2.6.37-stable review patch. If anyone has any objections, please let us know.
------------------ From: Pablo Neira Ayuso <[email protected]> commit c71caf4114a0e1da3451cc92fba6a152929cd4c2 upstream. In 13ee6ac netfilter: fix race in conntrack between dump_table and destroy, we recovered spinlocks to protect the dump of the conntrack table according to reports from Stephen and acknowledgments on the issue from Eric. In that patch, the refcount bump that allows to keep a reference to the current ct object was removed. However, we still decrement the refcount for that object in the output path of ctnetlink_dump_table(): if (last) nf_ct_put(last) Cc: Stephen Hemminger <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Acked-by: Eric Dumazet <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/netfilter/nf_conntrack_netlink.c | 1 + 1 file changed, 1 insertion(+) --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -664,6 +664,7 @@ restart: if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, ct) < 0) { + nf_conntrack_get(&ct->ct_general); cb->args[1] = (unsigned long)ct; goto out; } _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
