615227 – fix oops in clusterip_seq_stop when memory allocation fails.

Bug 615227 - fix oops in clusterip_seq_stop when memory allocation fails.

Summary: fix oops in clusterip_seq_stop when memory allocation fails.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Red Hat Kernel Manager
QA Contact:	Network QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-07-16 08:43 UTC by Wade Mealing
Modified:	2011-01-13 21:43 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-01-13 21:43:38 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Upstream patch for this issue. (580 bytes, patch) 2010-07-16 08:43 UTC, Wade Mealing	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0017	0	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update	2011-01-13 10:37:42 UTC

Description Wade Mealing 2010-07-16 08:43:00 UTC

Created attachment 432322 [details]
Upstream patch for this issue.

Description of problem:

If memory allocation fails during the setup of clusterip, in the teardown section of the code, attempting to free the memory will cause an oops.

Version-Release number of selected component (if applicable):

kernel-2.6.18-207

How reproducible:

I wasn't able to reproduce it, but I imagine that it is possible.


Steps to Reproduce:
1. Use all available system memory.
2. Insert iptables rule ( iptables -A INPUT -d 192.168.0.21 -i eth0 -j CLUSTERIP --new --hashmode sourceip --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2 --local-node 1 )
3.cat /proc/net/ipt_CLUSTERIP/192.168.0.21
  
Actual results:

Oops.


Expected results:

No oops.

Additional info:

I've been unable to reproduce this specific problem, but I can see how it can happen.  Upstream has already fixed this bug in the commit:

http://git.kernel.org/linus/902a3dd5e6b19048604ec533203d7d38a39505a2

Comment 1 RHEL Program Management 2010-08-06 05:50:19 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 4 Jarod Wilson 2010-09-10 21:40:38 UTC

in kernel-2.6.18-219.el5
You can download this test kernel from http://people.redhat.com/jwilson/el5

Detailed testing feedback is always welcomed.

Comment 6 Dayong Tian 2010-12-06 02:48:36 UTC

It's a similar issue with bug 615229. Tried with kernel 2.6.18-194.el5 bud didn't trigger the oops.

Did code review with kernel 2.6.18-235.el5, the patch was included and applied in kernel 2.6.18-235.el5:

[root@intel-s3e8132-01 SPECS]# grep 615227 kernel-2.6.spec
- [net] clusterip: check allocation before freeing memory (Wade Mealing) [615227]

[root@intel-s3e8132-01 SPECS]# grep -i "Patch25559" kernel-2.6.spec
Patch25559: linux-2.6-net-clusterip-check-allocation-before-freeing-memory.patch
%patch25559 -p1

Comment 8 errata-xmlrpc 2011-01-13 21:43:38 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0017.html

Note You need to log in before you can comment on or make changes to this bug.