From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
When user adjust the hash size via /sys/module/nf_conntrack/parameters/hashsize,
something will break because race condition happened.
This patch set aim to fix these bugs.
When we do "cat /proc/net/nf_conntrack", and at the same time do hash resize,
nf_conntrack_htable_size and nf_conntrack_hash may become unrelated if we
read them separately, so oops will happen. Fix this in patch #1.
When we do unlink help or timeout objects, and at the same time do hash resize,
we may miss unlinking some objects, later we will end up with invalid references.
Fix this in patch #2 and #3.
V1->V2: no need to export nf_conntrack_generation, add nf_conntrack_get_ht
suggested by Florian Westphal.
Liping Zhang (3):
netfilter: conntrack: fix race between nf_conntrack proc read and hash
resize
netfilter: cttimeout: unlink timeout obj again when hash resize happen
netfilter: nf_ct_helper: unlink helper again when hash resize happen
include/net/netfilter/nf_conntrack_core.h | 1 +
.../netfilter/nf_conntrack_l3proto_ipv4_compat.c | 20 ++++++++++++++++----
net/netfilter/nf_conntrack_core.c | 4 +++-
net/netfilter/nf_conntrack_helper.c | 14 ++++++++++++--
net/netfilter/nf_conntrack_standalone.c | 20 +++++++++++++++-----
net/netfilter/nfnetlink_cttimeout.c | 14 ++++++++++++--
6 files changed, 59 insertions(+), 14 deletions(-)
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
