mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 16:12:02 +00:00
[NETFILTER]: ctnetlink: fix deadlock in table dumping
ip_conntrack_put must not be called while holding ip_conntrack_lock since destroy_conntrack takes it again. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
6e8fcbf640
commit
d205dc4079
@ -415,21 +415,18 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
|
||||
cb->args[0], *id);
|
||||
|
||||
read_lock_bh(&ip_conntrack_lock);
|
||||
last = (struct ip_conntrack *)cb->args[1];
|
||||
for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++) {
|
||||
restart:
|
||||
last = (struct ip_conntrack *)cb->args[1];
|
||||
list_for_each_prev(i, &ip_conntrack_hash[cb->args[0]]) {
|
||||
h = (struct ip_conntrack_tuple_hash *) i;
|
||||
if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
|
||||
continue;
|
||||
ct = tuplehash_to_ctrack(h);
|
||||
if (last != NULL) {
|
||||
if (ct == last) {
|
||||
ip_conntrack_put(last);
|
||||
cb->args[1] = 0;
|
||||
last = NULL;
|
||||
} else
|
||||
if (cb->args[1]) {
|
||||
if (ct != last)
|
||||
continue;
|
||||
cb->args[1] = 0;
|
||||
}
|
||||
if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
|
||||
cb->nlh->nlmsg_seq,
|
||||
@ -440,17 +437,17 @@ restart:
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if (last != NULL) {
|
||||
ip_conntrack_put(last);
|
||||
if (cb->args[1]) {
|
||||
cb->args[1] = 0;
|
||||
goto restart;
|
||||
}
|
||||
}
|
||||
out:
|
||||
read_unlock_bh(&ip_conntrack_lock);
|
||||
if (last)
|
||||
ip_conntrack_put(last);
|
||||
|
||||
DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
|
||||
|
||||
return skb->len;
|
||||
}
|
||||
|
||||
|
@ -429,9 +429,9 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
|
||||
cb->args[0], *id);
|
||||
|
||||
read_lock_bh(&nf_conntrack_lock);
|
||||
last = (struct nf_conn *)cb->args[1];
|
||||
for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) {
|
||||
restart:
|
||||
last = (struct nf_conn *)cb->args[1];
|
||||
list_for_each_prev(i, &nf_conntrack_hash[cb->args[0]]) {
|
||||
h = (struct nf_conntrack_tuple_hash *) i;
|
||||
if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
|
||||
@ -442,13 +442,10 @@ restart:
|
||||
* then dump everything. */
|
||||
if (l3proto && L3PROTO(ct) != l3proto)
|
||||
continue;
|
||||
if (last != NULL) {
|
||||
if (ct == last) {
|
||||
nf_ct_put(last);
|
||||
cb->args[1] = 0;
|
||||
last = NULL;
|
||||
} else
|
||||
if (cb->args[1]) {
|
||||
if (ct != last)
|
||||
continue;
|
||||
cb->args[1] = 0;
|
||||
}
|
||||
if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
|
||||
cb->nlh->nlmsg_seq,
|
||||
@ -459,17 +456,17 @@ restart:
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if (last != NULL) {
|
||||
nf_ct_put(last);
|
||||
if (cb->args[1]) {
|
||||
cb->args[1] = 0;
|
||||
goto restart;
|
||||
}
|
||||
}
|
||||
out:
|
||||
read_unlock_bh(&nf_conntrack_lock);
|
||||
if (last)
|
||||
nf_ct_put(last);
|
||||
|
||||
DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
|
||||
|
||||
return skb->len;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user