This patchset fixes bugs in ipt_CLUSTERIP.
First patch fixes deadlock when netns is destroyed.
When netns is destroyed cleanup_net() is called.
That function calls ->exit callback of pernet_ops.
->exit callback of ipt_CLUSTERIP hold same lock with cleanup_net().
so that deadlock will occurred.
Second patch removes wrong WARN_ON_ONCE() in clusterip_net_exit().
A WARN_ON_ONCE() in clusterip_net_exit() is for checking cleanup
is successfully done. but clusterip_net_exit() is called earlier than
cleanup function(clusterip_tg_destroy). so that it can't check about that.
Third patch fixes sleep-in-atomic bug when config structure is destroyed.
In order to sync create and remove of proc entry, proc_remove() is placed in
spin_lock.
But proc_remove() can sleep. so that proc_remove() shouldn't be inside
of spin_lock.
v3: add Third patch.
v2:
- use spin_lock_bh() instead of spin_lock() (Pablo Neira Ayuso)
- add missing dev_mc_add() and dev_mc_del().
v1: Initial patch
Taehee Yoo (3):
netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit
routine
netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in
clusterip_config_entry_put()
net/ipv4/netfilter/ipt_CLUSTERIP.c | 175 +++++++++++++++++------------
1 file changed, 101 insertions(+), 74 deletions(-)
--
2.17.1
