615229 – fix oops in dl_seq_stop when memory allocation fails.

Bug 615229 - fix oops in dl_seq_stop when memory allocation fails.

Summary: fix oops in dl_seq_stop when memory allocation fails.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Thomas Graf
QA Contact:	Network QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-07-16 08:51 UTC by Wade Mealing
Modified:	2018-11-14 19:26 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-01-13 21:43:41 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
proposed patch (463 bytes, patch) 2010-08-25 13:05 UTC, Thomas Graf	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0017	0	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 5.6 kernel security and bug fix update	2011-01-13 10:37:42 UTC

Description Wade Mealing 2010-07-16 08:51:21 UTC

Description of problem:

If memory allocation fails during the setup of dl_seq_start(), in the teardown
section of the code, attempting to free the memory will cause an oops.

Version-Release number of selected component (if applicable):

kernel-2.6.18-207

I wasn't able to reproduce it, but I imagine that it is possible.


Steps to Reproduce:
1. Use all available system memory.
2. Insert iptables rule ( iptables -A INPUT -m hashlimit --hashlimit 10 --hashlimit-mode dstport  --hashlimit-name test)

Actual results:

Oops.


Expected results:

No oops.

Additional info:

I've been unable to reproduce this specific problem, but I can see how it can
happen.  Upstream has already fixed this bug in the commit:

http://git.kernel.org/linus/55e0d7cf279177dfe320f54816320558bc370f24

Comment 3 Thomas Graf 2010-08-25 13:05:22 UTC

Created attachment 440919 [details]
proposed patch

Comment 4 RHEL Program Management 2010-08-27 18:29:27 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 7 Jarod Wilson 2010-09-10 21:40:40 UTC

in kernel-2.6.18-219.el5
You can download this test kernel from http://people.redhat.com/jwilson/el5

Detailed testing feedback is always welcomed.

Comment 14 Dayong Tian 2010-12-06 02:45:00 UTC

Tried with kernel 2.6.18-194.el5 bud didn't trigger the oops.

Did code review with kernel 2.6.18-235.el5, the patch was included and applied in kernel 2.6.18-235.el5:

[root@intel-s3e8132-01 SPECS]# grep 615229 kernel-2.6.spec
- [net] hashlimit: check allocation before freeing memory (Wade Mealing) [615229]

[root@intel-s3e8132-01 SPECS]# grep -i "Patch25560" kernel-2.6.spec
Patch25560: linux-2.6-net-hashlimit-check-allocation-before-freeing-memory.patch
%patch25560 -p1

Comment 16 errata-xmlrpc 2011-01-13 21:43:41 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0017.html

Note You need to log in before you can comment on or make changes to this bug.