On Mon, 24 Jan 2011 00:16:02 +0100 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > In 13ee6ac579574a2a95e982b19920fd2495dce8cd, we recovered spinlocks > to protect the dump of the conntrack table according to reports from > Stephen and acknowledgments on the issue from Eric. > > However, Stephen removed the refcount bump in that patch that allows > to keep a reference to the current ct object we are interating over. > That code avoids race conditions between ct object destruction and > the iteration itself. This patch reintroduces these lines since the > ct object may vanish between two recvmgs() invocations. > > This patch fixes ocasional crashes while dumping the conntrack table > intensively. > > Cc: Stephen Hemminger <stephen.hemminger@xxxxxxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> These two patches should have been submitted to the stable kernel. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
