Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 615227

Summary: fix oops in clusterip_seq_stop when memory allocation fails.
Product: Red Hat Enterprise Linux 5 Reporter: Wade Mealing <wmealing>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED ERRATA QA Contact: Network QE <network-qe>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: dtian
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-13 21:43:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Upstream patch for this issue. none

Description Wade Mealing 2010-07-16 08:43:00 UTC 
Created attachment 432322 [details]
Upstream patch for this issue.

Description of problem:

If memory allocation fails during the setup of clusterip, in the teardown section of the code, attempting to free the memory will cause an oops.

Version-Release number of selected component (if applicable):

kernel-2.6.18-207

How reproducible:

I wasn't able to reproduce it, but I imagine that it is possible.


Steps to Reproduce:
1. Use all available system memory.
2. Insert iptables rule ( iptables -A INPUT -d 192.168.0.21 -i eth0 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2 --local-node 1 )
3.cat /proc/net/ipt_CLUSTERIP/192.168.0.21
  
Actual results:

Oops.


Expected results:

No oops.

Additional info:

I've been unable to reproduce this specific problem, but I can see how it can happen.  Upstream has already fixed this bug in the commit:

http://git.kernel.org/linus/902a3dd5e6b19048604ec533203d7d38a39505a2
Comment 1 RHEL Program Management 2010-08-06 05:50:19 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Jarod Wilson 2010-09-10 21:40:38 UTC 
in kernel-2.6.18-219.el5
You can download this test kernel from http://people.redhat.com/jwilson/el5

Detailed testing feedback is always welcomed.
Comment 6 Dayong Tian 2010-12-06 02:48:36 UTC 
It's a similar issue with bug 615229. Tried with kernel 2.6.18-194.el5 bud didn't trigger the oops.

Did code review with kernel 2.6.18-235.el5, the patch was included and applied in kernel 2.6.18-235.el5:

[root@intel-s3e8132-01 SPECS]# grep 615227 kernel-2.6.spec
- [net] clusterip: check allocation before freeing memory (Wade Mealing) [615227]

[root@intel-s3e8132-01 SPECS]# grep -i "Patch25559" kernel-2.6.spec
Patch25559: linux-2.6-net-clusterip-check-allocation-before-freeing-memory.patch
%patch25559 -p1
Comment 8 errata-xmlrpc 2011-01-13 21:43:38 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0017.html