This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Re: Panic in ipt_do_table with

To: Matt Ayres <matta@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Re: Panic in ipt_do_table with
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Mon, 22 May 2006 16:43:37 +0200
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
Delivery-date: Tue, 23 May 2006 02:14:03 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <4471CB54.401@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4468BE70.7030802@xxxxxxxxxxxx> <4468D613.20309@xxxxxxxxx> <44691669.4080903@xxxxxxxxxxxx> <Pine.LNX.4.64.0605152331140.10964@xxxxxxx> <4469D84F.8080709@xxxxxxxxxxxx> <Pine.LNX.4.64.0605161127030.16379@xxxxxxx> <446D0A0D.5090608@xxxxxxxxxxxx> <Pine.LNX.4.64.0605182002330.6528@xxxxxxx> <446D0E6D.2080600@xxxxxxxxxxxx> <446D151D.6030307@xxxxxxxxxxxx> <4470A6CD.5010501@xxxxxxxxx> <4471CB54.401@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0.7 (X11/20051019)
Matt Ayres wrote:
> Patrick McHardy wrote:
>> Matt Ayres wrote:
>>> I think I confirmed the NIC is not the source of the problem.  A few of
>>> my servers have e100/tulip NIC's due to a bug with the chipset of the
>>> on-board TG3 cards firmware and TSO.  These servers that use the
>>> e100/tulip drivers also experience the ipt_do_table bug.
>> There is an identical report in the netfilter bugzilla, also crashes
>> (on x86_64) in ipt_do_table with Xen. I haven't heard anything of
>> similar crashes without Xen, so I doubt that the bug is in the
>> netfilter code.
>> https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=478
> Yep... too coincidental.  I'd say it has _something_ to do with Xen.
> I've been doing different things on my side to try to reduce the
> severity of the problem, but I'd really like to hear what the Xen guys
> have to say about this now..

Maybe this helps: there is not too much the Xen code could be doing
wrong here. If I read your crash correctly it happend in the FORWARD
chain, which could mean that the outgoing device (probably the Xen
virtual network driver) has some bugs, but iptables really only cares
about the names at this point, which practically can't be bogus.
The only other thing I can imagine is that something is wrong with
the per-CPU copy of the ruleset, i.e. either smp_processor_id is
returning garbage or for_each_possible_cpu misses a CPU during
initialization. I have no idea if Xen really does touch this code,
but other than that I don't really see what it could break.

Xen-devel mailing list