| Message ID | 20181105092226.25025-1-ap420073@gmail.com |
|---|---|
| Headers | show |
| Series | netfilter: ipt_CLUSTERIP: fix bugs in ipt_CLUSTERIP | expand |
On Mon, Nov 05, 2018 at 06:22:26PM +0900, Taehee Yoo wrote: > This patchset fixes bugs in ipt_CLUSTERIP. I've been queueing this to place it in nf-next instead. [...] > net/ipv4/netfilter/ipt_CLUSTERIP.c | 178 +++++++++++++++++------------ > 1 file changed, 103 insertions(+), 75 deletions(-) I understand this is fixing bugs, but it is also a large rewrite of many portions. Thanks.
This patchset fixes bugs in ipt_CLUSTERIP. First patch fixes deadlock when netns is destroyed. When netns is destroyed cleanup_net() is called. That function calls ->exit callback of pernet_ops. ->exit callback of ipt_CLUSTERIP hold same lock with cleanup_net(). so that deadlock will occurred. Second patch removes wrong WARN_ON_ONCE() in clusterip_net_exit(). A WARN_ON_ONCE() in clusterip_net_exit() is for checking cleanup is successfully done. but clusterip_net_exit() is called earlier than cleanup function(clusterip_tg_destroy). so that it can't check about that. Third patch fixes sleep-in-atomic bug when config structure is destroyed. In order to sync create and remove of proc entry, proc_remove() is placed in spin_lock. But proc_remove() can sleep. so that proc_remove() shouldn't be inside of spin_lock. Fourth patch do not allow incompatible MAC address config setting. If same destination IP address config is already existing, that config is just used. MAC address also should be same. However, there is no MAC address checking routine. v3: add Fourth patch. v2: - use spin_lock_bh() instead of spin_lock() (Pablo Neira Ayuso) - add missing dev_mc_add() and dev_mc_del(). - add Third patch. v1: Initial patch Taehee Yoo (4): netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put() netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set net/ipv4/netfilter/ipt_CLUSTERIP.c | 178 +++++++++++++++++------------ 1 file changed, 103 insertions(+), 75 deletions(-)