From: Patrick McHardy <kaber@trash.net>
To: Krzysztof Oledzki <ole@ans.pl>
Cc: Chuck Ebbert <cebbert@redhat.com>,
Netdev <netdev@vger.kernel.org>,
Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>
Subject: Re: Oops in nf_nat_core.c:find_appropriate_src(), kernel 2.6.25.4
Date: Tue, 10 Jun 2008 16:00:29 +0200 [thread overview]
Message-ID: <484E88FD.3000908@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0806101545460.12641@bizon.gios.gov.pl>
Krzysztof Oledzki wrote:
> On Tue, 10 Jun 2008, Patrick McHardy wrote:
>
>> We found the reason for that crash and I've queued these two
>> patches. Please let me know whether they also fix the problem
>> from the redhat bugzilla.
>
> There is a one thing that still bugs me. This patch removes setting the
> nat->ct pointer to NULL:
>
> --- a/net/ipv4/netfilter/nf_nat_core.c
> +++ b/net/ipv4/netfilter/nf_nat_core.c
> @@ -556,7 +556,6 @@ static void nf_nat_cleanup_conntrack(struct nf_conn
> *ct)
>
> spin_lock_bh(&nf_nat_lock);
> hlist_del_rcu(&nat->bysource);
> - nat->ct = NULL;
> spin_unlock_bh(&nf_nat_lock);
> }
>
> After this patch the whole function looks like this:
>
> /* Noone using conntrack by the time this called. */
> static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
> {
> struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
>
> if (nat == NULL || nat->ct == NULL)
> return;
>
> NF_CT_ASSERT(nat->ct->status & IPS_NAT_DONE_MASK);
>
> spin_lock_bh(&nf_nat_lock);
> hlist_del_rcu(&nat->bysource);
> spin_unlock_bh(&nf_nat_lock);
> }
>
> As you can see we still check if nat->ct is NULL here. So, or the check
> is now unnecessary, or it is still possible that nat->ct may become
> NULL. If the second statement is true than we may need to check ct
> before calling same_src in the find_appropriate_src function.
No, the nf_nat_cleanup_nat function can be called for a NAT extension
that isn't in the hash yet (and thus has nat->ct == NULL) when the
nf_conntrack_alter_reply() call in nf_nat_setup_info() allocates a
helper extension and need to realloc the NAT extension space.
next prev parent reply other threads:[~2008-06-10 14:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-07 14:43 Oops in nf_nat_core.c:find_appropriate_src(), kernel 2.6.25.4 Chuck Ebbert
2008-06-07 15:00 ` Patrick McHardy
2008-06-07 15:14 ` Patrick McHardy
2008-06-07 15:45 ` Krzysztof Oledzki
2008-06-10 9:02 ` Patrick McHardy
2008-06-10 13:56 ` Krzysztof Oledzki
2008-06-10 14:00 ` Patrick McHardy [this message]
2008-06-10 17:07 ` Krzysztof Oledzki
2008-06-11 15:45 ` Paul E. McKenney
2008-06-12 10:41 ` Patrick McHardy
2008-06-17 13:44 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=484E88FD.3000908@trash.net \
--to=kaber@trash.net \
--cc=cebbert@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.