|
Hello,
On Wed, 6 May 2026, Julian Anastasov wrote:
> Sashiko points out that unprivileged user can frequently
> call ip_vs_flush() or ip_vs_del_service() to trigger
> svc_table_changes updates that can lead to infinite loop
> in ip_vs_dst_event(). This can also happen if the user
> triggers frequent table resizing without deleting all
> services.
>
> One way to solve it is to hold svc_resize_work in
> ip_vs_dst_event() but this can block the dev notifier
> during the whole resizing process.
>
> Instead, use new rw_semaphore svc_replace_sem to protect
> the svc_table replacement which is a short code section.
> Then hold svc_replace_sem in ip_vs_dst_event() to serialize
> with replacing the svc_table. By this way changes in
> svc_table_changes can happen only when all services are
> removed and all dev references dropped which allows us
> to exit the loop.
>
> Link:
> https://sashiko.dev/#/patchset/20260505001648.360569-1-pablo%40netfilter.org
> Fixes: 840aac3d900d ("ipvs: use resizable hash table for services")
> Signed-off-by: Julian Anastasov <ja@xxxxxx>
The patch can be improved, will send v2 later today.
pw-bot: changes-requested
Regards
--
Julian Anastasov <ja@xxxxxx>
|
