Netdev Archive on lore.kernel.org
 help / color / Atom feed
From: Simon Horman <horms@verge.net.au>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>, David Miller <davem@davemloft.net>,
	torvalds@linux-foundation.org, akpm@linux-foundation.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Thomas Gleixner <tglx@linutronix.de>,
	Arnd Bergmann <arnd@arndb.de>,
	Pekka Enberg <penberg@cs.helsinki.fi>,
	Julian Anastasov <ja@ssi.bg>
Subject: Re: [slab poison overwritten] Re: [GIT] Networking
Date: Tue, 22 Mar 2011 07:13:58 +0900
Message-ID: <20110321221357.GF22625@verge.net.au> (raw)
In-Reply-To: <1300738540.2837.5.camel@edumazet-laptop>

On Mon, Mar 21, 2011 at 09:15:40PM +0100, Eric Dumazet wrote:
> Le lundi 21 mars 2011 à 19:07 +0100, Eric Dumazet a écrit :
> > Le lundi 21 mars 2011 à 18:39 +0100, Ingo Molnar a écrit :
> > > here's the same but with kallsyms enabled.
> > > 
> > > Thanks,
> > > 
> > > 	Ingo
> > > 
> > > [    9.585627] initcall 0xffffffff81d5b806 returned 0 after 0 usecs
> > > [    9.588960] calling  0xffffffff81d5b9da @ 1
> > > [    9.592303] IPVS: Creating netns size=1272 id=0
> > > [    9.595646] IPVS: __ip_vs_control_init(): alloc_percpu.
> > > [    9.602298] IPVS: cannot register namespace.
> > > [    9.605627] IPVS: can't setup control
> > 
> > It seems IPVS is busted in case of memory allocation error in 
> > __ip_vs_control_init()
> > 
> > IPVS deinits its "struct netns_ipvs" space, but something (in IPVS) uses
> > it after free.
> > 
> > __ip_vs_init() seems to be called before ip_vs_init() completes
> > correctly. We then keep in net->ipvs a pointer to some freed memory.
> > 
> > Commit 14e405461e664b7 did some changes in this area
> > 
> > Simon, any idea ?
> > 
> > 
> 
> For the time being, we can avoid the false memory allocation error (and
> leak)

Sorry, that typo is my work.

> Thanks
> 
> [PATCH] ipvs: fix a typo in __ip_vs_control_init()
> 
> Reported-by: Ingo Molnar <mingo@elte.hu>
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> Cc: Simon Horman <horms@verge.net.au>
> Cc: Julian Anastasov <ja@ssi.bg>

Acked-by: Simon Horman <horms@verge.net.au>

> ---
>  net/netfilter/ipvs/ip_vs_ctl.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index b799cea..33733c8 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -3605,7 +3605,7 @@ int __net_init __ip_vs_control_init(struct net *net)
>  
>  	/* procfs stats */
>  	ipvs->tot_stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
> -	if (ipvs->tot_stats.cpustats) {
> +	if (!ipvs->tot_stats.cpustats) {
>  		pr_err("%s(): alloc_percpu.\n", __func__);
>  		return -ENOMEM;
>  	}
> 
> 

  reply index

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-21  2:51 David Miller
2011-03-21 12:53 ` [held lock freed] " Ingo Molnar
2011-03-21 13:32   ` Eric Dumazet
2011-03-21 14:50     ` Arnd Bergmann
2011-03-21 14:55       ` Eric Dumazet
2011-03-21 15:22         ` Arnd Bergmann
2011-03-21 16:16           ` Ingo Molnar
2011-03-22  1:18           ` David Miller
2011-03-21 16:15     ` Ingo Molnar
2011-03-21 16:42       ` [slab poison overwritten] " Ingo Molnar
2011-03-21 17:37         ` Ingo Molnar
2011-03-21 17:39         ` Ingo Molnar
2011-03-21 18:07           ` Eric Dumazet
2011-03-21 20:15             ` Eric Dumazet
2011-03-21 22:13               ` Simon Horman [this message]
2011-03-21 23:29                 ` Simon Horman
2011-03-22  0:01                   ` Simon Horman
2011-03-22  0:17                     ` Simon Horman
2011-03-22  1:18                       ` Simon Horman
2011-03-22  3:40                         ` David Miller
2011-03-22  3:39                 ` David Miller
2011-03-22  9:56               ` Ingo Molnar
2011-03-22 10:00                 ` Eric Dumazet
2011-03-22 21:52                   ` Simon Horman
2011-03-22  9:07           ` Ingo Molnar
2011-03-22  1:16       ` [held lock freed] " David Miller
2011-03-21 19:24 ` Linus Torvalds
2011-03-21 20:10   ` Eric Dumazet
2011-03-22  4:09   ` David Miller
2011-03-22 10:00   ` Ingo Molnar

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110321221357.GF22625@verge.net.au \
    --to=horms@verge.net.au \
    --cc=a.p.zijlstra@chello.nl \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=ja@ssi.bg \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=netdev@vger.kernel.org \
    --cc=penberg@cs.helsinki.fi \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org
	public-inbox-index netdev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git