Message ID | 20101013202105.15011.60553.stgit@paris.rdu.redhat.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Am 13.10.2010 22:21, schrieb Eric Paris: > Commit 4a5a5c73 attempted to pass decent error messages back to userspace for > netfilter errors. In xt_SECMARK.c however the patch screwed up and returned > on 0 (aka no error) early and didn't finish setting up secmark. This results > in a kernel BUG if you use SECMARK. > > ------------[ cut here ]------------ > kernel BUG at net/netfilter/xt_SECMARK.c:38! > invalid opcode: 0000 [#1] SMP > last sysfs file: /sys/devices/system/cpu/cpu2/cache/index2/shared_cpu_map > CPU 0 > Modules linked in: xt_SECMARK iptable_mangle nfs lockd fscache nfs_acl > auth_rpcgss sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables > uinput virtio_net virtio_balloon i2c_piix4 i2c_core joydev microcode ipv6 > virtio_blk virtio_pci virtio_ring virtio [last unloaded: speedstep_lib] > > ... > RIP [<ffffffffa022117d>] secmark_tg+0x17/0x2e [xt_SECMARK] > RSP <ffff880003e03a40> > ---[ end trace 9aa5d06a71143e74 ]--- > > Signed-off-by: Eric Paris <eparis@redhat.com> > Acked-by: Paul Moore <paul.moore@hp.com> > Acked-by: James Morris <jmorris@namei.org> Acked-by: Patrick McHardy <kaber@trash.net> I'll leave it up to Dave whether this can still go into 2.6.36. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 15 Oct 2010, Patrick McHardy wrote: > > ... > > RIP [<ffffffffa022117d>] secmark_tg+0x17/0x2e [xt_SECMARK] > > RSP <ffff880003e03a40> > > ---[ end trace 9aa5d06a71143e74 ]--- > > > > Signed-off-by: Eric Paris <eparis@redhat.com> > > Acked-by: Paul Moore <paul.moore@hp.com> > > Acked-by: James Morris <jmorris@namei.org> > > Acked-by: Patrick McHardy <kaber@trash.net> > > I'll leave it up to Dave whether this can still go into 2.6.36. FYI, I have a copy now in my #next branch, as it's a pre-requisite for further patches.
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 23b2d6c..364ad16 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) switch (info->mode) { case SECMARK_MODE_SEL: err = checkentry_selinux(info); - if (err <= 0) + if (err) return err; break;