* [PATCH 2.6] netfilter /proc/net/ip_conntrack locking fix
@ 2004-01-27 21:45 Harald Welte
2004-01-29 0:01 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Harald Welte @ 2004-01-27 21:45 UTC (permalink / raw)
To: David Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 2545 bytes --]
Hi Dave!
Please apply the following fix to your 2.6.x tree.
Thanks.
Name: Grab ip_conntrack_expect_tuple_lock in list_conntracks
Author: Rusty Russell
Status: Experimental
D: http://bugme.osdl.org/show_bug.cgi?id=1764
D: We're walking the expect list without the ip_conntrack_expect_tuple_lock.
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .20891-linux-2.6.1-rc1/include/linux/netfilter_ipv4/ip_conntrack_core.h .20891-linux-2.6.1-rc1.updated/include/linux/netfilter_ipv4/ip_conntrack_core.h
--- .20891-linux-2.6.1-rc1/include/linux/netfilter_ipv4/ip_conntrack_core.h 2003-09-22 10:26:46.000000000 +1000
+++ .20891-linux-2.6.1-rc1.updated/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-01-03 15:27:14.000000000 +1100
@@ -50,5 +50,6 @@ static inline int ip_conntrack_confirm(s
extern struct list_head *ip_conntrack_hash;
extern struct list_head ip_conntrack_expect_list;
DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
+DECLARE_RWLOCK_EXTERN(ip_conntrack_expect_tuple_lock);
#endif /* _IP_CONNTRACK_CORE_H */
diff -urpN --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal .20891-linux-2.6.1-rc1/net/ipv4/netfilter/ip_conntrack_standalone.c .20891-linux-2.6.1-rc1.updated/net/ipv4/netfilter/ip_conntrack_standalone.c
--- .20891-linux-2.6.1-rc1/net/ipv4/netfilter/ip_conntrack_standalone.c 2003-12-18 15:53:34.000000000 +1100
+++ .20891-linux-2.6.1-rc1.updated/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-01-03 15:23:40.000000000 +1100
@@ -154,6 +154,7 @@ list_conntracks(char *buffer, char **sta
}
/* Now iterate through expecteds. */
+ READ_LOCK(&ip_conntrack_expect_tuple_lock);
list_for_each(e, &ip_conntrack_expect_list) {
unsigned int last_len;
struct ip_conntrack_expect *expect
@@ -164,10 +165,12 @@ list_conntracks(char *buffer, char **sta
len += print_expect(buffer + len, expect);
if (len > length) {
len = last_len;
- goto finished;
+ goto finished_expects;
}
}
+ finished_expects:
+ READ_UNLOCK(&ip_conntrack_expect_tuple_lock);
finished:
READ_UNLOCK(&ip_conntrack_lock);
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-01-29 0:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-27 21:45 [PATCH 2.6] netfilter /proc/net/ip_conntrack locking fix Harald Welte
2004-01-29 0:01 ` David S. Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.