Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <alpine.LFD.2.11.1701242255570.2743@ja.home.ssi.bg>
Date: Tue, 24 Jan 2017 23:14:29 +0200 (EET)
From: Julian Anastasov <ja@....bg>
To: David Windsor <dwindsor@...il.com>
cc: netdev@...r.kernel.org, kernel-hardening@...ts.openwall.com,
        keescook@...omium.org, elena.reshetova@...el.com, ishkamiel@...il.com
Subject: Re: [PATCH net] net: free ip_vs_dest structs when refcnt=0


	Hello,

On Tue, 24 Jan 2017, David Windsor wrote:

> Currently, the ip_vs_dest cache frees ip_vs_dest objects when their reference
> count becomes < 0.  Aside from not being semantically sound, this is problematic
> for the new type refcount_t, which will be introduced shortly in a separate patch.
> refcount_t is the new kernel type for holding reference counts, and provides
> overflow protection and a constrained interface relative to atomic_t (the type
> currently being used for kernel reference counts).
> 
> Per Juilan Anastasov: "The problem is that dest_trash currently holds deleted

	Julian

> dests (unlinked from RCU lists) with refcnt=0."  Changing dest_trash to hold
> dest with refcnt=1 will allow us to free ip_vs_dest structs when their refcnt=0,
> in ip_vs_dest_put_and_free().

	Too long lines, should be up to 75 columns as per
Documentation/process/submitting-patches.rst

	Check with: scripts/checkpatch.pl --strict /tmp/file.patch

> Signed-off-by: David Windsor <dwindsor@...il.com>
> ---
>  include/net/ip_vs.h            | 2 +-
>  net/netfilter/ipvs/ip_vs_ctl.c | 4 +---
>  2 files changed, 2 insertions(+), 4 deletions(-)
> 

> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 55e0169..6b5492e 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -711,7 +711,6 @@ ip_vs_trash_get_dest(struct ip_vs_service *svc, int dest_af,
>  		      dest->vport == svc->port))) {
>  			/* HIT */
>  			list_del(&dest->t_list);
> -			ip_vs_dest_hold(dest);
>  			goto out;
>  		}
>  	}

	The changes look ok to me but as this is a net-next
material I also prefer some comments in the code to be updated:

- "be 0, so we simply release them here" before ip_vs_trash_cleanup
should become "be 1, so we simply release them here".

- "dest lives in trash with[out] reference" in __ip_vs_del_dest

	When sending v2 for net-next please also CC:

Simon Horman <horms@...ge.net.au>
Pablo Neira Ayuso <pablo@...filter.org>
lvs-devel@...r.kernel.org

	I'll ack the next version after some tests...

Regards

--
Julian Anastasov <ja@....bg>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.