Hi Florian,
2014/1/7 Florian Westphal <fw@xxxxxxxxx>:
> Andrew Vagin <avagin@xxxxxxxxx> wrote:
>> > ct = nf_ct_tuplehash_to_ctrack(h);
>> > if (unlikely(nf_ct_is_dying(ct) ||
>> > !atomic_inc_not_zero(&ct->ct_general.use)))
>> > // which means we should hit this path (0 ref).
>> > h = NULL;
>> > else {
>> > // otherwise, it cannot go away from under us, since
>> > // we own a reference now.
>> > if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple) ||
>> > nf_ct_zone(ct) != zone)) {
>
> Perhaps this needs additional !nf_ct_is_confirmed()?
Yes, it think it must help. Thank you for the comments. I resent this patch:
[PATCH] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get
>
> It would cover your case (found a recycled element that has been put on
> the unconfirmed list (refcnt already set to 1, ct->tuple is set) on another cpu,
> extensions possibly not yet fully initialised), and the same tuple).
>
> Regards,
> Florian
Thanks,
Andrey
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
