diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-01-24 19:01:07 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2011-01-24 19:01:07 +0100 |
commit | c71caf4114a0e1da3451cc92fba6a152929cd4c2 (patch) | |
tree | a80b6b3cfe4d3a9ea74316ec5a2d68a66ca67ddc /net | |
parent | b30532515f0a62bfe17207ab00883dd262497006 (diff) | |
download | kernel_samsung_crespo-c71caf4114a0e1da3451cc92fba6a152929cd4c2.zip kernel_samsung_crespo-c71caf4114a0e1da3451cc92fba6a152929cd4c2.tar.gz kernel_samsung_crespo-c71caf4114a0e1da3451cc92fba6a152929cd4c2.tar.bz2 |
netfilter: ctnetlink: fix missing refcount increment during dumps
In 13ee6ac netfilter: fix race in conntrack between dump_table and
destroy, we recovered spinlocks to protect the dump of the conntrack
table according to reports from Stephen and acknowledgments on the
issue from Eric.
In that patch, the refcount bump that allows to keep a reference
to the current ct object was removed. However, we still decrement
the refcount for that object in the output path of
ctnetlink_dump_table():
if (last)
nf_ct_put(last)
Cc: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 93297aa..eead9db 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -667,6 +667,7 @@ restart: if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, ct) < 0) { + nf_conntrack_get(&ct->ct_general); cb->args[1] = (unsigned long)ct; goto out; } |