From: Florian Westphal <fw@strlen.de>
To: Liping Zhang <zlpnobody@gmail.com>
Cc: Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Liping Zhang <zlpnobody@163.com>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
Date: Wed, 24 May 2017 08:22:00 +0200 [thread overview]
Message-ID: <20170524062200.GB11547@breakpoint.cc> (raw)
In-Reply-To: <CAML_gOcOaq_jMkWpjBLxo9Hr=sUu6hSWrRv=y89D--iCutEX7g@mail.gmail.com>
Liping Zhang <zlpnobody@gmail.com> wrote:
> 2017-05-24 6:28 GMT+08:00 Florian Westphal <fw@strlen.de>:
> > Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> [...]
> >> I will append the Fixes: tag:
> >>
> >> Fixes: 89f2e21883b5 ("[NETFILTER]: ctnetlink: change table dumping not to require an unique ID")
> >
> > That commit looks fine to me, it seems to make sure to put
> > "last" only once in all cases.
> >
> > 93bb0ceb75be2fdfa9fc0dd1 however adds a check on cb->args[0], and if
> > that is hit it will do a put() on last, and then, the "done" netlink
> > callback will do another put operation on cb->args[1] (i.e., last).
>
> After I have a closer look, I think this patch should add:
>
> Fixes: d205dc40798d ("[NETFILTER]: ctnetlink: fix deadlock in table dumping")
>
> After this commit, when the hash size was reduced, for example,
> from 60000 to 600, then we may put the "last" ct twice, as we may
> fail to go into the iteration and clear the cb->args[1], so:
>
> 1. nf_ct_put(last) by ctnetlink_dump_table, but cb->args[1] still
> point to the "last"
> 2. nf_ct_put((struct nf_conn *)cb->args[1]) by ctnetlink_done
You are right.
next prev parent reply other threads:[~2017-05-24 6:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-20 23:22 [PATCH nf] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Liping Zhang
2017-05-21 0:00 ` Florian Westphal
2017-05-21 0:59 ` Liping Zhang
2017-05-23 21:34 ` Pablo Neira Ayuso
2017-05-23 22:28 ` Florian Westphal
2017-05-24 0:52 ` Liping Zhang
2017-05-24 6:22 ` Florian Westphal [this message]
2017-05-24 10:24 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170524062200.GB11547@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=zlpnobody@163.com \
--cc=zlpnobody@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.