Patchwork [3/3] netfilter: xt_CT: remove a compile warning

login
register
mail settings
Submitter Pablo Neira
Date April 3, 2012, 2:52 p.m.
Message ID <20120403145210.GA31196@1984>
Download mbox | patch
Permalink /patch/150459/
State Accepted
Delegated to: David Miller
Headers show

Comments

Pablo Neira - April 3, 2012, 2:52 p.m.
On Tue, Apr 03, 2012 at 11:28:50PM +0900, Tetsuo Handa wrote:
> Pablo Neira Ayuso wrote:
> > A bit better patch, no need to hold rcu_read_lock again in
> > xt_ct_tg_timeout_put (even if that doesn't harm).
> 
> Patch looks OK.
> 
> By the way,
> 
> 665 static struct nf_conn *
> 666 __nf_conntrack_alloc(struct net *net, u16 zone,
> 667                      const struct nf_conntrack_tuple *orig,
> 668                      const struct nf_conntrack_tuple *repl,
> 669                      gfp_t gfp, u32 hash)
> 670 {
> (...snipped...)
> 680         atomic_inc(&net->ct.count);
> (...snipped...)
> 698         ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp);
> 699         if (ct == NULL) {
> 700                 atomic_dec(&net->ct.count);
> 701                 return ERR_PTR(-ENOMEM);
> 702         }
> (...snipped...)
> 720         if (zone) {
> 721                 struct nf_conntrack_zone *nf_ct_zone;
> 722 
> 723                 nf_ct_zone = nf_ct_ext_add(ct, NF_CT_EXT_ZONE, GFP_ATOMIC);
> 724                 if (!nf_ct_zone)
> 725                         goto out_free;
> 726                 nf_ct_zone->id = zone;
> 727         }
> (...snipped...)
> 737 out_free:
> 
> I think we want to call atomic_dec() here.

Good catch :-).

Patch to address this issue follows.
David Miller - April 3, 2012, 11:21 p.m.
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 3 Apr 2012 16:52:10 +0200

>>From 0fca4d604c0898128014bc03ef965e0cf187a5e9 Mon Sep 17 00:00:00 2001
> From: Pablo Neira Ayuso <pablo@netfilter.org>
> Date: Tue, 3 Apr 2012 16:45:54 +0200
> Subject: [PATCH] netfilter: nf_conntrack: fix count leak in error path of __nf_conntrack_alloc
> 
> We have to decrement the conntrack counter if we fail to access the
> zone extension.
> 
> Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

From 0fca4d604c0898128014bc03ef965e0cf187a5e9 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 3 Apr 2012 16:45:54 +0200
Subject: [PATCH] netfilter: nf_conntrack: fix count leak in error path of __nf_conntrack_alloc

We have to decrement the conntrack counter if we fail to access the
zone extension.

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_core.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index cbdb754..3cc4487 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -735,6 +735,7 @@  __nf_conntrack_alloc(struct net *net, u16 zone,
 
 #ifdef CONFIG_NF_CONNTRACK_ZONES
 out_free:
+	atomic_dec(&net->ct.count);
 	kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
 	return ERR_PTR(-ENOMEM);
 #endif
-- 
1.7.2.5