* Re: nf_conntrack_h323: Fix locking in process_urq
[not found] <1452894918.4622.3.camel@gmail.com>
@ 2016-01-15 22:42 ` Florian Westphal
2016-01-15 22:57 ` Sebastian Pöhn
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2016-01-15 22:42 UTC (permalink / raw)
To: Sebastian Pöhn; +Cc: netdev, netfilter-devel
Sebastian Pöhn <sebastian.poehn@gmail.com> wrote:
[ CC netfilter-devel ]
> nf_ct_remove_expectations has to be called under nf_conntrack_expect_lock
But nf_ct_remove_expectations grabs that lock?
Added in:
commit ca7433df3a672efc88e08222cfa4b3aa965ca324
Author: Jesper Dangaard Brouer <brouer@redhat.com>
netfilter: conntrack: seperate expect locking from nf_conntrack_lock
> diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
> index 9511af0..d477375 100644
> --- a/net/netfilter/nf_conntrack_h323_main.c
> +++ b/net/netfilter/nf_conntrack_h323_main.c
> @@ -1518,7 +1518,9 @@ static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
> }
>
> /* Clear old expect */
> + spin_lock_bh(&nf_conntrack_expect_lock);
> nf_ct_remove_expectations(ct);
... so I'd expect deadlock.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: nf_conntrack_h323: Fix locking in process_urq
2016-01-15 22:42 ` nf_conntrack_h323: Fix locking in process_urq Florian Westphal
@ 2016-01-15 22:57 ` Sebastian Pöhn
0 siblings, 0 replies; 2+ messages in thread
From: Sebastian Pöhn @ 2016-01-15 22:57 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel, netdev
You are right. The problem is fixed since 3.15 with the expect_lock refactoring.
We found this in 3.12. Probably this is something for stable releases 3.14 and earlier.
Am 15.01.2016 11:42 nachm. schrieb "Florian Westphal" <fw@strlen.de>:
>
> Sebastian Pöhn <sebastian.poehn@gmail.com> wrote:
>
> [ CC netfilter-devel ]
>
> > nf_ct_remove_expectations has to be called under nf_conntrack_expect_lock
>
> But nf_ct_remove_expectations grabs that lock?
>
> Added in:
>
> commit ca7433df3a672efc88e08222cfa4b3aa965ca324
> Author: Jesper Dangaard Brouer <brouer@redhat.com>
> netfilter: conntrack: seperate expect locking from nf_conntrack_lock
>
> > diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
> > index 9511af0..d477375 100644
> > --- a/net/netfilter/nf_conntrack_h323_main.c
> > +++ b/net/netfilter/nf_conntrack_h323_main.c
> > @@ -1518,7 +1518,9 @@ static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
> > }
> >
> > /* Clear old expect */
> > + spin_lock_bh(&nf_conntrack_expect_lock);
> > nf_ct_remove_expectations(ct);
>
> ... so I'd expect deadlock.
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-01-15 22:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1452894918.4622.3.camel@gmail.com>
2016-01-15 22:42 ` nf_conntrack_h323: Fix locking in process_urq Florian Westphal
2016-01-15 22:57 ` Sebastian Pöhn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).