[Devel] [PATCH RHEL7 COMMIT] ms/netfilter: ipset: fix ip_set_list allocation failure

Konstantin Khorenko khorenko at virtuozzo.com
Mon Aug 13 14:38:08 MSK 2018


The commit is pushed to "branch-rh7-3.10.0-862.9.1.vz7.70.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-862.9.1.vz7.70.2
------>
commit e6f9f116848798836276436c1cd93aa063c1c4dd
Author: Andrey Ryabinin <aryabinin at virtuozzo.com>
Date:   Mon Aug 13 14:38:07 2018 +0300

    ms/netfilter: ipset: fix ip_set_list allocation failure
    
    ip_set_create() and ip_set_net_init() attempt to allocate physically
    contiguous memory for ip_set_list. If memory is fragmented, the
    allocations could easily fail:
    
            vzctl: page allocation failure: order:7, mode:0xc0d0
    
            Call Trace:
             dump_stack+0x19/0x1b
             warn_alloc_failed+0x110/0x180
             __alloc_pages_nodemask+0x7bf/0xc60
             alloc_pages_current+0x98/0x110
             kmalloc_order+0x18/0x40
             kmalloc_order_trace+0x26/0xa0
             __kmalloc+0x279/0x290
             ip_set_net_init+0x4b/0x90 [ip_set]
             ops_init+0x3b/0xb0
             setup_net+0xbb/0x170
             copy_net_ns+0xf1/0x1c0
             create_new_namespaces+0xf9/0x180
             copy_namespaces+0x8e/0xd0
             copy_process+0xb61/0x1a00
             do_fork+0x91/0x320
    
    Use kvcalloc() to fallback to 0-order allocations if high order
    page isn't available.
    
    https://jira.sw.ru/browse/PSBM-87338
    Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 net/netfilter/ipset/ip_set_core.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index c94094b6f500..916ef23e5d90 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -837,7 +837,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb,
 			/* Wraparound */
 			goto cleanup;
 
-		list = kzalloc(sizeof(struct ip_set *) * i, GFP_KERNEL);
+		list = kvzalloc(sizeof(struct ip_set *) * i, GFP_KERNEL);
 		if (!list)
 			goto cleanup;
 		/* nfnl mutex is held, both lists are valid */
@@ -849,7 +849,7 @@ ip_set_create(struct sock *ctnl, struct sk_buff *skb,
 		/* Use new list */
 		index = inst->ip_set_max;
 		inst->ip_set_max = i;
-		kfree(tmp);
+		kvfree(tmp);
 		ret = 0;
 	} else if (ret)
 		goto cleanup;
@@ -1903,7 +1903,7 @@ ip_set_net_init(struct net *net)
 	if (inst->ip_set_max >= IPSET_INVALID_ID)
 		inst->ip_set_max = IPSET_INVALID_ID - 1;
 
-	list = kzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
+	list = kvzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
 	if (!list)
 		return -ENOMEM;
 	inst->is_deleted = false;
@@ -1929,7 +1929,7 @@ ip_set_net_exit(struct net *net)
 			ip_set_destroy_set(set);
 		}
 	}
-	kfree(rcu_dereference_protected(inst->ip_set_list, 1));
+	kvfree(rcu_dereference_protected(inst->ip_set_list, 1));
 }
 
 static struct pernet_operations ip_set_net_ops = {


More information about the Devel mailing list