It is currently Tue, 14 Jul 2020 00:44:18 GMT



 
Author Message
 list_head debugging
[sorry for the nonexistent In-Reply-To/whatever headers - cutting&pasting]

I'm not current with the kernel tree, but will one such oops occur in
netfilter?  See

http://www.**-**.com/

Hmm, no.  A DoS maybe?

Bernd Jendrissek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at   http://www.**-**.com/
Please read the FAQ at   http://www.**-**.com/



 Tue, 23 Nov 2004 22:30:10 GMT   
 list_head debugging

An oops, actually.  This code:

         /* Remove from both hash lists: must not NULL out next ptrs,
            otherwise we'll look unconfirmed.  Fortunately, LIST_DELETE
            doesn't do this. --RR */
         LIST_DELETE(&ip_conntrack_hash
                     [hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple)],
                     &ct->tuplehash[IP_CT_DIR_ORIGINAL]);
         LIST_DELETE(&ip_conntrack_hash
                     [hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple)],
                     &ct->tuplehash[IP_CT_DIR_REPLY]);

I think what is needed is:

--- 2.5.20/net/ipv4/netfilter/ip_conntrack_core.c~ipconntrack-lists     Fri Jun  7 11:26:38 2002
+++ 2.5.20-akpm/net/ipv4/netfilter/ip_conntrack_core.c  Fri Jun  7 11:26:42 2002
@@ -210,17 +210,22 @@ static void destroy_expectations(struct
  static void
  clean_from_lists(struct ip_conntrack *ct)
  {
+
struct list_head *l1;
+
struct list_head *l2;
+
        DEBUGP("clean_from_lists(%p)\n", ct);
        MUST_BE_WRITE_LOCKED(&ip_conntrack_lock);
-
/* Remove from both hash lists: must not NULL out next ptrs,
-           otherwise we'll look unconfirmed.  Fortunately, LIST_DELETE
-           doesn't do this. --RR */
+
+
l1 = &ct->tuplehash[IP_CT_DIR_ORIGINAL];
+
l2 = &ct->tuplehash[IP_CT_DIR_REPLY];
+
        LIST_DELETE(&ip_conntrack_hash
                    [hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple)],
-
            &ct->tuplehash[IP_CT_DIR_ORIGINAL]);
-
LIST_DELETE(&ip_conntrack_hash
-
            [hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple)],
-
            &ct->tuplehash[IP_CT_DIR_REPLY]);
+
            l1);
+
if (l1 != l2)
+
        LIST_DELETE(&ip_conntrack_hash
+
                    [hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple)],
+
                    l2);

        /* Destroy all un-established, pending expectations */
        destroy_expectations(ct);

-

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



 Wed, 24 Nov 2004 02:30:12 GMT   
 list_head debugging
Hi,

The two codes actually identical, because the condition is always true.
There is no connection where the ORIGINAL and REPLY tuples would be equal.

Regards,
Jozsef
-
E-mail  : kad...@blackhole.kfki.hu, kad...@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



 Tue, 30 Nov 2004 20:10:07 GMT   
 
   [ 3 post ] 

Similar Threads

1. list_head debugging patch

2. 2.5.39 list_head debugging

3. list_head debugging?

4. list_head debugging

5. convert tty_drivers to list_heads

6. vma->shared list_head initializations

7. move the mempool list_head out of the managed elements

8. list_head makes me crazy

9. Help with kernel source (struct list_head)

10. : Kernel debugging (saving debug info)


 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software