Re: [PATCH] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v2)

On Wed, 2014-01-08 at 17:17 +0400, Andrey Vagin wrote: > Lets look at destroy_conntrack: > > hlist_nulls_del_rcu(>tuplehash[IP_CT_DIR_ORIGINAL].hnnode); > ... > nf_conntrack_free(ct) > kmem_cache_free(net->ct.nf_conntrack_cachep, ct); > > net->ct.nf_conntrack_cachep is created with

[PATCH] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v2)

Lets look at destroy_conntrack: hlist_nulls_del_rcu(>tuplehash[IP_CT_DIR_ORIGINAL].hnnode); ... nf_conntrack_free(ct) kmem_cache_free(net->ct.nf_conntrack_cachep, ct); net->ct.nf_conntrack_cachep is created with SLAB_DESTROY_BY_RCU. The hash is protected by rcu, so readers look up

[PATCH] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v2)

Lets look at destroy_conntrack: hlist_nulls_del_rcu(ct-tuplehash[IP_CT_DIR_ORIGINAL].hnnode); ... nf_conntrack_free(ct) kmem_cache_free(net-ct.nf_conntrack_cachep, ct); net-ct.nf_conntrack_cachep is created with SLAB_DESTROY_BY_RCU. The hash is protected by rcu, so readers look up

Re: [PATCH] netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get (v2)

On Wed, 2014-01-08 at 17:17 +0400, Andrey Vagin wrote: Lets look at destroy_conntrack: hlist_nulls_del_rcu(ct-tuplehash[IP_CT_DIR_ORIGINAL].hnnode); ... nf_conntrack_free(ct) kmem_cache_free(net-ct.nf_conntrack_cachep, ct); net-ct.nf_conntrack_cachep is created with