Re: [PATCH] Fix repeatable Oops on container destroy with conntrack
From: Alex Bligh
Date: Tue Sep 13 2011 - 16:44:45 EST
Alexey / Pablo,
--On 12 September 2011 20:06:25 +0100 Alex Bligh <alex@xxxxxxxxxxx> wrote:
Pablo,
--On 12 September 2011 20:33:57 +0200 Pablo Neira Ayuso
<pablo@xxxxxxxxxxxxx> wrote:
Yes, this is what Alexey was pointing out in the previous email and
why he suggested to move it to nfnetlink_has_listeners (to cover the
expectation case).
But you're right, we cannot move it to nfnetlink_has_listeners because
of the item->report case. Please, include the expectation part and
resend the patch.
Thanks - see below
Is this new version OK? I am happy to adjust if not.
I think we ought to get /something/ in, because without anything it's
very simple to cause an oops and a resultant machine hang.
--
Alex Bligh
Signed-off-by: Alex Bligh <alex@xxxxxxxxxxx>
---
net/netfilter/nf_conntrack_netlink.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c
b/net/netfilter/nf_conntrack_netlink.c
index 482e90c..f44d571 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -570,6 +570,11 @@ ctnetlink_conntrack_event(unsigned int events,
struct nf_ct_event *item)
return 0;
net = nf_ct_net(ct);
+
+ /* container deinit, netlink may have died before
death_by_timeout */
+ if (!net->nfnl)
+ return 0;
+
if (!item->report && !nfnetlink_has_listeners(net, group))
return 0;
@@ -1723,6 +1728,10 @@ ctnetlink_expect_event(unsigned int events, struct
nf_exp_event *item)
} else
return 0;
+ /* container deinit, netlink may have died before
death_by_timeout */
+ if (!net->nfnl)
+ return 0;
+
if (!item->report && !nfnetlink_has_listeners(net, group))
return 0;
--
1.7.5.4
--
Alex Bligh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/