This is a note to let you know that I've just added the patch titled
IPVS: bug in ip_vs_ftp, same list heaad used in all netns.
to the 2.6.39-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipvs-bug-in-ip_vs_ftp-same-list-heaad-used-in-all-netns.patch
and it can be found in the queue-2.6.39 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 85e5741d01dc977f88b1ee286273893a1e364668 Mon Sep 17 00:00:00 2001
From: Hans Schillstrom <[email protected]>
Date: Tue, 24 May 2011 14:11:05 +0200
Subject: IPVS: bug in ip_vs_ftp, same list heaad used in all netns.
From: Hans Schillstrom <[email protected]>
[ Upstream commit c74c0bfe0b61cf41a897c2444c038e0d3f600556 ]
When ip_vs was adapted to netns the ftp application was not adapted
in a correct way.
However this is a fix to avoid kernel errors. In the long term another solution
might be chosen. I.e the ports that the ftp appl, uses should be per netns.
Signed-off-by: Hans Schillstrom <[email protected]>
Acked-by: Julian Anastasov <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/net/ip_vs.h | 3 ++-
net/netfilter/ipvs/ip_vs_ftp.c | 27 +++++++++++++++++++--------
2 files changed, 21 insertions(+), 9 deletions(-)
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -802,7 +802,8 @@ struct netns_ipvs {
struct list_head rs_table[IP_VS_RTAB_SIZE];
/* ip_vs_app */
struct list_head app_list;
-
+ /* ip_vs_ftp */
+ struct ip_vs_app *ftp_app;
/* ip_vs_proto */
#define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */
struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -411,25 +411,35 @@ static struct ip_vs_app ip_vs_ftp = {
static int __net_init __ip_vs_ftp_init(struct net *net)
{
int i, ret;
- struct ip_vs_app *app = &ip_vs_ftp;
+ struct ip_vs_app *app;
+ struct netns_ipvs *ipvs = net_ipvs(net);
+
+ app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
+ if (!app)
+ return -ENOMEM;
+ INIT_LIST_HEAD(&app->a_list);
+ INIT_LIST_HEAD(&app->incs_list);
+ ipvs->ftp_app = app;
ret = register_ip_vs_app(net, app);
if (ret)
- return ret;
+ goto err_exit;
for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
if (!ports[i])
continue;
ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
if (ret)
- break;
+ goto err_unreg;
pr_info("%s: loaded support on port[%d] = %d\n",
app->name, i, ports[i]);
}
+ return 0;
- if (ret)
- unregister_ip_vs_app(net, app);
-
+err_unreg:
+ unregister_ip_vs_app(net, app);
+err_exit:
+ kfree(ipvs->ftp_app);
return ret;
}
/*
@@ -437,9 +447,10 @@ static int __net_init __ip_vs_ftp_init(s
*/
static void __ip_vs_ftp_exit(struct net *net)
{
- struct ip_vs_app *app = &ip_vs_ftp;
+ struct netns_ipvs *ipvs = net_ipvs(net);
- unregister_ip_vs_app(net, app);
+ unregister_ip_vs_app(net, ipvs->ftp_app);
+ kfree(ipvs->ftp_app);
}
static struct pernet_operations ip_vs_ftp_ops = {
Patches currently in stable-queue which might be from
[email protected] are
queue-2.6.39/ipvs-bug-in-ip_vs_ftp-same-list-heaad-used-in-all-netns.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
