Liping Zhang <zlpnobody@xxxxxxxxx> wrote:
> 2017-05-24 6:28 GMT+08:00 Florian Westphal <fw@xxxxxxxxx>:
> > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> [...]
> >> I will append the Fixes: tag:
> >>
> >> Fixes: 89f2e21883b5 ("[NETFILTER]: ctnetlink: change table dumping not to require an unique ID")
> >
> > That commit looks fine to me, it seems to make sure to put
> > "last" only once in all cases.
> >
> > 93bb0ceb75be2fdfa9fc0dd1 however adds a check on cb->args[0], and if
> > that is hit it will do a put() on last, and then, the "done" netlink
> > callback will do another put operation on cb->args[1] (i.e., last).
>
> After I have a closer look, I think this patch should add:
>
> Fixes: d205dc40798d ("[NETFILTER]: ctnetlink: fix deadlock in table dumping")
>
> After this commit, when the hash size was reduced, for example,
> from 60000 to 600, then we may put the "last" ct twice, as we may
> fail to go into the iteration and clear the cb->args[1], so:
>
> 1. nf_ct_put(last) by ctnetlink_dump_table, but cb->args[1] still
> point to the "last"
> 2. nf_ct_put((struct nf_conn *)cb->args[1]) by ctnetlink_done
You are right.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
