Re: KVM induced panic on 2.6.38[2367] & 2.6.39

From: Bart De Schuymer
Date: Mon Jun 06 2011 - 16:11:02 EST

Next message: Arnd Bergmann: "Re: [PATCH/RFC] m68k/bitops: Make bitmap data pointer of atomic ops volatile"
Previous message: Ohad Ben-Cohen: "Re: [RFC 0/6] iommu: generic api migration and grouping"
In reply to: Brad Campbell: "Re: KVM induced panic on 2.6.38[2367] & 2.6.39"
Next in thread: Eric Dumazet: "Re: KVM induced panic on 2.6.38[2367] & 2.6.39"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Brad,

This has probably nothing to do with ebtables, so please rmmod in case it's loaded.
A few questions I didn't directly see an answer to in the threads I scanned...
I'm assuming you actually use the bridging firewall functionality. So, what iptables modules do you use? Can you reduce your iptables rules to a core that triggers the bug?
Or does it get triggered even with an empty set of firewall rules?
Are you using a stock .35 kernel or is it patched?
Is this something I can trigger on a poor guy's laptop or does it require specialized hardware (I'm catching up on qemu/kvm...)?

cheers,
Bart

PS: I'm not sure if we should keep CC-ing everybody, netfilter-devel together with kvm should probably do fine.

Op 3/06/2011 18:07, Brad Campbell schreef:

On 03/06/11 23:50, Bernhard Held wrote:
Am 03.06.2011 15:38, schrieb Brad Campbell:
On 02/06/11 07:03, CaT wrote:
On Wed, Jun 01, 2011 at 07:52:33PM +0800, Brad Campbell wrote:
Unfortunately the only interface that is mentioned by name anywhere
in my firewall is $DMZ (which is ppp0 and not part of any bridge).

All of the nat/dnat and other horrible hacks are based on IP addresses.

Damn. Not referencing the bridge interfaces at all stopped our host from
going down in flames when we passed it a few packets. These are two
of the oopses we got from it. Whilst the kernel here is .35 we got the
same issue from a range of kernels. Seems related.

Well, I tried sending an explanatory message to netdev, netfilter &
cc'd to kvm,
but it appears not to have made it to kvm or netfilter, and the cc to
netdev has
not elicited a response. My resend to netfilter seems to have dropped
into the
bit bucket also.

Just another reference 3.5 months ago:
http://www.spinics.net/lists/netfilter-devel/msg17239.html

<waves hands around shouting "I have a reproducible test case for this and don't mind patching and crashing the machine to get it fixed">

Attempted to add netfilter-devel to the cc this time.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
Bart De Schuymer
www.artinalgorithms.be

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnd Bergmann: "Re: [PATCH/RFC] m68k/bitops: Make bitmap data pointer of atomic ops volatile"
Previous message: Ohad Ben-Cohen: "Re: [RFC 0/6] iommu: generic api migration and grouping"
In reply to: Brad Campbell: "Re: KVM induced panic on 2.6.38[2367] & 2.6.39"
Next in thread: Eric Dumazet: "Re: KVM induced panic on 2.6.38[2367] & 2.6.39"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]