| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Aug 2008 20:40:56 +0200 (CEST) From: Krzysztof Oledzki <ole@....pl> To: Arjan van de Ven <arjan@...radead.org> cc: netdev@...r.kernel.org, kaber@...sh.net Subject: Re: Warning when unloading the nf_conntack module (regression?) On Mon, 4 Aug 2008, Krzysztof Oledzki wrote: > > > On Sun, 3 Aug 2008, Krzysztof Oledzki wrote: > >> >> >> On Sun, 3 Aug 2008, Arjan van de Ven wrote: >> >>> The warning below started showing up on kerneloops.org in the top 20 and >>> it appears to >>> be new in 2.6.27-rc (e.g. a regression)... >>> >>> It happens when nf_conntrack is rmmod'd >>> >>> >>> The reports: >>> http://www.kerneloops.org/search.php?search=nf_conntrack_acct_fini >>> >>> The warning: >>> >>> WARNING: at kernel/sysctl.c:1966 unregister_sysctl_table+0xcc/0x103() >>> >>> Modules : nf_conntrack(-) >>> >>> Call Trace: >>> [<ffffffff81043bc8>] warn_on_slowpath+0x65/0x98 >>> [<ffffffff8104abdf>] unregister_sysctl_table+0xcc/0x103 >>> [<ffffffffa0306655>] nf_conntrack_acct_fini+0x15/0x23 [nf_conntrack] >>> [<ffffffffa03018a1>] nf_conntrack_cleanup+0x84/0x86 [nf_conntrack] >>> [<ffffffffa0306944>] nf_conntrack_standalone_fini+0x40/0x42 [nf_conntrack] >>> [<ffffffff810700d0>] sys_delete_module+0x202/0x263 >>> [<ffffffff8101034a>] system_call_fastpath+0x16/0x1b >> >> Thanks. It seems I'm the person who introduced it. I'll look at it ASAP. > > Probably spoken too fast. This problem was introduced in 2.6.26-git15, about > one week after my accounting rework had been included. Obviously there is > something wrong with netfilter sysctl handling as starting with this kernel > version sysctl reports duplicated net.netfilter: > > # find /proc/sys/net/|grep net/netf > /proc/sys/net/netfilter > /proc/sys/net/netfilter/nf_conntrack_generic_timeout > /proc/sys/net/netfilter/nf_conntrack_acct > /proc/sys/net/netfilter > /proc/sys/net/netfilter/nf_conntrack_generic_timeout > /proc/sys/net/netfilter/nf_conntrack_acct > > # sysctl -a|grep net.netfilter > net.netfilter.nf_conntrack_generic_timeout = 600 > net.netfilter.nf_conntrack_acct = 1 > net.netfilter.nf_conntrack_generic_timeout = 600 > net.netfilter.nf_conntrack_acct = 1 > > Still investigating. BTW: It also happens when I revert my patch: sysctl -a|grep net.netfilter net.netfilter.nf_conntrack_generic_timeout = 600 net.netfilter.nf_conntrack_generic_timeout = 600 Best regards, Krzysztof Olędzki
Powered by blists - more mailing lists