0103e12>] syscall_call+0x7/0xb Oct 7 13:07:40 gate kernel: [<b7f54de4>] 0xb7f54de4 Oct 7 13:07:40 gate kernel: ======================= Oct 7 13:07:40 gate kernel: Code: e8 3f a5 e6 ff ba 99 0d 00 00 b8 b4 3c 38 c0 e8 96 82 e7 ff 83 bb 20 02 00 00 00 74 04 0f 0b eb fe 8b 83 80 02 00 00 85 c0 75 04 <0f> 0b eb fe 89 45 f0 b9 4c 2e 48 c0 ba 8e 3e 38 c0 8d 83 78 01 Oct 7 13:07:40 gate kernel: EIP: [<c029ad8a>] register_netdevice+0x6d/0x2c1 SS:ES P 0068:c1657cec Oct 7 13:18:17 gate syslogd 1.4.1#20: restart. Oct 7 13:18:17 gate kernel: klogd 1.4.1#20, log source = /proc/kmsg started. Oct 7 13:18:17 gate kernel: Linux version 2.6.16-cks11-gate (root@...e) (gcc vers ion 4.0.4 20060507 (prerelease) (Debian 4.0.3-3)) #1 Sat May 27 14:45:18 CEST 2006 [logging was then back into 2.6.16 above] 2.6.23-rc8-mm2/net/core/dev.c/register_netdevice(): int register_netdevice(struct net_device *dev) { struct hlist_head *head; struct hlist_node *p; int ret; struct net *net; BUG_ON(dev_boot_phase); ASSERT_RTNL(); might_sleep(); /* When net_device's are persistent, this will be fatal. */ BUG_ON(dev->reg_state != NETREG_UNINITIALIZED); BUG_ON(!dev->nd_net); net = dev->nd_net; spin_lock_init(&dev->queue_lock); spin_lock_init(&dev->_xmit_lock); netdev_set_lockdep_class(&dev->_xmit_lock, dev->type); dev->xmit_lock_owner = -1; spin_lock_init(&dev->ingress_lock); dev->iflink = -1; /* Init, if this function is available */ if (dev->init) { ret = dev->init(dev); if (ret) { if (ret > 0) ret = -EIO; goto out; } } objdump -D linux-2.6.23-rc8-mm2/vmlinux|less : c029ad1d <register_netdevice>: c029ad1d: 55 push %ebp c029ad1e: 89 e5 mov %esp,%ebp c029ad20: 57 push %edi c029ad21: 56 push %esi c029ad22: 53 push %ebx c029ad23: 89 c3 mov %eax,%ebx c029ad25: 83 ec 10 sub $0x10,%esp c029ad28: 83 3d 4c fa 41 c0 00 cmpl $0x0,0xc041fa4c c029ad2f: 74 04 je c029ad35 <register_netdevice+0x18> c029ad31: 0f 0b ud2a c029ad33: eb fe jmp c029ad33 <register_netdevice+0x16> c029ad35: e8 7e 7f 00 00 call c02a2cb8 <rtnl_trylock> c029ad3a: 85 c0 test %eax,%eax c029ad3c: 74 26 je c029ad64 <register_netdevice+0x47> c029ad3e: e8 79 78 00 00 call c02a25bc <rtnl_unlock> c029ad43: c7 44 24 08 97 0d 00 movl $0xd97,0x8(%esp) c029ad4a: 00 c029ad4b: c7 44 24 04 b4 3c 38 movl $0xc0383cb4,0x4(%esp) c029ad52: c0 c029ad53: c7 04 24 c3 3c 38 c0 movl $0xc0383cc3,(%esp) c029ad5a: e8 13 e3 e7 ff call c0119072 <printk> c029ad5f: e8 3f a5 e6 ff call c01052a3 <dump_stack> c029ad64: ba 99 0d 00 00 mov $0xd99,%edx c029ad69: b8 b4 3c 38 c0 mov $0xc0383cb4,%eax c029ad6e: e8 96 82 e7 ff call c0113009 <__might_sleep> c029ad73: 83 bb 20 02 00 00 00 cmpl $0x0,0x220(%ebx) c029ad7a: 74 04 je c029ad80 <register_netdevice+0x63> c029ad7c: 0f 0b ud2a c029ad7e: eb fe jmp c029ad7e <register_netdevice+0x61> c029ad80: 8b 83 80 02 00 00 mov 0x280(%ebx),%eax c029ad86: 85 c0 test %eax,%eax c029ad88: 75 04 jne c029ad8e <register_netdevice+0x71> c029ad8a: 0f 0b ud2a c029ad8c: eb fe jmp c029ad8c <register_netdevice+0x6f> c029ad8e: 89 45 f0 mov %eax,0xfffffff0(%ebp) c029ad91: b9 4c 2e 48 c0 mov $0xc0482e4c,%ecx c029ad96: ba 8e 3e 38 c0 mov $0xc0383e8e,%edx c029ad9b: 8d 83 78 01 00 00 lea 0x178(%ebx),%eax c029ada1: e8 8e d9 f7 ff call c0218734 <__spin_lock_init> c029ada6: 8d 83 b4 01 00 00 lea 0x1b4(%ebx),%eax c029adac: b9 4c 2e 48 c0 mov $0xc0482e4c,%ecx c029adb1: ba 9f 3e 38 c0 mov $0xc0383e9f,%edx c029adb6: e8 79 d9 f7 ff call c0218734 <__spin_lock_init> c029adbb: ba b0 3e 38 c0 mov $0xc0383eb0,%edx c029adc0: b9 4c 2e 48 c0 mov $0xc0482e4c,%ecx c029adc5: c7 83 c4 01 00 00 ff movl $0xffffffff,0x1c4(%ebx) c029adcc: ff ff ff c029adcf: 8d 83 a0 01 00 00 lea 0x1a0(%ebx),%eax c029add5: e8 5a d9 f7 ff call c0218734 <__spin_lock_init> c029adda: 8b 53 40 mov 0x40(%ebx),%edx c029addd: c7 43 50 ff ff ff ff movl $0xffffffff,0x50(%ebx) c029ade4: 85 d2 test %edx,%edx c029ade6: 74 1b je c029ae03 <register_netdevice+0xe6> Since EIP is c029ad8a, following the code flow it clearly looks to me as if it's the BUG_ON(!dev->nd_net); check which caused the BUG message. This is a K6-3/450@150 running Debian stable. lsmod (NOTE: this is on 2.6.16!!): Module Size Used by sch_ingress 4356 1 cls_u32 7044 5 sch_tbf 6272 1 sch_sfq 5632 4 sch_htb 15616 1 ppp_async 11648 1 crc_ccitt 2176 1 ppp_async ipt_ULOG 7712 1 xt_state 2176 4 xt_limit 2688 11 xt_tcpudp 3328 48 ipt_multiport 2560 10 iptable_mangle 2816 0 iptable_nat 7684 1 iptable_filter 3072 1 ip_tables 11736 3 iptable_mangle,iptable_nat,iptable_filter ip_nat_tftp 1920 0 ip_conntrack_tftp 4244 1 ip_nat_tftp ip_nat_irc 2688 0 ip_nat_ftp 3200 0 ip_conntrack_irc 6680 1 ip_nat_irc ip_conntrack_ftp 7324 1 ip_nat_ftp ipt_MASQUERADE 3712 1 ip_nat 15764 5 iptable_nat,ip_nat_tftp,ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE ip_conntrack 44196 10 xt_state,iptable_nat,ip_nat_tftp,ip_conntrack_tftp,ip_nat_irc,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_ftp,ipt_MASQUERADE,ip_nat ipt_REJECT 5248 0 ipt_LOG 6144 11 x_tables 12292 10 ipt_ULOG,xt_state,xt_limit,xt_tcpudp,ipt_multiport,iptable_nat,ip_tables,ipt_MASQUERADE,ipt_REJECT,ipt_LOG e100 33284 0 at76c503_rfmd 5260 0 firmware_class 10112 1 at76c503_rfmd at76c503 79840 1 at76c503_rfmd at76_usbdfu 4996 1 at76c503 ohci_hcd 29700 0 usbcore 126240 5 at76c503_rfmd,at76c503,at76_usbdfu,ohci_hcd i2c_sis630 8844 0 i2c_sis5595 7940 0 sis5595 14216 0 i2c_isa 5888 1 sis5595 i2c_core 22144 4 i2c_sis630,i2c_sis5595,sis5595,i2c_isa hisax 175100 2 isdn 108864 5 hisax eepro100 29456 0 root@...e:/usr/src/linux-2.6.23-rc8-mm2/net# dpkg -l|grep isdn ii isdnlog 3.9.20060704-3 ISDN connection logger ii isdnlog-data 3.9.20060704-3 data for isdnlog users ii isdnutils 3.9.20060704-3 Most important ISDN-related packages and uti ii isdnutils-base 3.9.20060704-3 ISDN utilities, the basic (minimal) set ii isdnutils-xtools 3.9.20060704-3 ISDN utilities that use X ii isdnvboxclient 3.9.20060704-3 ISDN answering machine, client ii isdnvboxserver 3.9.20060704-3 ISDN answering machine, server CONFIG_ISDN=m CONFIG_ISDN_I4L=m CONFIG_ISDN_PPP=y CONFIG_ISDN_PPP_VJ=y CONFIG_ISDN_MPP=y # CONFIG_IPPP_FILTER is not set CONFIG_ISDN_PPP_BSDCOMP=m CONFIG_ISDN_AUDIO=y # CONFIG_ISDN_TTY_FAX is not set # # ISDN feature submodules # CONFIG_ISDN_DRV_LOOP=m # CONFIG_ISDN_DIVERSION is not set # # ISDN4Linux hardware drivers # # # Passive cards # CONFIG_ISDN_DRV_HISAX=m # # D-channel protocol features # CONFIG_HISAX_EURO=y CONFIG_DE_AOC=y # CONFIG_HISAX_NO_SENDCOMPLETE is not set # CONFIG_HISAX_NO_LLC is not set # CONFIG_HISAX_NO_KEYPAD is not set # CONFIG_HISAX_1TR6 is not set # CONFIG_HISAX_NI1 is not set CONFIG_HISAX_MAX_CARDS=8 # # HiSax supported cards # # CONFIG_HISAX_16_0 is not set CONFIG_HISAX_16_3=y CONFIG_HISAX_TELESPCI=y # CONFIG_HISAX_S0BOX is not set # CONFIG_HISAX_AVM_A1 is not set CONFIG_HISAX_FRITZPCI=y # CONFIG_HISAX_AVM_A1_PCMCIA is not set # CONFIG_HISAX_ELSA is not set # CONFIG_HISAX_IX1MICROR2 is not set # CONFIG_HISAX_DIEHLDIVA is not set # CONFIG_HISAX_ASUSCOM is not set # CONFIG_HISAX_TELEINT is not set # CONFIG_HISAX_HFCS is not set # CONFIG_HISAX_SEDLBAUER is not set CONFIG_HISAX_SPORTSTER=y # CONFIG_HISAX_MIC is not set # CONFIG_HISAX_NETJET is not set # CONFIG_HISAX_NETJET_U is not set # CONFIG_HISAX_NICCY is not set # CONFIG_HISAX_ISURF is not set # CONFIG_HISAX_HSTSAPHIR is not set # CONFIG_HISAX_BKM_A4T is not set # CONFIG_HISAX_SCT_QUADRO is not set # CONFIG_HISAX_GAZEL is not set CONFIG_HISAX_HFC_PCI=y CONFIG_HISAX_W6692=y # CONFIG_HISAX_HFC_SX is not set # CONFIG_HISAX_DEBUG is not set # # HiSax PCMCIA card service modules # # # HiSax sub driver modules # # CONFIG_HISAX_ST5481 is not set # CONFIG_HISAX_HFCUSB is not set # CONFIG_HISAX_HFC4S8S is not set CONFIG_HISAX_FRITZ_PCIPNP=m # # Active cards # # CONFIG_ISDN_DRV_ICN is not set # CONFIG_ISDN_DRV_PCBIT is not set # CONFIG_ISDN_DRV_SC is not set # CONFIG_ISDN_DRV_ACT2000 is not set # CONFIG_HYSDN is not set # CONFIG_ISDN_DRV_GIGASET is not set # CONFIG_ISDN_CAPI is not set # CONFIG_PHONE is not set lspci (NOTE: on 2.6.16!!): 00:09.0 Network controller: Cologne Chip Designs GmbH ISDN network controller [HFC-PCI] (rev 02) I used to have an ISA-based card (Teles?) in there, replaced by the PCI one about 2 years ago. grep isdnctrl /etc/isdn/*: /etc/isdn/device.ippp0:# Read the isdnctrl manpage for more info. /etc/isdn/device.ippp0: isdnctrl addif ${device} /etc/isdn/device.ippp0: isdnctrl eaz ${device} $LOCALMSN /etc/isdn/device.ippp0: # "name". More than one number can be set by calling isdnc trl addphone /etc/isdn/device.ippp0: isdnctrl addphone ${device} out $LEADINGZE RO$MSN /etc/isdn/device.ippp0: # disabled. More than one number can be set by calling isd nctrl addphone /etc/isdn/device.ippp0: # isdnctrl addphone ${device} in $MSN /etc/isdn/device.ippp0: # been added to the access list with isdnctrl addphone nam e in. /etc/isdn/device.ippp0: isdnctrl secure ${device} on /etc/isdn/device.ippp0: isdnctrl huptimeout ${device} 180 # XXX_ /etc/isdn/device.ippp0: #isdnctrl dialmax ${device} 3 /etc/isdn/device.ippp0: #isdnctrl ihup ${device} on /etc/isdn/device.ippp0: isdnctrl encap ${device} $ENCAP /etc/isdn/device.ippp0: isdnctrl l2_prot ${device} hdlc /etc/isdn/device.ippp0: isdnctrl l3_prot ${device} trans /etc/isdn/device.ippp0: isdnctrl verbose 2 /etc/isdn/device.ippp0: #isdnctrl chargehup ${device} on /etc/isdn/device.ippp0: #isdnctrl chargeint ${device} NUM /etc/isdn/device.ippp0: #isdnctrl callback ${device} MODE /etc/isdn/device.ippp0: #isdnctrl cbdelay ${device} SECONDS /etc/isdn/device.ippp0: #isdnctrl cbhup ${device} MODE /etc/isdn/device.ippp0: # See also : isdnctrl(8), isdnctrl help text /etc/isdn/device.ippp0: isdnctrl pppbind ${device} $bindnum /etc/isdn/device.ippp0: isdnctrl dialmode $device $DIALMODE >/dev/null 2>&1 /etc/isdn/device.ippp0: isdnctrl dialmode $device off >/dev/null 2>&1 /etc/isdn/device.ippp0: isdnctrl delif $device 2> /dev/null /etc/isdn/init.d.functions: # can't count on "isdnctrl status all" working yet, unfortunately... /etc/isdn/init.d.functions: DEVS=`/usr/sbin/isdnctrl list all | grep 'Current setup' | cut -f2 -d"'" | sort` /etc/isdn/init.d.functions: if [ ! -e /dev/isdnctrl ]; then /etc/isdn/init.d.functions: cd /dev && ln -s isdnctrl0 isdnctrl /etc/isdn/init.d.functions: cardnum=0 # counts in channels, just like /dev/is dnctrlX /etc/isdn/init.d.functions: for optionfile in /etc/isdn/isdnlog.isdnctrl[02468] ; do /etc/isdn/init.d.functions: devicenum=${device#isdnctrl} /etc/isdn/init.d.functions: # test for isdnctrl dualmode. With dualmode, on e isdnlog listens to /etc/isdn/init.d.functions: for optionfile in /etc/isdn/isdnlog.isdnctrl?; do /etc/isdn/init.d.functions: for optionfile in /etc/isdn/isdnlog.isdnctrl?; do /etc/isdn/init.d.functions: /usr/sbin/isdnctrl delif $device >/ dev/null 2>&1 || true /etc/isdn/init.d.functions: /usr/sbin/isdnctrl delif $device >/dev/null 2>&1 || true /etc/isdn/netdown.old:eval `grep '^ isdnctrl addphone' /etc/isdn/device.ippp0 | sed 's,addphone,delphone,'` /etc/isdn/netdown.old:/sbin/isdnctrl hangup ippp0 /etc/isdn/netup.old:eval `grep '^ isdnctrl addphone' /etc/isdn/device.ippp0` /etc/isdn/stop: /usr/sbin/isdnctrl system off /etc/isdn/xisdnload-netdown:# script again). So, putting "isdnctrl dialmode all of f" here is not that /etc/isdn/xisdnload-netdown:# useful, as you have to do "isdnctrl dialmode all aut o" manually... /etc/isdn/xisdnload-netdown:/usr/sbin/isdnctrl hangup ippp0 > /dev/null /etc/isdn/xmonisdn-netdown:/usr/sbin/isdnctrl dialmode all off /etc/isdn/xmonisdn-netup:/usr/sbin/isdnctrl dialmode all auto I intend to still try to get it up and running with 2.6.23-rc8-mm2 today (with some workarounds hopefully, maybe even disabling ISDN completely)... The last running kernel (I didn't have newer ones in between), up for some 110 days was 2.6.19-cks2 (IOW, I cannot quite say that "this is an important regression, it has been broken very recently"). Thanks, Andreas Mohr - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists