summaryrefslogtreecommitdiff
path: root/lib/strnlen_user.c
diff options
context:
space:
mode:
authorTan Hu <tan.hu@zte.com.cn>2018-07-25 10:23:07 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-16 20:36:51 +0300
commita53b42c11815d2357e31a9403ae3950517525894 (patch)
tree767c3bb900c6745389fd96cf568c4256ee472b7e /lib/strnlen_user.c
parent9a76aba02a37718242d7cdc294f0a3901928aa57 (diff)
downloadlinux-a53b42c11815d2357e31a9403ae3950517525894.tar.xz
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
We came across infinite loop in ipvs when using ipvs in docker env. When ipvs receives new packets and cannot find an ipvs connection, it will create a new connection, then if the dest is unavailable (i.e. IP_VS_DEST_F_AVAILABLE), the packet will be dropped sliently. But if the dropped packet is the first packet of this connection, the connection control timer never has a chance to start and the ipvs connection cannot be released. This will lead to memory leak, or infinite loop in cleanup_net() when net namespace is released like this: ip_vs_conn_net_cleanup at ffffffffa0a9f31a [ip_vs] __ip_vs_cleanup at ffffffffa0a9f60a [ip_vs] ops_exit_list at ffffffff81567a49 cleanup_net at ffffffff81568b40 process_one_work at ffffffff810a851b worker_thread at ffffffff810a9356 kthread at ffffffff810b0b6f ret_from_fork at ffffffff81697a18 race condition: CPU1 CPU2 ip_vs_in() ip_vs_conn_new() ip_vs_del_dest() __ip_vs_unlink_dest() ~IP_VS_DEST_F_AVAILABLE cp->dest && !IP_VS_DEST_F_AVAILABLE __ip_vs_conn_put ... cleanup_net ---> infinite looping Fix this by checking whether the timer already started. Signed-off-by: Tan Hu <tan.hu@zte.com.cn> Reviewed-by: Jiang Biao <jiang.biao2@zte.com.cn> Acked-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'lib/strnlen_user.c')
0 files changed, 0 insertions, 0 deletions