On Fri, Apr 6, 2012 at 10:59 AM, Hans Schillstrom <hans@xxxxxxxxxxxxxxx> wrote:
> Hello Simon
>
>>---- Original Message ----
>>From: Simon Horman <horms@xxxxxxxxxxxx>
>>To: "Sasha Levin" <levinsasha928@xxxxxxxxx>
>>Cc: wensong@xxxxxxxxxxxx, ja@xxxxxx, kaber@xxxxxxxxx, davem@xxxxxxxxxxxxx, davej@xxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
>>Sent: Fri, Apr 6, 2012, 1:19 AM
>>Subject: Re: [PATCH] netfilter: ipvs: Verify that IP_VS protocol has been registered
>>
>>On Thu, Apr 05, 2012 at 07:24:33PM -0400, Sasha Levin wrote:
>>> The registration of a protocol might fail, there were no checks
>>> and all registrations were assumed to be correct. This lead to
>>> NULL ptr dereferences when apps tried registering.
>>
>>Thanks, I will queue up this fix.
>>
>>Do you have a real-world example of this failing, if so it
>>might be worth pushing your change into stable.
>
> I don't think this is a big thing, the only thing that can cause it is out of memory,
> and that will cause a "kernel death" anyway :-(
>
> here is the code :
>
> register_ip_vs_proto_netns(struct net *net, struct ip_vs_protocol *pp)
> {
> ...
> struct ip_vs_proto_data *pd =
> kzalloc(sizeof(struct ip_vs_proto_data), GFP_ATOMIC);
>
> if (!pd)
> return -ENOMEM;
>
>
Considering that the allocation gfp flag here is GFP_ATOMIC (why is it
GFP_ATOMIC btw?), it might fail for a variety of reasons which may
occur when the system is "healthy", for example - if it needs disk I/O
to allocate.
Either way, you shouldn't be dereferencing NULL ptrs even when the
system is really low on memory.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
