[2.6.5grsec] oops...

[Paweł Sikora]

polegl stos tcp-v4 :(
testcase: np. ./builder -g fontconfig.spec

[<c0412615>] nf_iterate+0x55/0xa0
[<c04330e0>] dst_output+0x0/0x20
[<c04129ea>] nf_hook_slow+0x7a/0x140
[<c04330e0>] dst_output+0x0/0x20
[<c0433b15>] ip_queue_xmit+0x295/0x590
[<c04430e0>] dst_output+0x0/0x20
[<c0433490>] ip_finish_output2+0x0/0x1d0
[<c0433775>] ip_finish_output+0x115/0x220
[<c0433490>] ip_finish_output2+0x0/0x1d0
[<c04330eb>] dst_output+0xb/0x20
[<c0412a8c>] nf_hook_slow+0x11c/0x140
[<c04330e0>] dst_output+0x0/0x20
[<c0433b15>] ip_queue_xmit+0x295/0x590
[<c044a044>] tcp_v4_send_check+0x54/0x110
[<c0443b28>] tcp_transmit_skb+0x308/0x6b0
[<c044661c>] tcp_connect+0x3ac/0x490
[<c0309cef>] ip_randomid+0xef/0x140
[<c0449299>] tcp_v4_connect+0x619/0xb60
[<c0406324>] memcpy_toivec+0x54/0x90
[<c045a3b3>] inet_stream_connect+0x223/0x2c0
(...)
kernel panic: fatal exception in interrupt
In interrupt handler - not syncing

# ndisasm kernel-code.dump -b32
00000000  8B3F              mov edi,[edi]
00000002  0F1807            prefetchnta [edi]
00000005  90                nop
00000006  81F928C614C0      cmp ecx,0xc014c628
0000000C  0F854AFFFFFF      jnz near 0xffffff5c
00000012  8B                db 0x8B
00000013  7C                db 0x7C

/usr/src/linux-2.6.5+grsec/net/ipv4/af_inet.c:

/*
 *	Connect to a remote host. There is regrettably still a little
 *	TCP 'magic' in here.
 */
int inet_stream_connect(struct socket *sock, struct sockaddr *uaddr,
			int addr_len, int flags)
{
	struct sock *sk = sock->sk;
	int err;
	long timeo;

	lock_sock(sk);

	if (uaddr->sa_family == AF_UNSPEC) {
		err = sk->sk_prot->disconnect(sk, flags);
		sock->state = err ? SS_DISCONNECTING : SS_UNCONNECTED;
		goto out;
	}

	switch (sock->state) {
	default:
		err = -EINVAL;
		goto out;
	case SS_CONNECTED:
		err = -EISCONN;
		goto out;
	case SS_CONNECTING:
		err = -EALREADY;
		/* Fall out of switch with err, set for this state */
		break;
	case SS_UNCONNECTED:
		err = -EISCONN;
		if (sk->sk_state != TCP_CLOSE)
			goto out;

		err = sk->sk_prot->connect(sk, uaddr, addr_len);
		if (err < 0)
			goto out;

  		sock->state = SS_CONNECTING;

		/* Just entered SS_CONNECTING state; the only
		 * difference is that return value in non-blocking
		 * case is EINPROGRESS, rather than EALREADY.
		 */
		err = -EINPROGRESS;
		break;
	}

	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);

	if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
		/* Error code is set above */
		if (!timeo || !inet_wait_for_connect(sk, timeo))
			goto out;

		err = sock_intr_errno(timeo);
		if (signal_pending(current))
			goto out;
	}

	/* Connection was closed by RST, timeout, ICMP error
	 * or another process disconnected us.
	 */
	if (sk->sk_state == TCP_CLOSE)
		goto sock_error;

	/* sk->sk_err may be not zero now, if RECVERR was ordered by user
	 * and error was received after socket entered established state.
	 * Hence, it is handled normally after connect() return successfully.
	 */

	sock->state = SS_CONNECTED;
	err = 0;
out:
	release_sock(sk);
	return err;

sock_error:
	err = sock_error(sk) ? : -ECONNABORTED;
	sock->state = SS_UNCONNECTED;
	if (sk->sk_prot->disconnect(sk, flags))
		sock->state = SS_DISCONNECTING;
	goto out;
}

wykladka na inet_stream_connect(...) nie brzmi dumnie.
ktos ma pomysla co z tym zrobic, czy wysylac to na lkml?

-- 
If you think of MS-DOS as mono, and Windows as stereo,
  then Linux is Dolby Digital and all the music is free...