Re: [slab poison overwritten] Re: [GIT] Networking

From: Simon Horman
Date: Mon Mar 21 2011 - 18:14:20 EST

Next message: Eric Dumazet: "[RFC] posix-timers: RCU conversion"
Previous message: Andrew Morton: "Re: [PATCH] mm: optimize replace_page_cache_page"
In reply to: Eric Dumazet: "Re: [slab poison overwritten] Re: [GIT] Networking"
Next in thread: Simon Horman: "Re: [slab poison overwritten] Re: [GIT] Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 21, 2011 at 09:15:40PM +0100, Eric Dumazet wrote:
> Le lundi 21 mars 2011 Ã 19:07 +0100, Eric Dumazet a Ãcrit :
> > Le lundi 21 mars 2011 Ã 18:39 +0100, Ingo Molnar a Ãcrit :
> > > here's the same but with kallsyms enabled.
> > >
> > > Thanks,
> > >
> > > Ingo
> > >
> > > [ 9.585627] initcall 0xffffffff81d5b806 returned 0 after 0 usecs
> > > [ 9.588960] calling 0xffffffff81d5b9da @ 1
> > > [ 9.592303] IPVS: Creating netns size=1272 id=0
> > > [ 9.595646] IPVS: __ip_vs_control_init(): alloc_percpu.
> > > [ 9.602298] IPVS: cannot register namespace.
> > > [ 9.605627] IPVS: can't setup control
> >
> > It seems IPVS is busted in case of memory allocation error in
> > __ip_vs_control_init()
> >
> > IPVS deinits its "struct netns_ipvs" space, but something (in IPVS) uses
> > it after free.
> >
> > __ip_vs_init() seems to be called before ip_vs_init() completes
> > correctly. We then keep in net->ipvs a pointer to some freed memory.
> >
> > Commit 14e405461e664b7 did some changes in this area
> >
> > Simon, any idea ?
> >
> >
>
> For the time being, we can avoid the false memory allocation error (and
> leak)

Sorry, that typo is my work.

> Thanks
>
> [PATCH] ipvs: fix a typo in __ip_vs_control_init()
>
> Reported-by: Ingo Molnar <mingo@xxxxxxx>
> Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> Cc: Simon Horman <horms@xxxxxxxxxxxx>
> Cc: Julian Anastasov <ja@xxxxxx>

Acked-by: Simon Horman <horms@xxxxxxxxxxxx>

> ---
> net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index b799cea..33733c8 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -3605,7 +3605,7 @@ int __net_init __ip_vs_control_init(struct net *net)
>
> /* procfs stats */
> ipvs->tot_stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
> - if (ipvs->tot_stats.cpustats) {
> + if (!ipvs->tot_stats.cpustats) {
> pr_err("%s(): alloc_percpu.\n", __func__);
> return -ENOMEM;
> }
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric Dumazet: "[RFC] posix-timers: RCU conversion"
Previous message: Andrew Morton: "Re: [PATCH] mm: optimize replace_page_cache_page"
In reply to: Eric Dumazet: "Re: [slab poison overwritten] Re: [GIT] Networking"
Next in thread: Simon Horman: "Re: [slab poison overwritten] Re: [GIT] Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]