This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Re: Panic in ipt_do_table with

To: Matt Ayres <matta@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Re: Panic in ipt_do_table with
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Tue, 23 May 2006 22:27:17 +0100
Cc: Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>
Delivery-date: Tue, 23 May 2006 14:32:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <44737D53.9050006@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4468BE70.7030802@xxxxxxxxxxxx> <4468D613.20309@xxxxxxxxx> <44691669.4080903@xxxxxxxxxxxx> <Pine.LNX.4.64.0605152331140.10964@xxxxxxx> <4469D84F.8080709@xxxxxxxxxxxx> <Pine.LNX.4.64.0605161127030.16379@xxxxxxx> <446D0A0D.5090608@xxxxxxxxxxxx> <Pine.LNX.4.64.0605182002330.6528@xxxxxxx> <446D0E6D.2080600@xxxxxxxxxxxx> <446D151D.6030307@xxxxxxxxxxxx> <4470A6CD.5010501@xxxxxxxxx> <4471CB54.401@xxxxxxxxxxxx> <4471CE19.5070802@xxxxxxxxx> <bf76eefc5234d32440c822acd2879a8a@xxxxxxxxxxxx> <44737D53.9050006@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 23 May 2006, at 22:23, Matt Ayres wrote:

Having looked at disassembly, the fault happens when accessing e->ip.invflags in ip_packet_match() inlined inside ipt_do_table(). e = private->entries[smp_processor_id()] + private->hook_entry[NF_IP_FORWARD] smp_processor_id() should be 0 (since the oops appears to occur on cpu0) and presumably all the ipt_entry structures are static once set up. Since this crash happens on a common path in ipt_do_table(), and since it happens only after the system has been up a while (I believe?), it rather looks as though something has either corrupted a pointer or unmapped memory from under iptables' feet.

As the concerned user, what does this mean to me? It will only affect SMP systems? It is a bug in Xen or netfilter?

Probably a Xen bug, but if so then it's basically a memory corruption. It's weird it would hit the iptables rules every time though, and not be a more random crash. This might well need reproducing in a developer test-machine environment to stand a chance of tracking down.

 -- Keir

I'd just like to understand what is going on.

Xen-devel mailing list