* [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks
@ 2008-08-07 10:08 Pablo Neira Ayuso
2008-08-07 10:08 ` [PATCH 2/3] [PATCH] fix sleep in read-side lock section Pablo Neira Ayuso
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2008-08-07 10:08 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
If we create a conntrack that has NAT handlings and a helper, the helper
is assigned twice. This happens because nf_nat_setup_info() - via
nf_conntrack_alter_reply() - sets the helper before ctnetlink, which
indeed does not check if the conntrack already has a helper as it thinks that
it is a brand new conntrack.
The fix moves the helper assignation before the set of the status flags.
This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are
enabled) which checks that the conntrack must not be confirmed.
This problem was introduced in 2.6.23 with the netfilter extension
infrastructure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 34 +++++++++++++++++++---------------
1 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index dd23339..a984b1c 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1139,16 +1139,33 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED;
+ rcu_read_lock();
+ helper = __nf_ct_helper_find(rtuple);
+ if (helper) {
+ help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
+ if (help == NULL) {
+ rcu_read_unlock();
+ err = -ENOMEM;
+ goto err;
+ }
+ /* not in hash table yet so not strictly necessary */
+ rcu_assign_pointer(help->helper, helper);
+ }
+
if (cda[CTA_STATUS]) {
err = ctnetlink_change_status(ct, cda);
- if (err < 0)
+ if (err < 0) {
+ rcu_read_unlock();
goto err;
+ }
}
if (cda[CTA_PROTOINFO]) {
err = ctnetlink_change_protoinfo(ct, cda);
- if (err < 0)
+ if (err < 0) {
+ rcu_read_unlock();
goto err;
+ }
}
#if defined(CONFIG_NF_CONNTRACK_MARK)
@@ -1156,19 +1173,6 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));
#endif
- rcu_read_lock();
- helper = __nf_ct_helper_find(rtuple);
- if (helper) {
- help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
- if (help == NULL) {
- rcu_read_unlock();
- err = -ENOMEM;
- goto err;
- }
- /* not in hash table yet so not strictly necessary */
- rcu_assign_pointer(help->helper, helper);
- }
-
/* setup master conntrack: this is a confirmed expectation */
if (master_ct) {
__set_bit(IPS_EXPECTED_BIT, &ct->status);
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/3] [PATCH] fix sleep in read-side lock section
2008-08-07 10:08 [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Pablo Neira Ayuso
@ 2008-08-07 10:08 ` Pablo Neira Ayuso
2008-08-13 13:28 ` Patrick McHardy
2008-08-07 10:08 ` [PATCH 3/3] [PATCH] fix sleepable allocation with spin lock bh Pablo Neira Ayuso
2008-08-13 13:26 ` [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Patrick McHardy
2 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2008-08-07 10:08 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Fix allocation with GFP_KERNEL in ctnetlink_create_conntrack() under
read-side lock sections.
This problem was introduced in 2.6.25.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index a984b1c..7707cbb 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1142,7 +1142,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
rcu_read_lock();
helper = __nf_ct_helper_find(rtuple);
if (helper) {
- help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
+ help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
if (help == NULL) {
rcu_read_unlock();
err = -ENOMEM;
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 3/3] [PATCH] fix sleepable allocation with spin lock bh
2008-08-07 10:08 [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Pablo Neira Ayuso
2008-08-07 10:08 ` [PATCH 2/3] [PATCH] fix sleep in read-side lock section Pablo Neira Ayuso
@ 2008-08-07 10:08 ` Pablo Neira Ayuso
2008-08-13 13:29 ` Patrick McHardy
2008-08-13 13:26 ` [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Patrick McHardy
2 siblings, 1 reply; 7+ messages in thread
From: Pablo Neira Ayuso @ 2008-08-07 10:08 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This patch removes a GFP_KERNEL allocation while holding a spin lock with
bottom halves disabled in ctnetlink_change_helper().
This problem was introduced in 2.6.23 with the netfilter extension
infrastructure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7707cbb..35e61e4 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -971,7 +971,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
/* need to zero data of old helper */
memset(&help->help, 0, sizeof(help->help));
} else {
- help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
+ help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
if (help == NULL)
return -ENOMEM;
}
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks
2008-08-07 10:08 [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Pablo Neira Ayuso
2008-08-07 10:08 ` [PATCH 2/3] [PATCH] fix sleep in read-side lock section Pablo Neira Ayuso
2008-08-07 10:08 ` [PATCH 3/3] [PATCH] fix sleepable allocation with spin lock bh Pablo Neira Ayuso
@ 2008-08-13 13:26 ` Patrick McHardy
2 siblings, 0 replies; 7+ messages in thread
From: Patrick McHardy @ 2008-08-13 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Pablo Neira Ayuso wrote:
> If we create a conntrack that has NAT handlings and a helper, the helper
> is assigned twice. This happens because nf_nat_setup_info() - via
> nf_conntrack_alter_reply() - sets the helper before ctnetlink, which
> indeed does not check if the conntrack already has a helper as it thinks that
> it is a brand new conntrack.
>
> The fix moves the helper assignation before the set of the status flags.
> This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are
> enabled) which checks that the conntrack must not be confirmed.
>
> This problem was introduced in 2.6.23 with the netfilter extension
> infrastructure.
Applied, thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-08-13 14:36 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-07 10:08 [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Pablo Neira Ayuso
2008-08-07 10:08 ` [PATCH 2/3] [PATCH] fix sleep in read-side lock section Pablo Neira Ayuso
2008-08-13 13:28 ` Patrick McHardy
2008-08-07 10:08 ` [PATCH 3/3] [PATCH] fix sleepable allocation with spin lock bh Pablo Neira Ayuso
2008-08-13 13:29 ` Patrick McHardy
2008-08-13 14:35 ` Pablo Neira Ayuso
2008-08-13 13:26 ` [PATCH 1/3] [PATCH] fix double helper assignation for NAT'ed conntracks Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.