Re: [PATCH 1/1] netfilter: fix soft lockup when netlink adds new entries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On Fri, 24 Feb 2012, Pablo Neira Ayuso wrote:

> On Fri, Feb 24, 2012 at 09:06:37AM +0100, Jozsef Kadlecsik wrote:
> > 
> > On Fri, 24 Feb 2012, Pablo Neira Ayuso wrote:
> > 
> > > On Thu, Feb 23, 2012 at 09:44:21PM +0100, Jozsef Kadlecsik wrote:
> > > > OK, here it comes:
> > > > 
> > > > The previous patch with the title "netfilter: fix soft lockup
> > > > when netlink adds new entries" introduced a race: conntrack and
> > > > ctnetlink could insert the same entry twice into the hash table.
> > > > The patch eliminates the race condition by using the same checking
> > > > as conntrack confirm does.
> > > > 
> > > > Signed-off-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
> > > > ---
> > > >  include/net/netfilter/nf_conntrack.h |    2 +
> > > >  net/netfilter/nf_conntrack_core.c    |   41 ++++++++++++++++++++++++++++++++++
> > > >  net/netfilter/nf_conntrack_netlink.c |    9 +++----
> > > >  3 files changed, 47 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
> > > > index 8a2b0ae..48bfe75 100644
> > > > --- a/include/net/netfilter/nf_conntrack.h
> > > > +++ b/include/net/netfilter/nf_conntrack.h
> > > > @@ -210,6 +210,8 @@ __nf_conntrack_find(struct net *net, u16 zone,
> > > >  		    const struct nf_conntrack_tuple *tuple);
> > > >  
> > > >  extern void nf_conntrack_hash_insert(struct nf_conn *ct);
> > > > +extern int nf_conntrack_hash_check_insert(struct net *net, u16 zone,
> > > > +					  struct nf_conn *ct);
> > > 
> > > nf_conntrack_hash_insert has no clients anymore after this change.
[...]
> I see. Go ahead then.

OK, and I remove nf_conntrack_hash_insert then, and use a single ct 
argument because as you noted net and zone can be extracted from the ct.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

Powered by Linux