Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Eric Dumazet 941297f443 netfilter: nf_conntrack: nf_conntrack_alloc() fixes 
When a slab cache uses SLAB_DESTROY_BY_RCU, we must be careful when allocating
objects, since slab allocator could give a freed object still used by lockless
readers.

In particular, nf_conntrack RCU lookups rely on ct->tuplehash[xxx].hnnode.next
being always valid (ie containing a valid 'nulls' value, or a valid pointer to next
object in hash chain.)

kmem_cache_zalloc() setups object with NULL values, but a NULL value is not valid
for ct->tuplehash[xxx].hnnode.next.

Fix is to call kmem_cache_alloc() and do the zeroing ourself.

As spotted by Patrick, we also need to make sure lookup keys are committed to
memory before setting refcount to 1, or a lockless reader could get a reference
on the old version of the object. Its key re-check could then pass the barrier.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
 		2009-07-16 14:03:40 +02:00
..
ipvs net: skb->dst accessors 2009-06-03 02:51:04 -07:00
Kconfig Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6 2009-06-15 03:02:23 -07:00
Makefile netfilter: passive OS fingerprint xtables match 2009-06-08 17:01:51 +02:00
core.c
nf_conntrack_acct.c trivial: Fix paramater/parameter typo in dmesg and source comments 2009-06-12 18:01:46 +02:00
nf_conntrack_amanda.c
nf_conntrack_core.c netfilter: nf_conntrack: nf_conntrack_alloc() fixes 2009-07-16 14:03:40 +02:00
nf_conntrack_ecache.c netfilter: conntrack: optional reliable conntrack event delivery 2009-06-13 12:30:52 +02:00
nf_conntrack_expect.c nf_conntrack: Use rcu_barrier() 2009-06-25 16:32:52 +02:00
nf_conntrack_extend.c nf_conntrack: Use rcu_barrier() 2009-06-25 16:32:52 +02:00
nf_conntrack_ftp.c netfilter: conntrack: simplify event caching system 2009-06-02 20:08:46 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: move helper destruction to nf_ct_helper_destroy() 2009-06-13 12:28:22 +02:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c net: skb->rtable accessor 2009-06-03 02:51:02 -07:00
nf_conntrack_netlink.c netfilter: conntrack: optional reliable conntrack event delivery 2009-06-13 12:30:52 +02:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-06-11 16:00:49 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-06-11 16:00:49 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: use per-conntrack locks for protocol data 2009-06-10 14:32:47 +02:00
nf_conntrack_proto_tcp.c netfilter: tcp conntrack: fix unacknowledged data detection with NAT 2009-06-29 14:07:56 +02:00
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c
nf_conntrack_sip.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c
nf_internals.h
nf_log.c netfilter: nf_log: fix direct userspace memory access in proc handler 2009-06-22 14:15:30 +02:00
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink.c netfilter: conntrack: replace notify chain by function pointer 2009-06-03 10:32:06 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: fix wrong skbuff size calculation 2009-05-27 15:49:11 +02:00
nfnetlink_queue.c nfnetlink_queue: Use rcu_barrier() on module unload. 2009-06-10 01:11:23 -07:00
x_tables.c x_tables: Convert printk to pr_err 2009-06-13 12:32:39 +02:00
xt_CLASSIFY.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_DSCP.c
xt_HL.c
xt_LED.c
xt_MARK.c
xt_NFLOG.c
xt_NFQUEUE.c netfilter: fix some sparse endianess warnings 2009-06-22 14:15:02 +02:00
xt_NOTRACK.c
xt_RATEEST.c
xt_SECMARK.c
xt_TCPMSS.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_TCPOPTSTRIP.c
xt_TPROXY.c
xt_TRACE.c
xt_cluster.c netfilter: fix some sparse endianess warnings 2009-06-22 14:15:02 +02:00
xt_comment.c
xt_connbytes.c
xt_connlimit.c
xt_connmark.c
xt_conntrack.c netfilter: xtables: conntrack match revision 2 2009-06-29 14:31:46 +02:00
xt_dccp.c
xt_dscp.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_iprange.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_osf.c netfilter: xt_osf: fix nf_log_packet() arguments 2009-07-16 14:01:54 +02:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_quota.c netfilter: xt_quota: fix incomplete initialization 2009-06-22 14:16:45 +02:00
xt_rateest.c netfilter: xt_rateest: fix comparison with self 2009-06-22 14:17:12 +02:00
xt_realm.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_recent.c
xt_sctp.c
xt_socket.c netfilter: xt_socket: added new revision of the 'socket' match supporting flags 2009-06-09 15:16:34 +02:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c