UML Kernel Page Bug when running iptables
Top of Form
The is a bug in the uml kernel that causes kernel panics
when you rin "iptables -t nat -F" in the guest OS.
I traced the problem down to the fact that "vfree" does
not flush the kernel tlb after deallocating memory
vmalloc'ed in kernel space. (It calls tlb_flush_all which
only flushes user pages)
The reason iptables causes the crash, is that it
vmallocates and vfrees many chunks of kernel memory.
In one occasion, it alloc'ed a chunk that it had freed a
few lines before. In this case, the page was still mapped
to the old page frame.
iptables driver then wrote a whole pile of stuff into the
wrong page frame - (vmalloc assigned a new page frame
to the address, but it wasn't mapped).
The next time the kernel tlb was flushed, the allocated
region got filled with garbage (the contents of the new
page frame that was never mapped, and never initialized).
I fixed it locally in iptables, by flushing the kernel tlb
after the vmalloc in question, but the proper fix is to have
vfree flush the kernel tlb at the point it free'd the vm.
Bottom of Form