Skip to main content

Browse the archive

Revision 34a4c95abd25ab41fb390b985a08a651b1fa0b0f authored by Pablo Neira Ayuso on 30 September 2019, 09:05:49 UTC, committed by Pablo Neira Ayuso on 01 October 2019, 16:42:15 UTC 
netfilter: nft_connlimit: disable bh on garbage collection
 
BH must be disabled when invoking nf_conncount_gc_list() to perform
garbage collection, otherwise deadlock might happen.

  nf_conncount_add+0x1f/0x50 [nf_conncount]
  nft_connlimit_eval+0x4c/0xe0 [nft_connlimit]
  nft_dynset_eval+0xb5/0x100 [nf_tables]
  nft_do_chain+0xea/0x420 [nf_tables]
  ? sch_direct_xmit+0x111/0x360
  ? noqueue_init+0x10/0x10
  ? __qdisc_run+0x84/0x510
  ? tcp_packet+0x655/0x1610 [nf_conntrack]
  ? ip_finish_output2+0x1a7/0x430
  ? tcp_error+0x130/0x150 [nf_conntrack]
  ? nf_conntrack_in+0x1fc/0x4c0 [nf_conntrack]
  nft_do_chain_ipv4+0x66/0x80 [nf_tables]
  nf_hook_slow+0x44/0xc0
  ip_rcv+0xb5/0xd0
  ? ip_rcv_finish_core.isra.19+0x360/0x360
  __netif_receive_skb_one_core+0x52/0x70
  netif_receive_skb_internal+0x34/0xe0
  napi_gro_receive+0xba/0xe0
  e1000_clean_rx_irq+0x1e9/0x420 [e1000e]
  e1000e_poll+0xbe/0x290 [e1000e]
  net_rx_action+0x149/0x3b0
  __do_softirq+0xde/0x2d8
  irq_exit+0xba/0xc0
  do_IRQ+0x85/0xd0
  common_interrupt+0xf/0xf
  </IRQ>
  RIP: 0010:nf_conncount_gc_list+0x3b/0x130 [nf_conncount]

Fixes: 2f971a8f4255 ("netfilter: nf_conncount: move all list iterations under spinlock")
Reported-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 895b5c9
History
File Mode Size
atomic
basic
coccinelle
dtc
gcc-plugins
gdb
genksyms
kconfig
ksymoops
mod
package
selinux
tracing
.gitignore -rw-r--r-- 145 bytes
Kbuild.include -rw-r--r-- 12.2 KB
Kconfig.include -rw-r--r-- 1.3 KB
Lindent -rwxr-xr-x 502 bytes
Makefile -rw-r--r-- 1.4 KB
Makefile.asm-generic -rw-r--r-- 1.8 KB
Makefile.build -rw-r--r-- 17.5 KB
Makefile.clean -rw-r--r-- 2.2 KB
Makefile.dtbinst -rw-r--r-- 1.1 KB
Makefile.extrawarn -rw-r--r-- 2.6 KB
Makefile.gcc-plugins -rw-r--r-- 2.4 KB
Makefile.headersinst -rw-r--r-- 3.2 KB
Makefile.host -rw-r--r-- 6.9 KB
Makefile.kasan -rw-r--r-- 1.4 KB
Makefile.kcov -rw-r--r-- 359 bytes
Makefile.lib -rw-r--r-- 15.3 KB
Makefile.modbuiltin -rw-r--r-- 1.7 KB
Makefile.modfinal -rw-r--r-- 1.8 KB
Makefile.modinst -rw-r--r-- 1.1 KB
Makefile.modpost -rw-r--r-- 3.4 KB
Makefile.modsign -rw-r--r-- 791 bytes
Makefile.package -rw-r--r-- 6.5 KB
Makefile.ubsan -rw-r--r-- 864 bytes
adjust_autoksyms.sh -rwxr-xr-x 2.6 KB
asn1_compiler.c -rw-r--r-- 35.3 KB
bin2c.c -rw-r--r-- 743 bytes
bloat-o-meter -rwxr-xr-x 3.3 KB
bootgraph.pl -rwxr-xr-x 5.6 KB
bpf_helpers_doc.py -rwxr-xr-x 15.5 KB
cc-can-link.sh -rwxr-xr-x 166 bytes
check_extable.sh -rwxr-xr-x 4.9 KB
checkincludes.pl -rwxr-xr-x 1.9 KB
checkkconfigsymbols.py -rwxr-xr-x 15.5 KB
checkpatch.pl -rwxr-xr-x 199.4 KB
checkstack.pl -rwxr-xr-x 5.3 KB
checksyscalls.sh -rwxr-xr-x 7.3 KB
checkversion.pl -rwxr-xr-x 1.9 KB
clang-version.sh -rwxr-xr-x 527 bytes
cleanfile -rwxr-xr-x 3.5 KB
cleanpatch -rwxr-xr-x 5.1 KB
coccicheck -rwxr-xr-x 7.2 KB
config -rwxr-xr-x 4.5 KB
conmakehash.c -rw-r--r-- 5.8 KB
const_structs.checkpatch -rw-r--r-- 964 bytes
decode_stacktrace.sh -rwxr-xr-x 3.9 KB
decodecode -rwxr-xr-x 2.6 KB
depmod.sh -rwxr-xr-x 1.3 KB
diffconfig -rwxr-xr-x 3.7 KB
documentation-file-ref-check -rwxr-xr-x 5.4 KB
export_report.pl -rwxr-xr-x 4.5 KB
extract-cert.c -rw-r--r-- 3.5 KB
extract-ikconfig -rwxr-xr-x 1.7 KB
extract-module-sig.pl -rwxr-xr-x 3.7 KB
extract-sys-certs.pl -rwxr-xr-x 3.7 KB
extract-vmlinux -rwxr-xr-x 1.7 KB
extract_xc3028.pl -rwxr-xr-x 44.6 KB
faddr2line -rwxr-xr-x 6.2 KB
file-size.sh -rwxr-xr-x 86 bytes
find-unused-docs.sh -rwxr-xr-x 1.3 KB
gcc-goto.sh -rwxr-xr-x 511 bytes
gcc-ld -rwxr-xr-x 711 bytes
gcc-plugin.sh -rwxr-xr-x 1.1 KB
gcc-version.sh -rwxr-xr-x 588 bytes
gcc-x86_32-has-stack-protector.sh -rwxr-xr-x 173 bytes
gcc-x86_64-has-stack-protector.sh -rwxr-xr-x 198 bytes
gen_compile_commands.py -rwxr-xr-x 5.6 KB
gen_ksymdeps.sh -rwxr-xr-x 399 bytes
get_abi.pl -rwxr-xr-x 10.1 KB
get_dvb_firmware -rwxr-xr-x 24.5 KB
get_maintainer.pl -rwxr-xr-x 66.0 KB
gfp-translate -rwxr-xr-x 1.7 KB
headerdep.pl -rwxr-xr-x 3.5 KB
headers_check.pl -rwxr-xr-x 3.7 KB
headers_install.sh -rwxr-xr-x 3.6 KB
insert-sys-cert.c -rw-r--r-- 8.9 KB
kallsyms.c -rw-r--r-- 18.0 KB
kernel-doc -rwxr-xr-x 60.8 KB
ld-version.sh -rwxr-xr-x 269 bytes
leaking_addresses.pl -rwxr-xr-x 12.8 KB
link-vmlinux.sh -rwxr-xr-x 7.5 KB
makelst -rwxr-xr-x 808 bytes
markup_oops.pl -rwxr-xr-x 7.9 KB
mkcompile_h -rwxr-xr-x 2.6 KB
mkmakefile -rwxr-xr-x 426 bytes
mksysmap -rwxr-xr-x 1.3 KB
mkuboot.sh -rwxr-xr-x 414 bytes
module-common.lds -rw-r--r-- 901 bytes
modules-check.sh -rwxr-xr-x 303 bytes
namespace.pl -rwxr-xr-x 13.0 KB
nsdeps -rw-r--r-- 1.9 KB
objdiff -rwxr-xr-x 2.8 KB
parse-maintainers.pl -rw-r--r-- 3.7 KB
patch-kernel -rwxr-xr-x 9.9 KB
pnmtologo.c -rw-r--r-- 11.9 KB
profile2linkerlist.pl -rwxr-xr-x 414 bytes
prune-kernel -rwxr-xr-x 708 bytes
recordmcount.c -rw-r--r-- 16.2 KB
recordmcount.h -rw-r--r-- 17.2 KB
recordmcount.pl -rwxr-xr-x 18.8 KB
setlocalversion -rwxr-xr-x 4.3 KB
show_delta -rwxr-xr-x 3.0 KB
sign-file.c -rw-r--r-- 9.8 KB
sortextable.c -rw-r--r-- 8.3 KB
sortextable.h -rw-r--r-- 5.5 KB
spdxcheck-test.sh -rw-r--r-- 323 bytes
spdxcheck.py -rwxr-xr-x 9.9 KB
spelling.txt -rw-r--r-- 28.8 KB
sphinx-pre-install -rwxr-xr-x 17.6 KB
split-man.pl -rwxr-xr-x 600 bytes
stackdelta -rwxr-xr-x 1.8 KB
stackusage -rwxr-xr-x 794 bytes
subarch.include -rw-r--r-- 641 bytes
tags.sh -rwxr-xr-x 9.3 KB
tools-support-relr.sh -rwxr-xr-x 526 bytes
unifdef.c -rw-r--r-- 34.8 KB
ver_linux -rwxr-xr-x 2.7 KB
xen-hypercalls.sh -rw-r--r-- 386 bytes
xz_wrap.sh -rwxr-xr-x 562 bytes
back to top