q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Jozsef Kadlecsik 7d367e0668 netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2) 
Marcell Zambo and Janos Farago noticed and reported that when
new conntrack entries are added via netlink and the conntrack table
gets full, soft lockup happens. This is because the nf_conntrack_lock
is held while nf_conntrack_alloc is called, which is in turn wants
to lock nf_conntrack_lock while evicting entries from the full table.

The patch fixes the soft lockup with limiting the holding of the
nf_conntrack_lock to the minimum, where it's absolutely required.
It required to extend (and thus change) nf_conntrack_hash_insert
so that it makes sure conntrack and ctnetlink do not add the same entry
twice to the conntrack table.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2012-02-24 12:24:15 +01:00
..
ipset netfilter: ipset: dumping error triggered removing references twice 2012-01-17 10:52:55 +01:00
ipvs ipvs: fix matching of fwmark templates during scheduling 2012-02-04 20:27:58 +01:00
Kconfig netfilter: Kconfig: fix unmet xt_nfacct dependencies 2011-12-29 14:39:19 -05:00
Makefile netfilter: xtables: move ipt_ecn to xt_ecn 2011-12-27 20:31:31 +01:00
core.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_acct.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
nf_conntrack_amanda.c
nf_conntrack_broadcast.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_core.c netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2) 2012-02-24 12:24:15 +01:00
nf_conntrack_ecache.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
nf_conntrack_expect.c netfilter: provide config option to disable ancient procfs parts 2011-12-27 20:45:28 +01:00
nf_conntrack_extend.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
nf_conntrack_ftp.c module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
nf_conntrack_h323_asn1.c netfilter: h323: bug in parsing of ASN1 SEQOF field 2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: revert user-space expectation helper support 2012-01-16 14:01:23 +01:00
nf_conntrack_irc.c netfilter: add more values to enum ip_conntrack_info 2011-06-06 01:35:10 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2) 2012-02-24 12:24:15 +01:00
nf_conntrack_pptp.c netfilter: nf_ct_pptp: fix DNATed PPTP connection address translation 2011-08-30 15:23:03 +02:00
nf_conntrack_proto.c netfilter: rcu sparse cleanups 2010-11-15 19:45:13 +01:00
nf_conntrack_proto_dccp.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_proto_sctp.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_proto_tcp.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_proto_udp.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_proto_udplite.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
nf_conntrack_sane.c netfilter: add more values to enum ip_conntrack_info 2011-06-06 01:35:10 +02:00
nf_conntrack_sip.c netfilter: add more values to enum ip_conntrack_info 2011-06-06 01:35:10 +02:00
nf_conntrack_snmp.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c netfilter: provide config option to disable ancient procfs parts 2011-12-27 20:45:28 +01:00
nf_conntrack_tftp.c
nf_conntrack_timestamp.c module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
nf_internals.h
nf_log.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
nf_queue.c netfilter: nf_queue: fix queueing of bridged gro skbs 2012-02-09 20:47:53 +01:00
nf_sockopt.c
nf_tproxy_core.c netfilter: tproxy: do not assign timewait sockets to skb->sk 2011-02-17 11:32:38 +01:00
nfnetlink.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
nfnetlink_acct.c netfilter: nfnetlink_acct: fix nfnl_acct_get operation 2012-01-01 16:36:08 +01:00
nfnetlink_log.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
nfnetlink_queue.c netfilter: nf_queue: reject NF_STOLEN verdicts from userspace 2011-08-30 15:01:20 +02:00
x_tables.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_AUDIT.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
xt_CHECKSUM.c
xt_CLASSIFY.c netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table 2010-11-15 13:57:56 +01:00
xt_CONNSECMARK.c
xt_CT.c netfilter: revert user-space expectation helper support 2012-01-16 14:01:23 +01:00
xt_DSCP.c netfilter: IPv6: fix DSCP mangle code 2011-05-10 10:00:21 +02:00
xt_HL.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_LED.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_NFLOG.c
xt_NFQUEUE.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_NOTRACK.c
xt_RATEEST.c net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu() 2011-07-20 14:10:19 -07:00
xt_SECMARK.c secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
xt_TCPMSS.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_TEE.c netfilter: ip6_route_output() never returns NULL. 2012-02-22 15:30:15 -05:00
xt_TPROXY.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_TRACE.c
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_cluster.c
xt_comment.c
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlimit.c netfilter: xt_connlimit: remove connlimit_rnd_inited 2011-03-15 13:26:32 +01:00
xt_connmark.c
xt_conntrack.c netfilter: revert a2361c8735 2011-05-10 12:13:36 +02:00
xt_cpu.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_dccp.c
xt_devgroup.c netfilter: xtables: add device group match 2011-02-03 00:05:43 +01:00
xt_dscp.c
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: fix unused variable warning if IPv6 disabled 2012-01-16 13:40:54 +01:00
xt_helper.c
xt_hl.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_iprange.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-04 14:28:58 -08:00
xt_ipvs.c IPVS: netns, use ip_vs_proto_data as param. 2011-01-13 10:30:27 +09:00
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_osf.c net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu() 2011-05-07 22:51:12 -07:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_rateest.c netfilter: xt_rateest: fix xt_rateest_mt_checkentry() 2011-07-29 16:24:46 +02:00
xt_realm.c
xt_recent.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
xt_repldata.h
xt_sctp.c
xt_set.c Remove redundant linux/version.h includes from net/ 2011-06-21 16:03:17 -07:00
xt_socket.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_state.c
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c