Hi Feng, 2016-09-28 9:23 GMT+08:00 Feng Gao <gfree.wind@xxxxxxxxx>: > Hi Aaraon, > > On Tue, Sep 27, 2016 at 9:38 PM, Aaron Conole <aconole@xxxxxxxxxx> wrote: >> It's possible for nf_hook_entry_head to return NULL if two >> nf_unregister_net_hook calls happen simultaneously with a single hook > > The critical region of nf_unregister_net_hook is protected by &nf_hook_mutex. > When it would be called simultaneously? This is unrelated to race condition. Suppose that only the last nf_hook_entry exist, and two callers want to do un-register work. The first one will remove it successfully, after the end of the work, the second one will enter the critical section, but it will see the NULL pointer. Because the last nf_hook_entry was already removed by the first one. > > Regards > Feng > >> entry in the list. This fix ensures that no null pointer dereference >> could occur when such a race happens. >> >> Signed-off-by: Aaron Conole <aconole@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
