From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 15/16] netfilter: nf_conncount: remove wrong condition check routine
Date: Wed, 28 Nov 2018 11:17:40 +0100 [thread overview]
Message-ID: <20181128101741.20924-16-pablo@netfilter.org> (raw)
In-Reply-To: <20181128101741.20924-1-pablo@netfilter.org>
From: Taehee Yoo <ap420073@gmail.com>
All lists that reach the tree_nodes_free() function have both zero
counter and true dead flag. The reason for this is that lists to be
release are selected by nf_conncount_gc_list() which already decrements
the list counter and sets on the dead flag. Therefore, this if statement
in tree_nodes_free() is unnecessary and wrong.
Fixes: 31568ec09ea0 ("netfilter: nf_conncount: fix list_del corruption in conn_free")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conncount.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index 8acae4a3e4c0..b6d0f6deea86 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -323,11 +323,8 @@ static void tree_nodes_free(struct rb_root *root,
while (gc_count) {
rbconn = gc_nodes[--gc_count];
spin_lock(&rbconn->list.list_lock);
- if (rbconn->list.count == 0 && rbconn->list.dead == false) {
- rbconn->list.dead = true;
- rb_erase(&rbconn->node, root);
- call_rcu(&rbconn->rcu_head, __tree_nodes_free);
- }
+ rb_erase(&rbconn->node, root);
+ call_rcu(&rbconn->rcu_head, __tree_nodes_free);
spin_unlock(&rbconn->list.list_lock);
}
}
--
2.11.0
next prev parent reply other threads:[~2018-11-28 21:19 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 10:17 [PATCH 00/16] Netfilter fixes for net Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 01/16] netfilter: nf_conncount: use spin_lock_bh instead of spin_lock Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 02/16] netfilter: nf_conncount: fix list_del corruption in conn_free Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 03/16] netfilter: nf_conncount: fix unexpected permanent node of list Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 04/16] netfilter: nf_tables: don't skip inactive chains during update Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 05/16] selftests: add script to stress-test nft packet path vs. control plane Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 06/16] netfilter: nf_tables: don't use position attribute on rule replacement Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 07/16] netfilter: xt_RATEEST: remove netns exit routine Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 08/16] netfilter: nf_tables: fix use-after-free when deleting compat expressions Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 09/16] netfilter: xt_hashlimit: fix a possible memory leak in htable_create() Pablo Neira Ayuso
2018-11-28 16:04 ` Sergei Shtylyov
2018-11-28 10:17 ` [PATCH 10/16] ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 11/16] netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 12/16] netfilter: ipv6: Preserve link scope traffic original oif Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 13/16] netfilter: add missing error handling code for register functions Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 14/16] netfilter: nat: fix double register in masquerade modules Pablo Neira Ayuso
2018-11-28 10:17 ` Pablo Neira Ayuso [this message]
2018-11-28 10:17 ` [PATCH 16/16] netfilter: nf_tables: deactivate expressions in rule replecement routine Pablo Neira Ayuso
2018-11-28 19:03 ` [PATCH 00/16] Netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181128101741.20924-16-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.