If we are about to replace a rbnode because it is dead we need to ensure
that the old node gets GCed. All other places that look for nodes to GC
rely on walking the tree to find them so if we don't do it here the node
will be lost.
Fixes: 5c789e131cbb9 ("netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search")
Signed-off-by: Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx>
---
net/netfilter/nf_conncount.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index 372015e3f18d..df447877e3ac 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -381,11 +381,15 @@ insert_tree(struct net *net,
*/
node_found = false;
parent = rb_parent(*rbnode);
+ gc_nodes[gc_count++] = rbconn;
}
break;
}
- if (gc_count >= ARRAY_SIZE(gc_nodes))
+ /* Must keep one free array slot in case we find an
+ * exact match that needs to be reclaimed.
+ */
+ if (gc_count >= ARRAY_SIZE(gc_nodes) - 1)
continue;
if (nf_conncount_gc_list(net, &rbconn->list))
--
2.20.1
