On Thu, Oct 25, 2018 at 7:56 AM Taehee Yoo <ap420073@xxxxxxxxx> wrote:
>
> conn_free() holds lock with spin_lock(). and it is called by both
> nf_conncount_lookup() and nf_conncount_gc_list().
> nf_conncount_lookup() is bottom-half context and nf_conncount_gc_list()
> is process context. so that spin_lock() is not safe.
> Hence conn_free() should use spin_lock_bh() instead of spin_lock().
>
> test commands:
> %nft add table ip filter
> %nft add chain ip filter input { type filter hook input priority 0\; }
> %nft add rule filter input meter test { ip saddr ct count over 2 } \
> counter
>
> Fixes: 5c789e131cbb ("netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search")
> Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
Thanks for the fix.
Acked-by: Yi-Hung Wei <yihung.wei@xxxxxxxxx>
