linux-stable-rt/net/ipv4/netfilter
Pavel Emelyanov 4dee959723 [NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put
Consider we are putting a clusterip_config entry with the "entries"
count == 1, and on the other CPU there's a clusterip_config_find_get
in progress:

CPU1:							CPU2:
clusterip_config_entry_put:				clusterip_config_find_get:
if (atomic_dec_and_test(&c->entries)) {
	/* true */
							read_lock_bh(&clusterip_lock);
							c = __clusterip_config_find(clusterip);
							/* found - it's still in list */
							...
							atomic_inc(&c->entries);
							read_unlock_bh(&clusterip_lock);

	write_lock_bh(&clusterip_lock);
	list_del(&c->list);
	write_unlock_bh(&clusterip_lock);
	...
	dev_put(c->dev);

Oops! We have an entry returned by the clusterip_config_find_get,
which is a) not in list b) has a stale dev pointer.

The problems will happen when the CPU2 will release the entry - it
will remove it from the list for the 2nd time, thus spoiling it, and
will put a stale dev pointer.

The fix is to make atomic_dec_and_test under the clusterip_lock.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2008-04-14 00:44:52 -07:00
..
Kconfig
Makefile
arp_tables.c
arpt_mangle.c [NETFILTER]: Fix incorrect use of skb_make_writable 2008-02-19 17:18:47 -08:00
arptable_filter.c
ip_queue.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
ip_tables.c
ipt_CLUSTERIP.c [NETFILTER]: ipt_CLUSTERIP: fix race between clusterip_config_find_get and _entry_put 2008-04-14 00:44:52 -07:00
ipt_ECN.c
ipt_LOG.c
ipt_MASQUERADE.c
ipt_NETMAP.c
ipt_REDIRECT.c
ipt_REJECT.c
ipt_TTL.c
ipt_ULOG.c
ipt_addrtype.c
ipt_ah.c
ipt_ecn.c
ipt_recent.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
ipt_ttl.c
iptable_filter.c
iptable_mangle.c
iptable_raw.c
nf_conntrack_l3proto_ipv4.c
nf_conntrack_l3proto_ipv4_compat.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
nf_conntrack_proto_icmp.c
nf_nat_amanda.c
nf_nat_core.c [NETFILTER]: nf_nat: autoload IPv4 connection tracking 2008-04-09 15:14:58 -07:00
nf_nat_ftp.c
nf_nat_h323.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_pptp.c
nf_nat_proto_gre.c
nf_nat_proto_icmp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_unknown.c
nf_nat_rule.c
nf_nat_sip.c
nf_nat_snmp_basic.c
nf_nat_standalone.c
nf_nat_tftp.c