Skip to content

Commit

Permalink
Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm agai…
Browse files Browse the repository at this point in the history
…nst get_next_corpse"

This reverts commit 88fd870 which was
commit 5195c14 upstream, which was
reverted in commit 43612d7.

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Daniel Borkmann <dborkman@redhat.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Greg Kroah-Hartman committed Dec 7, 2014
1 parent f0d3951 commit ae4a0d0
Showing 1 changed file with 6 additions and 8 deletions.
14 changes: 6 additions & 8 deletions net/netfilter/nf_conntrack_core.c
Original file line number Diff line number Diff line change
@@ -611,16 +611,12 @@ __nf_conntrack_confirm(struct sk_buff *skb)
*/
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
pr_debug("Confirming conntrack %p\n", ct);

/* We have to check the DYING flag after unlink to prevent
* a race against nf_ct_get_next_corpse() possibly called from
* user context, else we insert an already 'dead' hash, blocking
* further use of that particular connection -JM.
*/
nf_ct_del_from_dying_or_unconfirmed_list(ct);
/* We have to check the DYING flag inside the lock to prevent
a race against nf_ct_get_next_corpse() possibly called from
user context, else we insert an already 'dead' hash, blocking
further use of that particular connection -JM */

if (unlikely(nf_ct_is_dying(ct))) {
nf_ct_add_to_dying_list(ct);
nf_conntrack_double_unlock(hash, reply_hash);
local_bh_enable();
return NF_ACCEPT;
@@ -640,6 +636,8 @@ __nf_conntrack_confirm(struct sk_buff *skb)
zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)))
goto out;

nf_ct_del_from_dying_or_unconfirmed_list(ct);

/* Timer relative to confirmation time, not original
setting time, otherwise we'd get timer wrap in
weird delay cases. */

0 comments on commit ae4a0d0

Please sign in to comment.