• Daniel Lezcano's avatar
    netns: Fix crash by making igmp per namespace · 877acedc
    Daniel Lezcano authored
    This patch makes the multicast socket to be per namespace.
    
    When a network namespace is created, other than the init_net and a
    multicast packet is received, the kernel goes to a hang or a kernel panic.
    
    How to reproduce ?
    
     * create a child network namespace
     * create a pair virtual device veth
        * ip link add type veth
     * move one side to the pair network device to the child namespace
        * ip link set netns <childpid> dev veth1
     * ping -I veth0 224.0.0.1
    
    The bug appears because the function ip_mc_init_dev does not initialize
    the different multicast fields as it exits because it is not the init_net.
    
    BUG: soft lockup - CPU#0 stuck for 61s! [avahi-daemon:2695]
    Modules linked in:
    irq event stamp: 50350
    hardirqs last  enabled at (50349): [<c03ee949>] _spin_unlock_irqrestore+0x34/0x39
    hardirqs last disabled at (50350): [<c03ec639>] schedule+0x9f/0x5ff
    softirqs last  enabled at (45712): [<c0374d4b>] ip_setsockopt+0x8e7/0x909
    softirqs last disabled at (45710): [<c03ee682>] _spin_lock_bh+0x8/0x27
    
    Pid: 2695, comm: avahi-daemon Not tainted (2.6.27-rc2-00029-g0872073 #3)
    EIP: 0060:[<c03ee47c>] EFLAGS: 00000297 CPU: 0
    EIP is at __read_lock_failed+0x8/0x10
    EAX: c4f38810 EBX: c4f38810 ECX: 00000000 EDX: c04cc22e
    ESI: fb0000e0 EDI: 00000011 EBP: 0f02000a ESP: c4e3faa0
     DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
    CR0: 8005003b CR2: 44618a40 CR3: 04e37000 CR4: 000006d0
    DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
    DR6: ffff0ff0 DR7: 00000400
     [<c02311f8>] ? _raw_read_lock+0x23/0x25
     [<c0390666>] ? ip_check_mc+0x1c/0x83
     [<c036d478>] ? ip_route_input+0x229/0xe92
     [<c022e2e4>] ? trace_hardirqs_on_thunk+0xc/0x10
     [<c0104c9c>] ? do_IRQ+0x69/0x7d
     [<c0102e64>] ? restore_nocheck_notrace+0x0/0xe
     [<c036fdba>] ? ip_rcv+0x227/0x505
     [<c0358764>] ? netif_receive_skb+0xfe/0x2b3
     [<c03588d2>] ? netif_receive_skb+0x26c/0x2b3
     [<c035af31>] ? process_backlog+0x73/0xbd
     [<c035a8cd>] ? net_rx_action+0xc1/0x1ae
     [<c01218a8>] ? __do_softirq+0x7b/0xef
     [<c0121953>] ? do_softirq+0x37/0x4d
     [<c035b50d>] ? dev_queue_xmit+0x3d4/0x40b
     [<c0122037>] ? local_bh_enable+0x96/0xab
     [<c035b50d>] ? dev_queue_xmit+0x3d4/0x40b
     [<c012181e>] ? _local_bh_enable+0x79/0x88
     [<c035fcb8>] ? neigh_resolve_output+0x20f/0x239
     [<c0373118>] ? ip_finish_output+0x1df/0x209
     [<c0373364>] ? ip_dev_loopback_xmit+0x62/0x66
     [<c0371db5>] ? ip_local_out+0x15/0x17
     [<c0372013>] ? ip_push_pending_frames+0x25c/0x2bb
     [<c03891b8>] ? udp_push_pending_frames+0x2bb/0x30e
     [<c038a189>] ? udp_sendmsg+0x413/0x51d
     [<c038a1a9>] ? udp_sendmsg+0x433/0x51d
     [<c038f927>] ? inet_sendmsg+0x35/0x3f
     [<c034f092>] ? sock_sendmsg+0xb8/0xd1
     [<c012d554>] ? autoremove_wake_function+0x0/0x2b
     [<c022e6de>] ? copy_from_user+0x32/0x5e
     [<c022e6de>] ? copy_from_user+0x32/0x5e
     [<c034f238>] ? sys_sendmsg+0x18d/0x1f0
     [<c0175e90>] ? pipe_write+0x3cb/0x3d7
     [<c0170347>] ? do_sync_write+0xbe/0x105
     [<c012d554>] ? autoremove_wake_function+0x0/0x2b
     [<c03503b2>] ? sys_socketcall+0x176/0x1b0
     [<c01085ea>] ? syscall_trace_enter+0x6c/0x7b
     [<c0102e1a>] ? syscall_call+0x7/0xb
    Signed-off-by: default avatarDaniel Lezcano <dlezcano@fr.ibm.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    877acedc
igmp.c 61.1 KB