On Thu, 2014-09-25 at 18:52 +0200, Pablo Neira Ayuso wrote:
> From: Julian Anastasov <ja@xxxxxx>
>
> [ upstream commit 2627b7e15c5064ddd5e578e4efd948d48d531a3f ]
>
> commit 8f4e0a18682d91 ("IPVS netns exit causes crash in conntrack")
> added second ip_vs_conn_drop_conntrack call instead of just adding
> the needed check. As result, the first call still can cause
> crash on netns exit. Remove it.
Queued up for 3.2, thanks.
Ben.
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.12.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.10.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.4.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.2.x
> Signed-off-by: Julian Anastasov <ja@xxxxxx>
> Signed-off-by: Hans Schillstrom <hans@xxxxxxxxxxxxxxx>
> Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
> ---
> net/netfilter/ipvs/ip_vs_conn.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
> index a8eb0a8..610e19c 100644
> --- a/net/netfilter/ipvs/ip_vs_conn.c
> +++ b/net/netfilter/ipvs/ip_vs_conn.c
> @@ -797,7 +797,6 @@ static void ip_vs_conn_expire(unsigned long data)
> ip_vs_control_del(cp);
>
> if (cp->flags & IP_VS_CONN_F_NFCT) {
> - ip_vs_conn_drop_conntrack(cp);
> /* Do not access conntracks during subsys cleanup
> * because nf_conntrack_find_get can not be used after
> * conntrack cleanup for the net.
--
Ben Hutchings
The world is coming to an end. Please log off.
Attachment:
signature.asc
Description: This is a digitally signed message part