[1/1] IPVS : bug in ip_vs_ftp, same list heaad used in all netns.

When ip_vs was adapted to netns the ftp application was not adapted
in a correct way.
However this is a fix to avoid kernel errors. In the long term another solution
might be chosen.  I.e the ports that the ftp appl, uses should be per netns.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
---
 include/net/ip_vs.h            |    3 ++-
 net/netfilter/ipvs/ip_vs_ftp.c |   27 +++++++++++++++++++--------
 2 files changed, 21 insertions(+), 9 deletions(-)

On Tue, May 24, 2011 at 02:11:05PM +0200, Hans Schillstrom wrote:
> When ip_vs was adapted to netns the ftp application was not adapted
> in a correct way.
> However this is a fix to avoid kernel errors. In the long term another solution
> might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> 
> Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>

Julian, do you have any thoughts on this?

> ---
>  include/net/ip_vs.h            |    3 ++-
>  net/netfilter/ipvs/ip_vs_ftp.c |   27 +++++++++++++++++++--------
>  2 files changed, 21 insertions(+), 9 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 4fff432..481f856 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -797,7 +797,8 @@ struct netns_ipvs {
>  	struct list_head	rs_table[IP_VS_RTAB_SIZE];
>  	/* ip_vs_app */
>  	struct list_head	app_list;
> -
> +	/* ip_vs_ftp */
> +	struct ip_vs_app	*ftp_app;
>  	/* ip_vs_proto */
>  	#define IP_VS_PROTO_TAB_SIZE	32	/* must be power of 2 */
>  	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
> diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
> index 6b5dd6d..af63553 100644
> --- a/net/netfilter/ipvs/ip_vs_ftp.c
> +++ b/net/netfilter/ipvs/ip_vs_ftp.c
> @@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = {
>  static int __net_init __ip_vs_ftp_init(struct net *net)
>  {
>  	int i, ret;
> -	struct ip_vs_app *app = &ip_vs_ftp;
> +	struct ip_vs_app *app;
> +	struct netns_ipvs *ipvs = net_ipvs(net);
> +
> +	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
> +	if (!app)
> +		return -ENOMEM;
> +	INIT_LIST_HEAD(&app->a_list);
> +	INIT_LIST_HEAD(&app->incs_list);
> +	ipvs->ftp_app = app;
>  
>  	ret = register_ip_vs_app(net, app);
>  	if (ret)
> -		return ret;
> +		goto err_exit;
>  
>  	for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
>  		if (!ports[i])
>  			continue;
>  		ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
>  		if (ret)
> -			break;
> +			goto err_unreg;
>  		pr_info("%s: loaded support on port[%d] = %d\n",
>  			app->name, i, ports[i]);
>  	}
> +	return 0;
>  
> -	if (ret)
> -		unregister_ip_vs_app(net, app);
> -
> +err_unreg:
> +	unregister_ip_vs_app(net, app);
> +err_exit:
> +	kfree(ipvs->ftp_app);
>  	return ret;
>  }
>  /*
> @@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
>   */
>  static void __ip_vs_ftp_exit(struct net *net)
>  {
> -	struct ip_vs_app *app = &ip_vs_ftp;
> +	struct netns_ipvs *ipvs = net_ipvs(net);
>  
> -	unregister_ip_vs_app(net, app);
> +	unregister_ip_vs_app(net, ipvs->ftp_app);
> +	kfree(ipvs->ftp_app);
>  }
>  
>  static struct pernet_operations ip_vs_ftp_ops = {
> -- 
> 1.7.2.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hello,

On Tue, 24 May 2011, Hans Schillstrom wrote:

> When ip_vs was adapted to netns the ftp application was not adapted
> in a correct way.
> However this is a fix to avoid kernel errors. In the long term another solution
> might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> 
> Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>

	Looks good

Acked-by: Julian Anastasov <ja@ssi.bg>

> ---
>  include/net/ip_vs.h            |    3 ++-
>  net/netfilter/ipvs/ip_vs_ftp.c |   27 +++++++++++++++++++--------
>  2 files changed, 21 insertions(+), 9 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 4fff432..481f856 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -797,7 +797,8 @@ struct netns_ipvs {
>  	struct list_head	rs_table[IP_VS_RTAB_SIZE];
>  	/* ip_vs_app */
>  	struct list_head	app_list;
> -
> +	/* ip_vs_ftp */
> +	struct ip_vs_app	*ftp_app;
>  	/* ip_vs_proto */
>  	#define IP_VS_PROTO_TAB_SIZE	32	/* must be power of 2 */
>  	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
> diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
> index 6b5dd6d..af63553 100644
> --- a/net/netfilter/ipvs/ip_vs_ftp.c
> +++ b/net/netfilter/ipvs/ip_vs_ftp.c
> @@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = {
>  static int __net_init __ip_vs_ftp_init(struct net *net)
>  {
>  	int i, ret;
> -	struct ip_vs_app *app = &ip_vs_ftp;
> +	struct ip_vs_app *app;
> +	struct netns_ipvs *ipvs = net_ipvs(net);
> +
> +	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
> +	if (!app)
> +		return -ENOMEM;
> +	INIT_LIST_HEAD(&app->a_list);
> +	INIT_LIST_HEAD(&app->incs_list);
> +	ipvs->ftp_app = app;
>  
>  	ret = register_ip_vs_app(net, app);
>  	if (ret)
> -		return ret;
> +		goto err_exit;
>  
>  	for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
>  		if (!ports[i])
>  			continue;
>  		ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
>  		if (ret)
> -			break;
> +			goto err_unreg;
>  		pr_info("%s: loaded support on port[%d] = %d\n",
>  			app->name, i, ports[i]);
>  	}
> +	return 0;
>  
> -	if (ret)
> -		unregister_ip_vs_app(net, app);
> -
> +err_unreg:
> +	unregister_ip_vs_app(net, app);
> +err_exit:
> +	kfree(ipvs->ftp_app);
>  	return ret;
>  }
>  /*
> @@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
>   */
>  static void __ip_vs_ftp_exit(struct net *net)
>  {
> -	struct ip_vs_app *app = &ip_vs_ftp;
> +	struct netns_ipvs *ipvs = net_ipvs(net);
>  
> -	unregister_ip_vs_app(net, app);
> +	unregister_ip_vs_app(net, ipvs->ftp_app);
> +	kfree(ipvs->ftp_app);
>  }
>  
>  static struct pernet_operations ip_vs_ftp_ops = {
> -- 
> 1.7.2.3

Regards

--
Julian Anastasov <ja@ssi.bg>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On 24/05/11 14:11, Hans Schillstrom wrote:
> When ip_vs was adapted to netns the ftp application was not adapted
> in a correct way.
> However this is a fix to avoid kernel errors. In the long term another solution
> might be chosen.  I.e the ports that the ftp appl, uses should be per netns.

applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Thu, May 26, 2011 at 07:17:50PM +0200, Pablo Neira Ayuso wrote:
> On 24/05/11 14:11, Hans Schillstrom wrote:
> > When ip_vs was adapted to netns the ftp application was not adapted
> > in a correct way.
> > However this is a fix to avoid kernel errors. In the long term another solution
> > might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> 
> applied, thanks.

Thanks Pablo.

Hans, is this appropriate for -stable (i.e. 2.6.39.x) ?

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Friday 27 May 2011 01:37:45 Simon Horman wrote:
> On Thu, May 26, 2011 at 07:17:50PM +0200, Pablo Neira Ayuso wrote:
> > On 24/05/11 14:11, Hans Schillstrom wrote:
> > > When ip_vs was adapted to netns the ftp application was not adapted
> > > in a correct way.
> > > However this is a fix to avoid kernel errors. In the long term another solution
> > > might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> > 
> > applied, thanks.
> 
> Thanks Pablo.
> 
> Hans, is this appropriate for -stable (i.e. 2.6.39.x) ?

Yes it is.

On Fri, May 27, 2011 at 07:24:22AM +0200, Hans Schillstrom wrote:
> On Friday 27 May 2011 01:37:45 Simon Horman wrote:
> > On Thu, May 26, 2011 at 07:17:50PM +0200, Pablo Neira Ayuso wrote:
> > > On 24/05/11 14:11, Hans Schillstrom wrote:
> > > > When ip_vs was adapted to netns the ftp application was not adapted
> > > > in a correct way.
> > > > However this is a fix to avoid kernel errors. In the long term another solution
> > > > might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> > > 
> > > applied, thanks.
> > 
> > Thanks Pablo.
> > 
> > Hans, is this appropriate for -stable (i.e. 2.6.39.x) ?
> 
> Yes it is.

Thanks.

Dave, can you handle that once this change makes
it into your tree?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On 27/05/11 08:04, Simon Horman wrote:
> On Fri, May 27, 2011 at 07:24:22AM +0200, Hans Schillstrom wrote:
>> On Friday 27 May 2011 01:37:45 Simon Horman wrote:
>>> On Thu, May 26, 2011 at 07:17:50PM +0200, Pablo Neira Ayuso wrote:
>>>> On 24/05/11 14:11, Hans Schillstrom wrote:
>>>>> When ip_vs was adapted to netns the ftp application was not adapted
>>>>> in a correct way.
>>>>> However this is a fix to avoid kernel errors. In the long term another solution
>>>>> might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
>>>>
>>>> applied, thanks.
>>>
>>> Thanks Pablo.
>>>
>>> Hans, is this appropriate for -stable (i.e. 2.6.39.x) ?
>>
>> Yes it is.
> 
> Thanks.
> 
> Dave, can you handle that once this change makes
> it into your tree?

http://permalink.gmane.org/gmane.linux.kernel.wireless.general/70374
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Fri, May 27, 2011 at 11:33:25AM +0200, Pablo Neira Ayuso wrote:
> On 27/05/11 08:04, Simon Horman wrote:
> > On Fri, May 27, 2011 at 07:24:22AM +0200, Hans Schillstrom wrote:
> >> On Friday 27 May 2011 01:37:45 Simon Horman wrote:
> >>> On Thu, May 26, 2011 at 07:17:50PM +0200, Pablo Neira Ayuso wrote:
> >>>> On 24/05/11 14:11, Hans Schillstrom wrote:
> >>>>> When ip_vs was adapted to netns the ftp application was not adapted
> >>>>> in a correct way.
> >>>>> However this is a fix to avoid kernel errors. In the long term another solution
> >>>>> might be chosen.  I.e the ports that the ftp appl, uses should be per netns.
> >>>>
> >>>> applied, thanks.
> >>>
> >>> Thanks Pablo.
> >>>
> >>> Hans, is this appropriate for -stable (i.e. 2.6.39.x) ?
> >>
> >> Yes it is.
> > 
> > Thanks.
> > 
> > Dave, can you handle that once this change makes
> > it into your tree?
> 
> http://permalink.gmane.org/gmane.linux.kernel.wireless.general/70374

Thanks, I missed that.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html