From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Michal Kubecek <mkubecek@suse.cz>
Subject: [PATCH 3.18 28/52] netfilter: restart search if moved to other chain
Date: Mon, 29 Jan 2018 13:56:46 +0100 [thread overview]
Message-ID: <20180129123629.430826236@linuxfoundation.org> (raw)
In-Reply-To: <20180129123628.168904217@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit 95a8d19f28e6b29377a880c6264391a62e07fccc upstream.
In case nf_conntrack_tuple_taken did not find a conflicting entry
check that all entries in this hash slot were tested and restart
in case an entry was moved to another chain.
Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: ea781f197d6a ("netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu()")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_core.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -695,6 +695,7 @@ nf_conntrack_tuple_taken(const struct nf
* least once for the stats anyway.
*/
rcu_read_lock_bh();
+ begin:
hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash], hnnode) {
ct = nf_ct_tuplehash_to_ctrack(h);
if (ct != ignored_conntrack &&
@@ -706,6 +707,12 @@ nf_conntrack_tuple_taken(const struct nf
}
NF_CT_STAT_INC(net, searched);
}
+
+ if (get_nulls_value(n) != hash) {
+ NF_CT_STAT_INC(net, search_restart);
+ goto begin;
+ }
+
rcu_read_unlock_bh();
return 0;
next prev parent reply other threads:[~2018-01-29 20:05 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-29 12:56 [PATCH 3.18 00/52] 3.18.93-stable review Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 01/52] gcov: disable for COMPILE_TEST Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 02/52] scsi: sg: disable SET_FORCE_LOW_DMA Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 03/52] futex: Prevent overflow by strengthen input validation Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 04/52] ALSA: pcm: Remove yet superfluous WARN_ON() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 05/52] ALSA: hda - Apply the existing quirk to iMac 14,1 Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 06/52] af_key: fix buffer overread in verify_address_len() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 07/52] af_key: fix buffer overread in parse_exthdrs() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 08/52] pipe: avoid round_pipe_size() nr_pages overflow on 32-bit Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 09/52] Input: 88pm860x-ts - fix child-node lookup Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 10/52] Input: twl6040-vibra - fix DT node memory management Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 11/52] Input: twl6040-vibra - fix child-node lookup Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 12/52] Input: twl4030-vibra - fix ERROR: Bad of_node_put() warning Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 13/52] Input: twl4030-vibra - fix sibling-node lookup Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 14/52] phy: work around phys references to usb-nop-xceiv devices Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 15/52] ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 16/52] dm btree: fix serious bug in btree_split_beneath() Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 17/52] dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 18/52] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 19/52] MIPS: AR7: ensure the port types FCR value is used Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 20/52] x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 21/52] usbip: Fix implicit fallthrough warning Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 22/52] can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 23/52] can: af_can: canfd_rcv(): " Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 24/52] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 25/52] hwpoison, memcg: forcibly uncharge LRU pages Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 26/52] ipc: msg, make msgrcv work with LONG_MIN Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 27/52] netfilter: nf_ct_expect: remove the redundant slash when policy name is empty Greg Kroah-Hartman
2018-01-29 12:56 ` Greg Kroah-Hartman [this message]
2018-01-29 12:56 ` [PATCH 3.18 29/52] netfilter: nf_conntrack_sip: extend request line validation Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 30/52] netfilter: nfnetlink_cthelper: Add missing permission checks Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 31/52] netfilter: xt_osf: " Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 32/52] reiserfs: fix race in prealloc discard Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 33/52] reiserfs: dont preallocate blocks for extended attributes Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 34/52] fs/fcntl: f_setown, avoid undefined behaviour Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 35/52] scsi: libiscsi: fix shifting of DID_REQUEUE host byte Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 36/52] um: link vmlinux with -no-pie Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 37/52] eventpoll.h: add missing epoll event masks Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 38/52] um: Stop abusing __KERNEL__ Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 39/52] um: Remove copy&paste code from init.h Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 40/52] x86/microcode/intel: Extend BDW late-loading further with LLC size check Greg Kroah-Hartman
2018-01-29 12:56 ` [PATCH 3.18 41/52] net: tcp: close sock if net namespace is exiting Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 42/52] dccp: dont restart ccid2_hc_tx_rto_expire() if sk in closed state Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 43/52] net: igmp: fix source address check for IGMPv3 reports Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 44/52] tcp: __tcp_hdrlen() helper Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 45/52] net: qdisc_pkt_len_init() should be more robust Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 46/52] pppoe: take ->needed_headroom of lower device into account on xmit Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 47/52] sctp: do not allow the v4 socket to bind a v4mapped v6 address Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 48/52] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 49/52] vmxnet3: repair memory leak Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 50/52] net: Allow neigh contructor functions ability to modify the primary_key Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 51/52] ipv6: fix udpv6 sendmsg crash caused by too small MTU Greg Kroah-Hartman
2018-01-29 12:57 ` [PATCH 3.18 52/52] ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY Greg Kroah-Hartman
2018-01-29 23:58 ` [PATCH 3.18 00/52] 3.18.93-stable review Shuah Khan
2018-01-30 7:37 ` Greg Kroah-Hartman
[not found] ` <CALpmF+GwSCt1UmeFpW2hUWcv-b0r8pwvdjP1tpjPZYCgXL5jzw@mail.gmail.com>
2018-01-30 7:38 ` Greg Kroah-Hartman
2018-01-30 14:19 ` Guenter Roeck
2018-01-30 14:51 ` Greg Kroah-Hartman
2018-01-30 18:51 ` Greg Kroah-Hartman
2018-01-30 19:48 ` Guenter Roeck
2018-01-31 8:52 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180129123629.430826236@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mkubecek@suse.cz \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).