projects / profile / ivi / kernel-x86-ivi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6eb4c7e) | patch
netfilter: nf_nat: fix race when unloading protocol modules
authorFlorian Westphal <fw@strlen.de>
Thu, 11 Apr 2013 04:22:39 +0000 (04:22 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 12 Apr 2013 09:46:31 +0000 (11:46 +0200)
commitc2d421e171868586939c328dfb91bab840fe4c49
tree6452289ea13a425e5118d22f83a81bc86b6cb818tree | snapshot
parent6eb4c7e96e19fd2c38a103472048fc0e0e0a3ec3commit | diff
netfilter: nf_nat: fix race when unloading protocol modules

following oops was reported:
RIP: 0010:[<ffffffffa03227f2>]  [<ffffffffa03227f2>] nf_nat_cleanup_conntrack+0x42/0x70 [nf_nat]
RSP: 0018:ffff880202c63d40  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801ac7bec28 RCX: ffff8801d0eedbe0
RDX: dead000000200200 RSI: 0000000000000011 RDI: ffffffffa03265b8
[..]
Call Trace:
 [..]
 [<ffffffffa02febed>] destroy_conntrack+0xbd/0x110 [nf_conntrack]

Happens when a conntrack timeout expires right after first part
of the nat cleanup has completed (bysrc hash removal), but before
part 2 has completed (re-initialization of nat area).

[ destroy callback tries to delete bysrc again ]

Patrick suggested to just remove the affected conntracks -- the
connections won't work properly anyway without nat transformation.

So, lets do that.

Reported-by: CAI Qian <caiqian@redhat.com>
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_nat_core.c diff | blob | history
Domain: System / Uncategorized;