From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 02/04]: nf_conntrack: fix the race on assign helper to new conntrack
Date: Mon, 27 Nov 2006 19:20:56 +0100 (MET) [thread overview]
Message-ID: <20061127182056.17688.99624.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20061127182053.17688.57354.sendpatchset@localhost.localdomain>
[NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack
The found helper cannot be assigned to conntrack after unlocking
nf_conntrack_lock. This tries to find helper to assign again.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit a88ad2f562c2c108f76adfda4d5ee954e09e6d98
tree c0b7259465e28021e6c7a2c3892e742876f45bbf
parent cbf15ed58d4934fe480fc1760a5ea71d35eafcf7
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Mon, 27 Nov 2006 18:56:25 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 27 Nov 2006 19:10:44 +0100
net/netfilter/nf_conntrack_core.c | 13 ++++++-------
1 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 836541e..0f58307 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -893,12 +893,6 @@ __nf_conntrack_alloc(const struct nf_con
memset(conntrack, 0, nf_ct_cache[features].size);
conntrack->features = features;
- if (helper) {
- struct nf_conn_help *help = nfct_help(conntrack);
- NF_CT_ASSERT(help);
- help->helper = helper;
- }
-
atomic_set(&conntrack->ct_general.use, 1);
conntrack->ct_general.destroy = destroy_conntrack;
conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
@@ -982,8 +976,13 @@ #ifdef CONFIG_NF_CONNTRACK_SECMARK
#endif
nf_conntrack_get(&conntrack->master->ct_general);
NF_CT_STAT_INC(expect_new);
- } else
+ } else {
+ struct nf_conn_help *help = nfct_help(conntrack);
+
+ if (help)
+ help->helper = __nf_ct_helper_find(&repl_tuple);
NF_CT_STAT_INC(new);
+ }
/* Overload tuple linked list to put us in unconfirmed list. */
list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed);
next prev parent reply other threads:[~2006-11-27 18:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-27 18:20 [NETFILTER 00/04]: Netfilter fixes Patrick McHardy
2006-11-27 18:20 ` [NETFILTER 01/04]: nfctnetlink: assign helper to newly created conntrack Patrick McHardy
2006-11-27 18:20 ` Patrick McHardy [this message]
2006-11-27 18:20 ` [NETFILTER 03/04]: ctnetlink: fix reference count leak Patrick McHardy
2006-11-27 18:20 ` [NETFILTER 04/04]: conntrack: fix refcount leak when finding expectation Patrick McHardy
2006-11-27 18:27 ` [NETFILTER 00/04]: Netfilter fixes David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061127182056.17688.99624.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.