[stable] Patch "netfilter: ctnetlink: fix missing refcount increment during dumps" has been added to the 2.6.37-stable tree

Sun, 20 Feb 2011 19:34:59 -0800 

This is a note to let you know that I've just added the patch titled

    netfilter: ctnetlink: fix missing refcount increment during dumps

to the 2.6.37-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-ctnetlink-fix-missing-refcount-increment-during-dumps.patch
and it can be found in the queue-2.6.37 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From c71caf4114a0e1da3451cc92fba6a152929cd4c2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <[email protected]>
Date: Mon, 24 Jan 2011 19:01:07 +0100
Subject: netfilter: ctnetlink: fix missing refcount increment during dumps

From: Pablo Neira Ayuso <[email protected]>

commit c71caf4114a0e1da3451cc92fba6a152929cd4c2 upstream.

In 13ee6ac netfilter: fix race in conntrack between dump_table and
destroy, we recovered spinlocks to protect the dump of the conntrack
table according to reports from Stephen and acknowledgments on the
issue from Eric.

In that patch, the refcount bump that allows to keep a reference
to the current ct object was removed. However, we still decrement
the refcount for that object in the output path of
ctnetlink_dump_table():

        if (last)
                nf_ct_put(last)

Cc: Stephen Hemminger <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 net/netfilter/nf_conntrack_netlink.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -664,6 +664,7 @@ restart:
                        if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
                                                cb->nlh->nlmsg_seq,
                                                IPCTNL_MSG_CT_NEW, ct) < 0) {
+                               nf_conntrack_get(&ct->ct_general);
                                cb->args[1] = (unsigned long)ct;
                                goto out;
                        }


Patches currently in stable-queue which might be from [email protected] are

queue-2.6.37/netfilter-ctnetlink-fix-missing-refcount-increment-during-dumps.patch
queue-2.6.37/netfilter-fix-race-in-conntrack-between-dump_table-and-destroy.patch

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to