From: Patrick McHardy <kaber@trash.net>
To: ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com
Cc: Andrew Morton <akpm@osdl.org>, Stephen Frost <sfrost@snowman.net>,
Amin Azez <azez@ufomechanic.net>,
"David S. Miller" <davem@davemloft.net>,
netfilter-devel@lists.netfilter.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fix mem-leak in netfilter
Date: Thu, 01 Jun 2006 16:53:38 +0200 [thread overview]
Message-ID: <447EFF72.1050803@trash.net> (raw)
In-Reply-To: <200606010943.31554.ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com>
[-- Attachment #1: Type: text/plain, Size: 303 bytes --]
[CC-list trimmed]
Andrew James Wade wrote:
> Hello Mr. McHardy,
>
> The BUG below appears to be related to your ipt_recent rewrite. I
> haven't tracked it down further yet. I've attached the (toy) firewall
> script that's triggering the bug.
Yes, that was my fault. These two patches should fix it.
[-- Attachment #2: 01.diff --]
[-- Type: text/x-patch, Size: 2421 bytes --]
[NETFILTER]: recent match: fix "sleeping function called from invalid context"
create_proc_entry must not be called with locks held. Use a mutex
instead to protect data only changed in user context.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 6812aa38ac35d6e819058d2273a6a7de091a2604
tree 140fea396f29415d7981fcfbc5980f5c0b2d91a7
parent a0447a3000b5d4e926928493def9d62aae3b87ed
author Patrick McHardy <kaber@trash.net> Thu, 01 Jun 2006 16:40:39 +0200
committer Patrick McHardy <kaber@trash.net> Thu, 01 Jun 2006 16:40:39 +0200
net/ipv4/netfilter/ipt_recent.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 9686c4d..9b09e48 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -69,6 +69,7 @@ #endif
static LIST_HEAD(tables);
static DEFINE_SPINLOCK(recent_lock);
+static DEFINE_MUTEX(recent_mutex);
#ifdef CONFIG_PROC_FS
static struct proc_dir_entry *proc_dir;
@@ -249,7 +250,7 @@ ipt_recent_checkentry(const char *tablen
strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN)
return 0;
- spin_lock_bh(&recent_lock);
+ mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name);
if (t != NULL) {
t->refcnt++;
@@ -258,7 +259,7 @@ ipt_recent_checkentry(const char *tablen
}
t = kzalloc(sizeof(*t) + sizeof(t->iphash[0]) * ip_list_hash_size,
- GFP_ATOMIC);
+ GFP_KERNEL);
if (t == NULL)
goto out;
strcpy(t->name, info->name);
@@ -274,10 +275,12 @@ #ifdef CONFIG_PROC_FS
t->proc->proc_fops = &recent_fops;
t->proc->data = t;
#endif
+ spin_lock_bh(&recent_lock);
list_add_tail(&t->list, &tables);
+ spin_unlock_bh(&recent_lock);
ret = 1;
out:
- spin_unlock_bh(&recent_lock);
+ mutex_unlock(&recent_mutex);
return ret;
}
@@ -288,17 +291,19 @@ ipt_recent_destroy(const struct xt_match
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
- spin_lock_bh(&recent_lock);
+ mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name);
if (--t->refcnt == 0) {
+ spin_lock_bh(&recent_lock);
list_del(&t->list);
+ spin_unlock_bh(&recent_lock);
recent_table_flush(t);
#ifdef CONFIG_PROC_FS
remove_proc_entry(t->name, proc_dir);
#endif
kfree(t);
}
- spin_unlock_bh(&recent_lock);
+ mutex_unlock(&recent_mutex);
}
#ifdef CONFIG_PROC_FS
[-- Attachment #3: 02.diff --]
[-- Type: text/x-patch, Size: 915 bytes --]
[NETFILTER]: recent match: missing refcnt initialization
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 10263005af5814396b8263c1c2a4367d49548e13
tree a73003fe82e7b4546359d86f684b90b78a6aa504
parent 6812aa38ac35d6e819058d2273a6a7de091a2604
author Patrick McHardy <kaber@trash.net> Thu, 01 Jun 2006 16:49:58 +0200
committer Patrick McHardy <kaber@trash.net> Thu, 01 Jun 2006 16:49:58 +0200
net/ipv4/netfilter/ipt_recent.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 9b09e48..61a2139 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -262,6 +262,7 @@ ipt_recent_checkentry(const char *tablen
GFP_KERNEL);
if (t == NULL)
goto out;
+ t->refcnt = 1;
strcpy(t->name, info->name);
INIT_LIST_HEAD(&t->lru_list);
for (i = 0; i < ip_list_hash_size; i++)
next prev parent reply other threads:[~2006-06-01 14:53 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-07 2:26 [PATCH] fix mem-leak in netfilter Jesper Juhl
2006-05-07 9:36 ` Willy Tarreau
2006-05-07 9:36 ` Willy Tarreau
2006-05-07 22:42 ` Grant Coady
2006-05-08 5:07 ` Willy Tarreau
2006-05-08 5:43 ` David S. Miller
2006-05-08 5:43 ` David S. Miller
2006-05-08 8:36 ` Amin Azez
2006-05-08 8:36 ` Amin Azez
2006-05-08 9:08 ` Juergen Kreileder
2006-05-08 9:08 ` Juergen Kreileder
2006-05-12 7:40 ` Patrick McHardy
2006-05-12 7:40 ` Patrick McHardy
2006-05-12 11:09 ` Jesper Juhl
2006-05-12 11:33 ` Patrick McHardy
2006-05-12 12:13 ` Jesper Juhl
2006-05-12 12:40 ` Willy Tarreau
2006-05-12 12:40 ` Willy Tarreau
2006-05-12 12:49 ` Patrick McHardy
2006-05-12 12:49 ` Patrick McHardy
2006-05-12 13:42 ` Amin Azez
2006-05-15 8:25 ` Patrick McHardy
2006-05-15 8:25 ` Patrick McHardy
2006-05-15 14:28 ` Stephen Frost
2006-05-15 14:28 ` Stephen Frost
2006-05-15 18:49 ` Patrick McHardy
2006-05-15 18:49 ` Patrick McHardy
2006-05-15 19:27 ` Stephen Frost
2006-05-15 19:27 ` Stephen Frost
2006-05-15 20:09 ` Patrick McHardy
2006-05-15 20:09 ` Patrick McHardy
2006-05-15 20:41 ` Stephen Frost
2006-05-15 20:41 ` Stephen Frost
2006-05-15 20:45 ` Patrick McHardy
2006-05-15 20:45 ` Patrick McHardy
2006-05-15 21:03 ` Stephen Frost
2006-05-17 6:26 ` Patrick McHardy
2006-05-17 6:59 ` David S. Miller
2006-05-17 6:59 ` David S. Miller
2006-05-17 7:19 ` Patrick McHardy
2006-05-17 7:19 ` Patrick McHardy
2006-05-17 10:55 ` Stephen Frost
2006-05-17 7:09 ` David S. Miller
2006-05-17 7:13 ` Roland Dreier
2006-05-17 7:19 ` Patrick McHardy
2006-05-17 13:14 ` Stephen Frost
2006-05-17 13:14 ` Stephen Frost
2006-06-01 13:43 ` Andrew James Wade
2006-06-01 14:53 ` Patrick McHardy [this message]
2006-06-02 21:32 ` Andrew James Wade
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=447EFF72.1050803@trash.net \
--to=kaber@trash.net \
--cc=ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com \
--cc=akpm@osdl.org \
--cc=azez@ufomechanic.net \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=sfrost@snowman.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.