[SRU][Raring][PATCH 0/1] ipvs: add backup_only flag to avoid loops
Kamal Mostafa
kamal at canonical.com
Mon Oct 14 15:30:35 UTC 2013
On Mon, 2013-10-14 at 10:41 +0100, Luis Henriques wrote:
> Luis Henriques <luis.henriques at canonical.com> writes:
>
> > SRU Justification:
> >
> > Impact:
> >
> > A NULL pointer dereferrence will occur when a user adds an IPVS
> > service. This occurs since kernel 3.8.0-28.41 (Raring), after commit:
> >
> > dc7b3eb ipvs: Fix reuse connection if real server is dead
> >
> > The NULL pointer occurs when accessing the ipvs variable in line 1658:
> >
> > 1658 if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp && cp->dest &&
> > 1659 unlikely(!atomic_read(&cp->dest->weight)) && !iph.fragoffs &&
> > 1660 is_new_conn(skb, &iph)) {
> > 1661 ip_vs_conn_expire_now(cp);
> > 1662 __ip_vs_conn_put(cp);
> > 1663 cp = NULL;
> > 1664 }
> >
> > Mainline kernel has this variable initialised earlier, with commit:
> >
> > 0c12582 ipvs: add backup_only flag to avoid loops
> >
> > Fix:
> >
> > Apply commit 0c12582 "ipvs: add backup_only flag to avoid loops" fix
> > the problem. Bug reporter has claimed success with a test kernel that
> > contains this commit.
> >
> > Testcase:
> >
> > Simply running the command:
> >
> > sudo ipvsadm -A -u 10.0.50.4:53
> >
> > Will trigger the bug.
>
> Kamal,
>
> I haven't tested this with a vanilla 3.8.y.z kernel, but I believe
> this patch should also be applied there.
Thanks Luis. I'll queue it up for 3.8-stable.
-Kamal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20131014/4ffaa96a/attachment.sig>
More information about the kernel-team
mailing list