From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: BORBELY Zoltan <bozo@andrews.hu>,
Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>
Subject: Re: crash in death_by_timeout()
Date: Wed, 19 Nov 2008 13:37:08 +0100 [thread overview]
Message-ID: <49240874.1090208@netfilter.org> (raw)
In-Reply-To: <492400B3.6070706@trash.net>
Patrick McHardy wrote:
> Pablo Neira Ayuso wrote:
>> Patrick McHardy wrote:
>>> Pablo, do you recall the reason why the lock isn't held in
>>> ctnetlink_create_conntrack()?
>>
>> The creation is done under the nfnl_mutex so that requests to create
>> identical entries cannot race. Of course, this is not enough to avoid
>> the race with the timer if we set a very small timer for a conntrack :(.
>
> Its also not enough to avoid the race against packet processing,
> which takes nf_conntrack_lock.
>
>> AFAICS, we don't need to enclose the whole conntrack creation path.
>> Would you prefer the patch attached? This patch should apply fine to
>> 2.6.28-rc.
>
> That fixes the timer race, but the race between lookup and creation
> remains. We really need to either hold the lock the entire time or
> redo the lookup before inserting the entry into the hash tables.
I see, I forgot about that case. Your patch should be fine then.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2008-11-19 12:37 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-17 22:18 crash in death_by_timeout() BORBELY Zoltan
2008-11-18 11:07 ` Patrick McHardy
2008-11-18 12:38 ` BORBELY Zoltan
2008-11-18 13:19 ` Patrick McHardy
2008-11-18 13:27 ` Patrick McHardy
2008-11-18 22:25 ` Pablo Neira Ayuso
2008-11-19 12:04 ` Patrick McHardy
2008-11-19 12:37 ` Pablo Neira Ayuso [this message]
2008-11-19 12:47 ` Patrick McHardy
2008-11-25 8:09 ` BORBELY Zoltan
2008-11-25 11:11 ` Patrick McHardy
2008-11-25 22:48 ` BORBELY Zoltan
2008-11-26 11:16 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49240874.1090208@netfilter.org \
--to=pablo@netfilter.org \
--cc=bozo@andrews.hu \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).