Patchwork netfilter: ctnetlink: fix GFP_KERNEL allocation under spinlock

login
register
mail settings
Submitter Patrick McHardy
Date Nov. 26, 2008, 11:23 a.m.
Message ID <492D319C.4060008@trash.net>
Download mbox | patch
Permalink /patch/10892/
State Accepted
Delegated to: David Miller
Headers show

Comments

Patrick McHardy - Nov. 26, 2008, 11:23 a.m.
This patch for 2.6.28 fixes a GFP_KERNEL allocation under spinlock
in ctnetlink that was missed in the conntrack creation race fix.

Please apply, thanks.
David Miller - Nov. 26, 2008, 11:57 a.m.
From: Patrick McHardy <kaber@trash.net>
Date: Wed, 26 Nov 2008 12:23:08 +0100

> This patch for 2.6.28 fixes a GFP_KERNEL allocation under spinlock
> in ctnetlink that was missed in the conntrack creation race fix.
> 
> Please apply, thanks.

Applied, thanks Patrick.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

commit 49a12376315f651decfa67c07041e2d0c2e04968
Author: Patrick McHardy <kaber@trash.net>
Date:   Wed Nov 26 12:16:50 2008 +0100

    netfilter: ctnetlink: fix GFP_KERNEL allocation under spinlock
    
    The previous fix for the conntrack creation race (netfilter: ctnetlink:
    fix conntrack creation race) missed a GFP_KERNEL allocation that is
    now performed while holding a spinlock. Switch to GFP_ATOMIC.
    
    Reported-and-tested-by: Zoltan Borbely <bozo@andrews.hu>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 3b009a3..5f4a651 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1138,7 +1138,7 @@  ctnetlink_create_conntrack(struct nlattr *cda[],
 		}
 	}
 
-	nf_ct_acct_ext_add(ct, GFP_KERNEL);
+	nf_ct_acct_ext_add(ct, GFP_ATOMIC);
 
 #if defined(CONFIG_NF_CONNTRACK_MARK)
 	if (cda[CTA_MARK])