[pso] [Tema4] Not synching in hook

omar Chouydary chouydary at yahoo.com
Thu May 31 12:37:55 EEST 2007 

Se pare ca problema nu este de la vmxnet driver , deoarece si pe site primesc aceleasi erori.
  Am mai observat ca primesc acest kernel panic si in alte ocazii gen:
   
    - apelez kmalloc (cu GPF_ATOMIC)
    - fac ceva care dureaza nitel (ex. un while)
   
  De asemeni am remarcat ca eroarea se intampla numai cand incarc hook-ul pt IN, atat pentru NF_IP_PRE_ROUTING cat si pentru NF_IP_LOCAL_IN.
   
  Daca inregistrez hook-ul doar pentru NF_IP_LOCAL_OUT nu am nici o problema, nici cu printk si nici cu kmalloc. 
   
  La ambele(in si out) am incercat atat cu prioritatea NF_IP_PRI_FIRST cat si cu _FILTER. 
  E ceva special ce trebuie facut la NF_IP_LOCAL_IN (sau _PRE_ROUTING) ca sa nu dea panic?
  

omar Chouydary <chouydary at yahoo.com> wrote:
    Tot aceeasi eroare o patesc si eu. Se intampla destul de "random". Nu fac nimic deosebit in hook, dar cum intra in hook da kernel panic. 
  Un exemplu este apelarea lui "printk" in hook. Daca fac un simplu printk urmat de return NF_ACCEPT primesc kernel panic. Folosesc masina virtuala de windows iar sistemul are netconsole activat. Ma gandesc sa nu fie de la driverul vmxnet al masinii virtuale.
   
  Care ar fi cauza acestui kernel panic la apelarea unui simplu printk in hook?
   
  Asta este output-ul:
   
  BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
d883d08d
*pde = 00000000
Packet in hook
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: ipdriver netconsole vmhgfs vmxnet
CPU:    0
EIP:    0060:[<d883d08d>]    Tainted: P      VLI
EFLAGS: 00010282   (2.6.18 #6)
EIP is at ipdriver_hookfn+0x1d/0x50 [ipdriver]
eax: 00000000   ebx: d883e1d0   ecx: 00000001   edx: d685b816
esi: c04a4f2c   edi: c067b548   ebp: c04a4ee8   esp: c04a4ee8
ds: 007b   es: 007b   ss: 0068
Process sshd (pid: 15835, ti=c04a4000 task=cd253580 task.ti=caa5c000)
Stack: c04a4f0c c02cde14 00000000 c02d3360 00000001 c04a4f54 00000001 c04a4f54
       c067b548 c04a4f3c c02cdf69 d6385000 00000000 c04a4f2c c02d3360 80000000
       00000002 d883e1d0 d685b816 d6969f5c d6385000 c04a4f64 c02d3c92 d6385000
Call Trace:
 [<c02cde14>] nf_iterate+0x54/0x80
 [<c02cdf69>] nf_hook_slow+0x49/0xd0
 [<c02d3c92>] ip_local_deliver+0x1e2/0x270
 [<c02d38b8>] ip_rcv+0x278/0x470
 [<c02bd381>] netif_receive_skb+0x1a1/0x2d0
 [<c02bed4d>] process_backlog+0x8d/0x130
 [<c02befd8>] net_rx_action+0xa8/0x1e0
 [<c011c770>] __do_softirq+0x70/0xe0
 [<c0105c68>] do_softirq+0x88/0xe0
 [<c011ca23>] local_bh_enable+0xc3/0x140
 [<c02bf1a8>] dev_queue_xmit+0x98/0x270
 [<c02d8ed8>] ip_output+0x148/0x240
 [<c02d8425>] ip_queue_xmit+0x1d5/0x470
 [<c02e81fd>] tcp_transmit_skb+0x37d/0x7e0
 [<c02e9e87>] __tcp_push_pending_frames+0x1f7/0x8d0
 [<c02ded7f>] tcp_sendmsg+0x7bf/0xba0
 [<c02f9c7c>] inet_sendmsg+0x2c/0x50
 [<c02b2469>] do_sock_write+0xa9/0xc0
 [<c02b2ad0>] sock_aio_write+0x60/0x70
 [<c015c873>] do_sync_write+0xb3/0xf0
 [<c015d223>] vfs_write+0x143/0x150
 [<c015d78b>] sys_write+0x3b/0x70
 [<c010316d>] sysenter_past_esp+0x56/0x99
 [<b7f28410>] 0xb7f28410
Code: c0 89 e5 5d c3 89 f6 8d bc 27 00 00 00 00 55 8b 0d 40 e4 83 d8 89 e5 85 c9
 74 16 8b 02 85 c0 74 10 8b 50 20 85 d2 74 09 8b 40 08 <66> 83 38 02 74 0d b8 01
 00 00 00 c9 c3 8d b6 00 00 00 00 68 a5
EIP: [<d883d08d>] ipdriver_hookfn+0x1d/0x50 [ipdriver] SS:ESP 0068:c04a4ee8
 <0>Kernel panic - not syncing: Fatal exception in interrupt
   
  
Costin Boldisor <costinb at rdslink.ro> wrote:
  BUG: unable to handle kernel paging request at virtual address bfc3eeb8
printing eip:
c882b444
*pde = 00000000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: ipdriver netconsole vmxnet
CPU: 0
EIP: 0060:[] Tainted: P VLI
EFLAGS: 00010283 (2.6.18 #6)
EIP is at myHookOut+0x134/0x210 [ipdriver]
eax: bfc3ee9c ebx: c42a927c ecx: c431d000 edx: 00000001
esi: c4249e70 edi: 00000001 ebp: c431dcac esp: c431dc88
ds: 007b es: 007b ss: 0068
Process test (pid: 2349, ti=c431d000 task=c431c580 task.ti=c431d000)
Stack: 00000000 00000002 00000000 00000000 c038f1bc c0a85e80 c882c6a8 
c431dcf0
c067b558 c431dcd0 c02cde14 c7f0f000 c02d5f40 00000003 c431dd20 00000003
c431dd20 c067b558 c431dd00 c02cdf69 00000000 c7f0f000 c431dcf0 c02d5f40
Call Trace:
[] nf_iterate+0x54/0x80
[] nf_hook_slow+0x49/0xd0
[] ip_queue_xmit+0x2af/0x470
[] tcp_transmit_skb+0x37d/0x7e0
[] tcp_connect+0x2c5/0x370
[] tcp_v4_connect+0x3e4/0x700
[] inet_stream_connect+0x1bd/0x240
[] sys_connect+0x55/0x80
[] sys_socketcall+0x82/0x1e0
[] sysenter_past_esp+0x56/0x99
[<40017410>] 0x40017410
Code: b8 00 c9 82 c8 e8 bd ef 8f f7 8b 1d 84 c6 82 c8 c7 05 80 c6 82 c8 00 
00 00 00 8b 03 0f 18 00 90 81 fb 84 c6 82 c8 74 41 8b 43 fc <8b> 48 1c 51 8b 
50 18 52 8b 78 14 57 8b 48 10 51 8b 50 04 52 8b
EIP: [] myHookOut+0x134/0x210 [ipdriver] SS:ESP 0068:c431dc88
<3>BUG: sleeping function called from invalid context at kernel/rwsem.c:20
in_atomic():1, irqs_disabled():0
[] show_trace_log_lvl+0x176/0x190
[] show_trace+0xd/0x10
[] dump_stack+0x19/0x20
[] __might_sleep+0x9a/0xb0
[] down_read+0x15/0x40
[] blocking_notifier_call_chain+0x11/0x30
[] profile_task_exit+0x11/0x20
[] do_exit+0x1c/0x940
[] die+0x2b2/0x2c0
DWARF2 unwinder stuck at die+0x2b2/0x2c0
Leftover inexact backtrace:
[] show_trace+0xd/0x10
[] dump_stack+0x19/0x20
[] __might_sleep+0x9a/0xb0
[] down_read+0x15/0x40
[] blocking_notifier_call_chain+0x11/0x30
[] profile_task_exit+0x11/0x20
[] do_exit+0x1c/0x940
[] die+0x2b2/0x2c0
[] do_page_fault+0x2f8/0x620
[] error_code+0x39/0x40
[] nf_iterate+0x54/0x80
[] nf_hook_slow+0x49/0xd0
[] ip_queue_xmit+0x2af/0x470
[] tcp_transmit_skb+0x37d/0x7e0
[] tcp_connect+0x2c5/0x370
[] tcp_v4_connect+0x3e4/0x700
[] inet_stream_connect+0x1bd/0x240
[] sys_connect+0x55/0x80
[] sys_socketcall+0x82/0x1e0
[] sysenter_past_esp+0x56/0x99
note: test[2349] exited with preempt_count 1
BUG: scheduling while atomic: test/0x00000001/2349
[] show_trace_log_lvl+0x176/0x190
[] show_trace+0xd/0x10
[] dump_stack+0x19/0x20
[] schedule+0x4ff/0x6a0
[] lock_sock+0x6c/0xc0
[] sock_fasync+0x3f/0x150
[] sock_close+0x14/0x40
[] __fput+0xac/0x1e0
[] fput+0x18/0x20
[] filp_close+0x3e/0x70
[] put_files_struct+0xb1/0xc0
[] do_exit+0x182/0x940
[] die+0x2b2/0x2c0
DWARF2 unwinder stuck at die+0x2b2/0x2c0
Leftover inexact backtrace:
[] show_trace+0xd/0x10
[] dump_stack+0x19/0x20
[] schedule+0x4ff/0x6a0
[] lock_sock+0x6c/0xc0
[] sock_fasync+0x3f/0x150
[] sock_close+0x14/0x40
[] __fput+0xac/0x1e0
[] fput+0x18/0x20
[] filp_close+0x3e/0x70
[] put_files_struct+0xb1/0xc0
[] do_exit+0x182/0x940
[] die+0x2b2/0x2c0
[] do_page_fault+0x2f8/0x620
[] error_code+0x39/0x40
[] nf_iterate+0x54/0x80
[] nf_hook_slow+0x49/0xd0
[] ip_queue_xmit+0x2af/0x470
[] tcp_transmit_skb+0x37d/0x7e0
[] tcp_connect+0x2c5/0x370
[] tcp_v4_connect+0x3e4/0x700
[] inet_stream_connect+0x1bd/0x240
[] sys_connect+0x55/0x80
[] sys_socketcall+0x82/0x1e0
[] sysenter_past_esp+0x56/0x99 

_______________________________________________
pso mailing list
pso at cursuri.cs.pub.ro
http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso

    
---------------------------------
  Pinpoint customers who are looking for what you sell. 

       
---------------------------------
Shape Yahoo! in your own image.  Join our Network Research Panel today!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cursuri.cs.pub.ro/pipermail/pso/attachments/20070531/91ab235d/attachment-0001.html

More information about the pso mailing list