2017-05-24 6:28 GMT+08:00 Florian Westphal <fw@xxxxxxxxx>:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
[...]
>> I will append the Fixes: tag:
>>
>> Fixes: 89f2e21883b5 ("[NETFILTER]: ctnetlink: change table dumping not to require an unique ID")
>
> That commit looks fine to me, it seems to make sure to put
> "last" only once in all cases.
>
> 93bb0ceb75be2fdfa9fc0dd1 however adds a check on cb->args[0], and if
> that is hit it will do a put() on last, and then, the "done" netlink
> callback will do another put operation on cb->args[1] (i.e., last).
After I have a closer look, I think this patch should add:
Fixes: d205dc40798d ("[NETFILTER]: ctnetlink: fix deadlock in table dumping")
After this commit, when the hash size was reduced, for example,
from 60000 to 600, then we may put the "last" ct twice, as we may
fail to go into the iteration and clear the cb->args[1], so:
1. nf_ct_put(last) by ctnetlink_dump_table, but cb->args[1] still
point to the "last"
2. nf_ct_put((struct nf_conn *)cb->args[1]) by ctnetlink_done
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
