netfilter: ctnetlink: fix race between delete and timeout expiration
Kerin Millar reported hardlockups while running `conntrackd -c' in a busy firewall. That system (with several processors) was acting as backup in a primary-backup setup. After several tries, I found a race condition between the deletion operation of ctnetlink and timeout expiration. This patch fixes this problem. Tested-by: Kerin Millar <kerframil@gmail.com> Reported-by: Kerin Millar <kerframil@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
c577923756
commit
a16a1647fa
1 changed files with 12 additions and 11 deletions
|
@ -943,6 +943,7 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
|
|||
}
|
||||
}
|
||||
|
||||
if (del_timer(&ct->timeout)) {
|
||||
if (nf_conntrack_event_report(IPCT_DESTROY, ct,
|
||||
NETLINK_CB(skb).pid,
|
||||
nlmsg_report(nlh)) < 0) {
|
||||
|
@ -952,11 +953,11 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
|
|||
nf_ct_put(ct);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* death_by_timeout would report the event again */
|
||||
set_bit(IPS_DYING_BIT, &ct->status);
|
||||
|
||||
nf_ct_kill(ct);
|
||||
nf_ct_delete_from_lists(ct);
|
||||
nf_ct_put(ct);
|
||||
}
|
||||
nf_ct_put(ct);
|
||||
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue