Re: [slab poison overwritten] Re: [GIT] Networking

From: Simon Horman
Date: Mon Mar 21 2011 - 19:29:37 EST


On Tue, Mar 22, 2011 at 07:13:58AM +0900, Simon Horman wrote:
> On Mon, Mar 21, 2011 at 09:15:40PM +0100, Eric Dumazet wrote:
> > Le lundi 21 mars 2011 Ã 19:07 +0100, Eric Dumazet a Ãcrit :
> > > Le lundi 21 mars 2011 Ã 18:39 +0100, Ingo Molnar a Ãcrit :
> > > > here's the same but with kallsyms enabled.
> > > >
> > > > Thanks,
> > > >
> > > > Ingo
> > > >
> > > > [ 9.585627] initcall 0xffffffff81d5b806 returned 0 after 0 usecs
> > > > [ 9.588960] calling 0xffffffff81d5b9da @ 1
> > > > [ 9.592303] IPVS: Creating netns size=1272 id=0
> > > > [ 9.595646] IPVS: __ip_vs_control_init(): alloc_percpu.
> > > > [ 9.602298] IPVS: cannot register namespace.
> > > > [ 9.605627] IPVS: can't setup control
> > >
> > > It seems IPVS is busted in case of memory allocation error in
> > > __ip_vs_control_init()
> > >
> > > IPVS deinits its "struct netns_ipvs" space, but something (in IPVS) uses
> > > it after free.
> > >
> > > __ip_vs_init() seems to be called before ip_vs_init() completes
> > > correctly. We then keep in net->ipvs a pointer to some freed memory.
> > >
> > > Commit 14e405461e664b7 did some changes in this area
> > >
> > > Simon, any idea ?
> > >
> > >
> >
> > For the time being, we can avoid the false memory allocation error (and
> > leak)
>
> Sorry, that typo is my work.

With your patch applied I now see the following

ffff880003bbf1a0 corresponds to &ipvs->app_key in __ip_vs_app_init().
I'll continue looking into this.

[ 12.610000] IPVS: Creating netns size=2456 id=0
[ 12.630000] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 12.640000] BUG: key ffff880003bbf1a0 not in .data!
[ 12.640000] ------------[ cut here ]------------
[ 12.640000] WARNING: at kernel/lockdep.c:2701
lockdep_init_map+0x37b/0x570()
[ 12.640000] Hardware name: Bochs
[ 12.640000] Pid: 1, comm: swapper Tainted: G W
2.6.38-kexec-06330-g69b7efe-dirty #122
[ 12.650000] Call Trace:
[ 12.650000] [<ffffffff8102e685>] warn_slowpath_common+0x75/0xb0
[ 12.650000] [<ffffffff8102e6d5>] warn_slowpath_null+0x15/0x20
[ 12.650000] [<ffffffff8105967b>] lockdep_init_map+0x37b/0x570
[ 12.650000] [<ffffffff8105829d>] ? trace_hardirqs_on+0xd/0x10
[ 12.650000] [<ffffffff81055ad8>] debug_mutex_init+0x38/0x50
[ 12.650000] [<ffffffff8104bc4c>] __mutex_init+0x5c/0x70
[ 12.650000] [<ffffffff81685ee7>] __ip_vs_app_init+0x64/0x86
[ 12.660000] [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[ 12.660000] [<ffffffff811b1c33>] T.620+0x43/0x170
[ 12.660000] [<ffffffff811b1e9a>] ? register_pernet_subsys+0x1a/0x40
[ 12.660000] [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[ 12.660000] [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[ 12.660000] [<ffffffff811b1db7>] register_pernet_operations+0x57/0xb0
[ 12.660000] [<ffffffff81685a3b>] ? ip_vs_init+0x0/0xff
[ 12.670000] [<ffffffff811b1ea9>] register_pernet_subsys+0x29/0x40
[ 12.670000] [<ffffffff81685f19>] ip_vs_app_init+0x10/0x12
[ 12.670000] [<ffffffff81685a87>] ip_vs_init+0x4c/0xff
[ 12.670000] [<ffffffff8166562c>] do_one_initcall+0x7a/0x12e
[ 12.670000] [<ffffffff8166583e>] kernel_init+0x13e/0x1c2
[ 12.670000] [<ffffffff8128c134>] kernel_thread_helper+0x4/0x10
[ 12.670000] [<ffffffff8128ad40>] ? restore_args+0x0/0x30
[ 12.680000] [<ffffffff81665700>] ? kernel_init+0x0/0x1c2
[ 12.680000] [<ffffffff8128c130>] ? kernel_thread_helper+0x0/0x10
[ 12.680000] ---[ end trace 4eaa2a86a8e2da23 ]---

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/