From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
bill bonaparte <programme110@gmail.com>,
Jesper Dangaard Brouer <brouer@redhat.com>
Subject: Re: [PATCH 3.17 122/122] netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse
Date: Sun, 7 Dec 2014 19:15:30 +0100 [thread overview]
Message-ID: <20141207181530.GB3952@salvia> (raw)
In-Reply-To: <20141205223324.613437397@linuxfoundation.org>
Please, withdraw this patch. It has been reverted.
Thanks Greg.
On Fri, Dec 05, 2014 at 02:44:56PM -0800, Greg Kroah-Hartman wrote:
> 3.17-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: bill bonaparte <programme110@gmail.com>
>
> commit 5195c14c8b27cc0b18220ddbf0e5ad3328a04187 upstream.
>
> After removal of the central spinlock nf_conntrack_lock, in
> commit 93bb0ceb75be2 ("netfilter: conntrack: remove central
> spinlock nf_conntrack_lock"), it is possible to race against
> get_next_corpse().
>
> The race is against the get_next_corpse() cleanup on
> the "unconfirmed" list (a per-cpu list with seperate locking),
> which set the DYING bit.
>
> Fix this race, in __nf_conntrack_confirm(), by removing the CT
> from unconfirmed list before checking the DYING bit. In case
> race occured, re-add the CT to the dying list.
>
> While at this, fix coding style of the comment that has been
> updated.
>
> Fixes: 93bb0ceb75be2 ("netfilter: conntrack: remove central spinlock nf_conntrack_lock")
> Reported-by: bill bonaparte <programme110@gmail.com>
> Signed-off-by: bill bonaparte <programme110@gmail.com>
> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> net/netfilter/nf_conntrack_core.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> --- a/net/netfilter/nf_conntrack_core.c
> +++ b/net/netfilter/nf_conntrack_core.c
> @@ -611,12 +611,16 @@ __nf_conntrack_confirm(struct sk_buff *s
> */
> NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
> pr_debug("Confirming conntrack %p\n", ct);
> - /* We have to check the DYING flag inside the lock to prevent
> - a race against nf_ct_get_next_corpse() possibly called from
> - user context, else we insert an already 'dead' hash, blocking
> - further use of that particular connection -JM */
> +
> + /* We have to check the DYING flag after unlink to prevent
> + * a race against nf_ct_get_next_corpse() possibly called from
> + * user context, else we insert an already 'dead' hash, blocking
> + * further use of that particular connection -JM.
> + */
> + nf_ct_del_from_dying_or_unconfirmed_list(ct);
>
> if (unlikely(nf_ct_is_dying(ct))) {
> + nf_ct_add_to_dying_list(ct);
> nf_conntrack_double_unlock(hash, reply_hash);
> local_bh_enable();
> return NF_ACCEPT;
> @@ -636,8 +640,6 @@ __nf_conntrack_confirm(struct sk_buff *s
> zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)))
> goto out;
>
> - nf_ct_del_from_dying_or_unconfirmed_list(ct);
> -
> /* Timer relative to confirmation time, not original
> setting time, otherwise we'd get timer wrap in
> weird delay cases. */
>
>
next prev parent reply other threads:[~2014-12-07 18:15 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-05 22:42 [PATCH 3.17 000/122] 3.17.5-stable review Greg Kroah-Hartman
2014-12-05 22:42 ` [PATCH 3.17 001/122] MIPS: IP27: Fix __node_distances undefined error Greg Kroah-Hartman
2014-12-05 22:42 ` [PATCH 3.17 002/122] MIPS: lib: memcpy: Restore NOP on delay slot before returning to caller Greg Kroah-Hartman
2014-12-05 22:42 ` [PATCH 3.17 003/122] MIPS: oprofile: Fix backtrace on 64-bit kernel Greg Kroah-Hartman
2014-12-05 22:42 ` [PATCH 3.17 004/122] MIPS: tlb-r4k: Add missing HTW stop/start sequences Greg Kroah-Hartman
2014-12-05 22:42 ` [PATCH 3.17 005/122] MIPS: Loongson3: Fix __node_distances undefined error Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 006/122] MIPS: asm: uaccess: Add v1 register to clobber list on EVA Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 007/122] MIPS: cpu-probe: Set the FTLB probability bit on supported cores Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 008/122] MIPS: fix EVA & non-SMP non-FPU FP context signal handling Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 009/122] MIPS: r4kcache: Add EVA case for protected_writeback_dcache_line Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 010/122] MIPS: tlbex: Fix potential HTW race on TLBL/M/S handlers Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 011/122] MIPS: Loongson: Make platform serial setup always built-in Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 012/122] x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 013/122] x86_64, traps: Stop using IST for #SS Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 014/122] x86_64, traps: Rework bad_iret Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 015/122] x86: Require exact match for noxsave command line option Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 016/122] x86, mm: Set NX across entire PMD at boot Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 017/122] x86, kaslr: Handle Gold linker for finding bss/brk Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 018/122] uprobes, x86: Fix _TIF_UPROBE vs _TIF_NOTIFY_RESUME Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 019/122] sparc64: Fix constraints on swab helpers Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 020/122] inetdevice: fixed signed integer overflow Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 021/122] ipv4: Fix incorrect error code when adding an unreachable route Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 022/122] ieee802154: fix error handling in ieee802154fake_probe() Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 024/122] bonding: fix curr_active_slave/carrier with loadbalance arp monitoring Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 025/122] pptp: fix stack info leak in pptp_getname() Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 026/122] ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 027/122] net/mlx4_en: Add VXLAN ndo calls to the PF net device ops too Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 028/122] net/mlx4_en: Advertize encapsulation offloads features only when VXLAN tunnel is set Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 029/122] PCI: Support 64-bit bridge windows if we have 64-bit dma_addr_t Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 030/122] PCI/MSI: Add device flag indicating that 64-bit MSIs dont work Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 031/122] clockevent: sun4i: Fix race condition in the probe code Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 032/122] IB/isert: Adjust CQ size to HW limits Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 033/122] ib_isert: Add max_send_sge=2 minimum for control PDU responses Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 034/122] ASoC: rsnd: remove unsupported PAUSE flag Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 035/122] ASoC: fsi: " Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 036/122] ASoC: sgtl5000: Fix SMALL_POP bit definition Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 038/122] ASoC: rockchip-i2s: fix infinite loop in rockchip_snd_rxctrl Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 039/122] ASoC: wm_adsp: Avoid attempt to free buffers that might still be in use Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 040/122] ASoC: dpcm: Fix race between FE/BE updates and trigger Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 041/122] ASoC: rt5670: correct the incorrect default values Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 042/122] ASoC: cs42l51: re-hook of_match_table pointer Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 043/122] ath9k: Fix RTC_DERIVED_CLK usage Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 044/122] of/base: Fix PowerPC address parsing hack Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 045/122] powerpc/pseries: Honor the generic "no_64bit_msi" flag Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 046/122] powerpc: 32 bit getcpu VDSO function uses 64 bit instructions Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 047/122] powerpc/powernv: Replace OPAL_DEASSERT_RESET with EEH_RESET_DEACTIVATE Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 048/122] powerpc/pseries: Fix endiannes issue in RTAS call from xmon Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 049/122] powerpc/powernv: Fix the hmi event version check Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 050/122] iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 051/122] iio: adc: men_z188_adc: Add terminating entry for men_z188_ids Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 052/122] staging: r8188eu: Add new device ID for DLink GO-USB-N150 Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 053/122] USB: ssu100: fix overrun-error reporting Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 054/122] USB: keyspan: " Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 055/122] USB: keyspan: fix tty line-status reporting Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 056/122] USB: serial: cp210x: add IDs for CEL MeshConnect USB Stick Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 057/122] usb: serial: ftdi_sio: add PIDs for Matrix Orbital products Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 058/122] usb-quirks: Add reset-resume quirk for MS Wireless Laser Mouse 6000 Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 059/122] USB: uas: Add no-uas quirk for Hitachi usb-3 enclosures 4971:1012 Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 060/122] USB: xhci: dont start a halted endpoint before its new dequeue is set Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 061/122] USB: xhci: Reset a halted endpoint immediately when we encounter a stall Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 062/122] usb: xhci: rework root port wake bits if controller isnt allowed to wakeup Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 063/122] can: esd_usb2: fix memory leak on disconnect Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 064/122] ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices Greg Kroah-Hartman
2014-12-05 22:43 ` [PATCH 3.17 065/122] ALSA: hda - Limit 40bit DMA for AMD HDMI controllers Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 066/122] ALSA: hda - One more HP machine needs to change mute led quirk Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 068/122] btrfs: fix lockups from btrfs_clear_path_blocking Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 069/122] ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 070/122] ACPI / PM: Ignore wakeup setting if the ACPI companion cant wake up Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 071/122] brcmfmac: fix conversion of channel width 20MHZ_NOHT Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 072/122] brcmfmac: fix error handling of irq_of_parse_and_map Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 073/122] brcmfmac: dont include linux/unaligned/access_ok.h Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 074/122] of/irq: Drop obsolete interrupts vs interrupts-extended text Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 075/122] of: Fix crash if an earlycon driver is not found Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 076/122] of/selftest: Fix off-by-one error in removal path Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 077/122] ARM: mvebu: add missing of_node_put() call in coherency.c Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 078/122] ARM: 8216/1: xscale: correct auxiliary register in suspend/resume Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 079/122] ARM: 8222/1: mvebu: enable strex backoff delay Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 080/122] ARM: 8226/1: cacheflush: get rid of restarting block Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 081/122] Input: synaptics - adjust min/max on Thinkpad E540 Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 082/122] Input: xpad - use proper endpoint type Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 083/122] srp-target: Retry when QP creation fails with ENOMEM Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 084/122] target: Dont call TFO->write_pending if data_length == 0 Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 085/122] iser-target: Handle DEVICE_REMOVAL event on network portal listener correctly Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 086/122] spi: dw: Fix dynamic speed change Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 087/122] spi: Fix mapping from vmalloc-ed buffer to scatter list Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 088/122] spi: sirf: fix word width configuration Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 089/122] mac80211: Fix regression that triggers a kernel BUG with CCMP Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 090/122] vhost-scsi: Take configfs group dependency during VHOST_SCSI_SET_ENDPOINT Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 093/122] dmaengine: sun6i: Fix memcpy operation Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 094/122] rt2x00: do not align payload on modern H/W Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 095/122] iwlwifi: pcie: fix prph dump length Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 096/122] nfsd: correctly define v4.2 support attributes Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 097/122] nfsd: Fix slot wake up race in the nfsv4.1 callback code Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 098/122] sound/radeon: Move 64-bit MSI quirk from arch to driver Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 099/122] hwmon: (g762) fix call to devm_hwmon_device_register_with_groups() Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 100/122] net/ping: handle protocol mismatching scenario Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 101/122] Revert "xhci: clear root port wake on bits if controller isnt wake-up capable" Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 102/122] ixgbe: Correctly disable VLAN filter in promiscuous mode Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 103/122] ixgbe: fix use after free adapter->state test in ixgbe_remove/ixgbe_probe Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 104/122] irqchip: atmel-aic: Fix irqdomain initialization Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 105/122] bnx2fc: do not add shared skbs to the fcoe_rx_list Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 106/122] clk-divider: Fix READ_ONLY when divider > 1 Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 107/122] drm/radeon: fix endian swapping in vbios fetch for tdp table Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 108/122] drm/radeon: disable native backlight control on pre-r6xx asics (v2) Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 109/122] drm/i915: drop WaSetupGtModeTdRowDispatch:snb Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 110/122] drm/i915: Kick fbdev before vgacon Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 112/122] drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 113/122] gpu/radeon: Set flag to indicate broken 64-bit MSI Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 114/122] drm/radeon: initialize sadb to NULL in the audio code Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 115/122] bitops: Fix shift overflow in GENMASK macros Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 116/122] powerpc/powernv: Honor the generic "no_64bit_msi" flag Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 117/122] iwlwifi: mvm: ROC - bug fixes around time events and locking Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 118/122] iwlwifi: mvm: check TLV flag before trying to use hotspot firmware commands Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 120/122] clk: qcom: Fix duplicate rbcpr clock name Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 121/122] x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is read-only Greg Kroah-Hartman
2014-12-05 22:44 ` [PATCH 3.17 122/122] netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse Greg Kroah-Hartman
2014-12-07 18:15 ` Pablo Neira Ayuso [this message]
2014-12-06 3:30 ` [PATCH 3.17 000/122] 3.17.5-stable review Guenter Roeck
2014-12-06 3:44 ` Greg Kroah-Hartman
2014-12-06 5:14 ` Guenter Roeck
2014-12-16 2:15 ` Guenter Roeck
2014-12-16 16:13 ` Greg Kroah-Hartman
2014-12-06 21:35 ` Shuah Khan
2014-12-06 23:04 ` Greg Kroah-Hartman
2014-12-07 16:42 ` Jindrich Makovicka
2014-12-07 20:08 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141207181530.GB3952@salvia \
--to=pablo@netfilter.org \
--cc=brouer@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=programme110@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).