From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: [NETFILTER 2.4]: Fix deadlock on NAT helper unload Date: Thu, 14 Sep 2006 22:57:54 +0200 Message-ID: <4509C252.6010504@trash.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------030500040504010401010409" Cc: Netfilter Development Mailinglist Return-path: To: "David S. Miller" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org This is a multi-part message in MIME format. --------------030500040504010401010409 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit --------------030500040504010401010409 Content-Type: text/plain; name="x" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="x" [NETFILTER]: Fix deadlock on NAT helper unload When a NAT helper is unlocked conntrack/NAT may deadlock because of the following lock sequence: .. ip_nat_helper_unregister -> ip_ct_selective_cleanup -> get_next_corpse (ip_conntrack_lock) -> kill_helper (ip_nat_lock) .. ip_nat_fn (ip_nat_lock) -> ip_nat_setup_info -> ip_conntrack_alter_reply (ip_conntrack_lock) Taking ip_nat_lock in kill_helper() is unnecessary since the helper assigned to a connection is immutable and new connections can't have the helper that is beeing unloaded assigned since it is already removed from the global list. Reported by . Signed-off-by: Patrick McHardy --- a/net/ipv4/netfilter/ip_nat_helper.c 2006-09-03 16:41:53.000000000 +0200 +++ b/net/ipv4/netfilter/ip_nat_helper.c 2006-09-03 16:42:04.000000000 +0200 @@ -522,13 +522,7 @@ static int kill_helper(const struct ip_conntrack *i, void *helper) { - int ret; - - READ_LOCK(&ip_nat_lock); - ret = (i->nat.info.helper == helper); - READ_UNLOCK(&ip_nat_lock); - - return ret; + return (i->nat.info.helper == helper); } void ip_nat_helper_unregister(struct ip_nat_helper *me) --------------030500040504010401010409--