netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks (49ca022b) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 49ca022b authored Oct 15, 2019 by

Florian Westphal Committed by Pablo Neira Ayuso Oct 17, 2019

netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks



When dumping the unconfirmed lists, the cpu that is processing the ct
entry can reallocate ct->ext at any time.

Right now accessing the extensions from another CPU is ok provided
we're holding rcu read lock: extension reallocation does use rcu.

Once RCU isn't used anymore this becomes unsafe, so skip extensions for
the unconfirmed list.

Dumping the extension area for confirmed or dying conntracks is fine:
no reallocations are allowed and list iteration holds appropriate
locks that prevent ct (and this ct->ext) from getting free'd.

v2: fix compiler warnings due to misue of 'const' and missing return
    statement (kbuild robot).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 5ccbf891

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit c1f486e1
· Jul 29, 2021

mentioned in commit c1f486e1

mentioned in commit c1f486e1a9046b858d6c8571745c9e786a0cca96

Toggle commit list
mirror @mirror
mentioned in commit 1b72d43e
· Jul 29, 2021

mentioned in commit 1b72d43e

mentioned in commit 1b72d43e6b9f5dee6969df1570680652cf3ecbe4

Toggle commit list

Please register or to comment