On Sunday 2012-09-23 14:43, Patrick McHardy wrote: >Jan Engelhardt <jengelh@xxxxxxx> schrieb: > >>Commit v2.6.19-rc1~1272^2~41 tells us that r->cost != 0 can happen when >>a running state is saved to userspace and then reinstated from there. >> >>Make sure that priv is initialized with some values when that happens. >> >>Signed-off-by: Jan Engelhardt <jengelh@xxxxxxx> >>--- >> net/netfilter/xt_limit.c | 8 ++++---- >> 1 file changed, 4 insertions(+), 4 deletions(-) >> >>diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c >>index 5c22ce8..a4c1e45 100644 >>--- a/net/netfilter/xt_limit.c >>+++ b/net/netfilter/xt_limit.c >>@@ -117,11 +117,11 @@ static int limit_mt_check(const struct >>xt_mtchk_param *par) >> >> /* For SMP, we only want to use one set of state. */ >> r->master = priv; >>+ /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies * >>+ 128. */ >>+ priv->prev = jiffies; >>+ priv->credit = user2credits(r->avg * r->burst); /* Credits full. */ >> if (r->cost == 0) { >>- /* User avg in seconds * XT_LIMIT_SCALE: convert to jiffies * >>- 128. */ >>- priv->prev = jiffies; >>- priv->credit = user2credits(r->avg * r->burst); /* Credits full. */ >> r->credit_cap = priv->credit; /* Credits full. */ >> r->cost = user2credits(r->avg); >> } > >I don't think we can do any better than this. "This" being the state as of 3.5, or this patch? priv-> really should be initialized, somehow. Being a kernel-only structure, can't rely on userspace to do it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html