From: Florian Westphal <fw@strlen.de>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: pablo@netfilter.org, fw@strlen.de, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf] netfilter: nf_conntrack: fix endless loop on netns deletion
Date: Wed, 1 Jul 2015 18:57:55 +0200 [thread overview]
Message-ID: <20150701165755.GB30866@breakpoint.cc> (raw)
In-Reply-To: <b41741db7ecfaabe74fbcacac9a628375217ee35.1435765328.git.daniel@iogearbox.net>
Daniel Borkmann <daniel@iogearbox.net> wrote:
> When adding connection tracking template rules to a netns, f.e. to
> configure netfilter zones, the kernel will endlessly busy-loop as soon
> as we try to delete the given netns in case there's at least one
> template present. Minimal example:
>
> ip netns add foo
> ip netns exec foo iptables -t raw -A PREROUTING -d 1.2.3.4 -j CT --zone 1
> ip netns del foo
[..]
> +static struct nf_conn *get_next_tmpl(struct ct_pcpu *pcpu)
> +{
> + struct nf_conntrack_tuple_hash *h;
> + struct hlist_nulls_node *n;
> + struct nf_conn *ct = NULL;
> +
> + spin_lock_bh(&pcpu->lock);
> + hlist_nulls_for_each_entry(h, n, &pcpu->tmpl, hnnode) {
> + ct = nf_ct_tuplehash_to_ctrack(h);
> + break;
> + }
> + spin_unlock_bh(&pcpu->lock);
> +
> + return ct;
> +}
> +
> +static void nf_ct_tmpls_cleanup(struct net *net)
> +{
> + int cpu;
> +
> + for_each_possible_cpu(cpu) {
> + struct ct_pcpu *pcpu = per_cpu_ptr(net->ct.pcpu_lists, cpu);
> + struct nf_conn *ct;
> +
> + while ((ct = get_next_tmpl(pcpu)) != NULL)
> + nf_ct_put(ct);
> + }
> +}
I was worried next call to nf_ct_tmpls_cleanup() might see same ct
again, thus putting it more than once.
But it seems safe as it runs after a synchronize_net, i.e. ct refcnt
should always be 1, and thus the nf_ct_put should result in invocation of
destructor & removal from tmplate list.
Thanks Daniel!
Acked-by: Florian Westpha <fw@strlen.de>
next prev parent reply other threads:[~2015-07-01 16:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-01 16:24 [PATCH nf] netfilter: nf_conntrack: fix endless loop on netns deletion Daniel Borkmann
2015-07-01 16:57 ` Florian Westphal [this message]
2015-07-01 21:29 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150701165755.GB30866@breakpoint.cc \
--to=fw@strlen.de \
--cc=daniel@iogearbox.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.