Re: [PATCH ipvs 1/1] ipvs: ip_vs_sip_fill_param() BUG: bad check of return value

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
To: Simon Horman <horms@verge.net.au>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org,
	Wensong Zhang <wensong@linux-vs.org>,
	Julian Anastasov <ja@ssi.bg>,
	Hans Schillstrom <hans@schillstrom.com>
Subject: Re: [PATCH ipvs 1/1] ipvs: ip_vs_sip_fill_param() BUG: bad check of return value
Date: Fri, 26 Apr 2013 14:48:53 +0400	[thread overview]
Message-ID: <517A5B95.8020605@cogentembedded.com> (raw)
In-Reply-To: <1366941190-12135-2-git-send-email-horms@verge.net.au>

Hello.

On 26-04-2013 5:53, Simon Horman wrote:

> From: Hans Schillstrom <hans@schillstrom.com>

> The reason for this patch is crash in kmemdup
> caused by returning from get_callid with uniialized

   s/uniialized/uninitialized/?

> matchoff and matchlen.

> Removing Zero check of matchlen since it's done by ct_sip_get_header()

> BUG: unable to handle kernel paging request at ffff880457b5763f
> IP: [<ffffffff810df7fc>] kmemdup+0x2e/0x35
> PGD 27f6067 PUD 0
> Oops: 0000 [#1] PREEMPT SMP
> Modules linked in: xt_state xt_helper nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_mangle xt_connmark xt_conntrack ip6_tables nf_conntrack_ftp ip_vs_ftp nf_nat xt_tcpudp iptable_mangle xt_mark ip_tables x_tables ip_vs_rr ip_vs_lblcr ip_vs_pe_sip ip_vs nf_conntrack_sip nf_conntrack bonding igb i2c_algo_bit i2c_core
> CPU 5
> Pid: 0, comm: swapper/5 Not tainted 3.9.0-rc5+ #5                  /S1200KP
> RIP: 0010:[<ffffffff810df7fc>]  [<ffffffff810df7fc>] kmemdup+0x2e/0x35
> RSP: 0018:ffff8803fea03648  EFLAGS: 00010282
> RAX: ffff8803d61063e0 RBX: 0000000000000003 RCX: 0000000000000003
> RDX: 0000000000000003 RSI: ffff880457b5763f RDI: ffff8803d61063e0
> RBP: ffff8803fea03658 R08: 0000000000000008 R09: 0000000000000011
> R10: 0000000000000011 R11: 00ffffffff81a8a3 R12: ffff880457b5763f
> R13: ffff8803d67f786a R14: ffff8803fea03730 R15: ffffffffa0098e90
> FS:  0000000000000000(0000) GS:ffff8803fea00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffff880457b5763f CR3: 0000000001a0c000 CR4: 00000000001407e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process swapper/5 (pid: 0, threadinfo ffff8803ee18c000, task ffff8803ee18a480)
> Stack:
>   ffff8803d822a080 000000000000001c ffff8803fea036c8 ffffffffa000937a
>   ffffffff81f0d8a0 000000038135fdd5 ffff880300000014 ffff880300110000
>   ffffffff150118ac ffff8803d7e8a000 ffff88031e0118ac 0000000000000000
> Call Trace:
>   <IRQ>

>   [<ffffffffa000937a>] ip_vs_sip_fill_param+0x13a/0x187 [ip_vs_pe_sip]
>   [<ffffffffa007b209>] ip_vs_sched_persist+0x2c6/0x9c3 [ip_vs]
>   [<ffffffff8107dc53>] ? __lock_acquire+0x677/0x1697
>   [<ffffffff8100972e>] ? native_sched_clock+0x3c/0x7d
>   [<ffffffff8100972e>] ? native_sched_clock+0x3c/0x7d
>   [<ffffffff810649bc>] ? sched_clock_cpu+0x43/0xcf
>   [<ffffffffa007bb1e>] ip_vs_schedule+0x181/0x4ba [ip_vs]
> ...

> Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
> Acked-by: Julian Anastasov <ja@ssi.bg>
> Signed-off-by: Simon Horman <horms@verge.net.au>

WBR, Sergei

next prev parent reply	other threads:[~2013-04-26 10:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-26  1:53 [GIT PULL ipvs] ipvs fixes for v3.9 #2 Simon Horman
2013-04-26  1:53 ` [PATCH ipvs 1/1] ipvs: ip_vs_sip_fill_param() BUG: bad check of return value Simon Horman
2013-04-26 10:48   ` Sergei Shtylyov [this message]
2013-04-27 18:00 ` [GIT PULL ipvs] ipvs fixes for v3.9 #2 Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=517A5B95.8020605@cogentembedded.com \
    --to=sergei.shtylyov@cogentembedded.com \
    --cc=hans@schillstrom.com \
    --cc=horms@verge.net.au \
    --cc=ja@ssi.bg \
    --cc=lvs-devel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=wensong@linux-vs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.