From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH 5/7] Fix a deadlock in new_conntrack Date: Mon, 01 Aug 2005 19:16:07 +0200 Message-ID: <42EE58D7.9010005@trash.net> References: <42EE564E.1090308@eurodev.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Harald Welte , Netfilter Development Mailinglist Return-path: To: Pablo Neira In-Reply-To: <42EE564E.1090308@eurodev.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Pablo Neira wrote: > Fix a deadlock during conntrack creation. ip_conntrack_lock is unlocked > twice. Please keep the exit paths at the end by adding a out: label. > ------------------------------------------------------------------------ > > Index: netfilter-2.6.14/net/ipv4/netfilter/ip_conntrack_netlink.c > =================================================================== > --- netfilter-2.6.14.orig/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-08-01 18:21:13.000000000 +0200 > +++ netfilter-2.6.14/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-08-01 18:21:18.000000000 +0200 > @@ -1094,13 +1094,12 @@ > err = -ENOENT; > if (nlh->nlmsg_flags & NLM_F_CREATE) > err = ctnetlink_create_conntrack(cda, &otuple, &rtuple); > + return err; > + } > + /* we only allow nat config for new conntracks */ > + if (cda[CTA_NAT-1]) { > + err = -EINVAL; > goto out_unlock; > - } else { > - /* we only allow nat config for new conntracks */ > - if (cda[CTA_NAT-1]) { > - err = -EINVAL; > - goto out_unlock; > - } > } > > /* We manipulate the conntrack inside the global conntrack table lock,