On Mon, Jun 13, 2011 at 09:06:57AM +0200, Hans Schillstrom wrote: > Quote from Patric Mc Hardy > "This looks like nfnetlink.c excited and destroyed the nfnl socket, but > ip_vs was still holding a reference to a conntrack. When the conntrack > got destroyed it created a ctnetlink event, causing an oops in > netlink_has_listeners when trying to use the destroyed nfnetlink > socket." > > If nf_conntrack_netlink is loaded before ip_vs this is not a problem. > > This patch simply avoids calling ip_vs_conn_drop_conntrack() > when netns is dying as suggested by Julian. > > Signed-off-by: Hans Schillstrom <hans.schillstrom@xxxxxxxxxxxx> > --- > net/netfilter/ipvs/ip_vs_conn.c | 10 +++++++++- > net/netfilter/ipvs/ip_vs_core.c | 1 + > 2 files changed, 10 insertions(+), 1 deletions(-) > > diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c > index bf28ac2..d7dfccb 100644 > --- a/net/netfilter/ipvs/ip_vs_conn.c > +++ b/net/netfilter/ipvs/ip_vs_conn.c > @@ -776,8 +776,16 @@ static void ip_vs_conn_expire(unsigned long data) > if (cp->control) > ip_vs_control_del(cp); > > - if (cp->flags & IP_VS_CONN_F_NFCT) > + if (cp->flags & IP_VS_CONN_F_NFCT) { > ip_vs_conn_drop_conntrack(cp); > + /* Do not access conntracks during subsys cleanup because > + * nf_conntrack_find_get can not be used after conntrack > + * cleanup for the net. > + */ Very minor nit, the comment above should be intended by one more tab. > + smp_rmb(); > + if (ipvs->enable) > + ip_vs_conn_drop_conntrack(cp); > + } > > ip_vs_pe_put(cp->pe); > kfree(cp->pe_data); > diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c > index bfa808f..6f8c934 100644 > --- a/net/netfilter/ipvs/ip_vs_core.c > +++ b/net/netfilter/ipvs/ip_vs_core.c > @@ -1945,6 +1945,7 @@ static void __net_exit __ip_vs_dev_cleanup(struct net *net) > { > EnterFunction(2); > net_ipvs(net)->enable = 0; /* Disable packet reception */ > + smp_wmb(); > __ip_vs_sync_cleanup(net); > LeaveFunction(2); > } > -- > 1.6.0.2 > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html