On Sat, Oct 19, 2013 at 07:37:10PM +0300, Julian Anastasov wrote:
> On Fri, 18 Oct 2013, Hannes Frederic Sowa wrote:
> > I played around with your patch and tested xt_TEE. I added a TEE rule to
> > mangle/OUTPUT and pinged. This happend, I have not yet analyzed it:
> > [ 101.126649] ------------[ cut here ]------------
> > [ 101.128436] BUG: unable to handle kernel paging request at
> > fffffffb8a2fda88
> > [ 101.129421] IP: [<ffffffff810c9737>] cpuacct_charge+0x97/0x200
> > [ 101.129421] PGD 1c0f067 PUD 0
> > [ 101.129421] Thread overran stack, or stack corrupted
> Problem with process stack? May be some packet loop
> happens? Because I can not reproduce such problem in my
> virtual setup, I tested TEE too, with careful packet
> matching and 1 CPU. Should I assume that you don't have such
> oops when the patch is not applied, with the same TEE rule?
Oh, sorry, you are right. It happens with an unpatched net-next kernel, too.
I inserted the TEE rule in mangel/OUTGOING and had only one route, ip -6 r a
default via fe80::1 dev eth0 which at the time of the panic was actually not
> > [ 101.129421] Oops: 0000 [#1] SMP
> You don't appear to have PREEMPT in above line.
> I'm not sure when preemption is enabled if tee_tg6() does
> not have a problem with its anti-loop measures (tee_active).
> Is preemption possible in OUTPUT hook, i.e. can we change
> the CPU while playing with tee_active and as result change
> different flag?
Hm, maybe. I don't have too much insight into netfilter stack and
what are the differences between OUTPUT and FORWARD path but plan to
Anyways just wanted to let you know that unpatched kernels are affected, too.
Will have a closer look later.
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html