From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:53700 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725913AbeKULXf (ORCPT ); Wed, 21 Nov 2018 06:23:35 -0500 Date: Wed, 21 Nov 2018 01:51:31 +0100 From: Florian Westphal To: Alakesh Haloi Cc: Pablo Neira Ayuso , Greg KH , stable@vger.kernel.org, Jozsef Kadlecsik , Florian Westphal , "David S. Miller" Subject: Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting Message-ID: <20181121005131.eux4kzzmexij4qwt@breakpoint.cc> References: <20181119221732.GA82454@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com> <20181120074839.GC15276@kroah.com> <20181120094436.so3m3kc5jqrbkpz7@salvia> <20181121002149.GA120849@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181121002149.GA120849@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com> Sender: stable-owner@vger.kernel.org List-ID: Alakesh Haloi wrote: > Thanks Greg and Pablo for your suggestions! We found this issue on 4.14 > stable kernel and hence the fix is based on 4.14. The xt_connlimit module > source seemed to have been refactored. At one point I tested 4.18-rc1 and > the issue was still present. However I have not tested the most recent > one. I will follow your suggestions and try to reproduce the issue in > master branch of nf.git tree and in linus's tree and if i cannot reproduce > it then I will go ahead and pick the relevant patches for backporting. > This patch fixes the issue without bringing in any refactor patches. But > that is probably not the right way to go for it. Actually it might be needed, the changes in upstream are pretty invasive. So, in case you can reproduce this with nf.git or linus tree it would be great if you could send a fix for nf.git. But In case you can't reproduce, its possible your patch is still needed for stable.