diff options
author | Patrick McHardy <kaber@trash.net> | 2009-11-18 23:59:05 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-11-19 16:16:31 -0500 |
commit | 6440fe059ee8b49b548c8c2c1447530075d07e10 (patch) | |
tree | e3fcac4c384c47d6e279236fbcd25b3166482e2e | |
parent | d667b9cfd09a2ca61f74a9edc73d08d2ad0d14da (diff) |
netfilter: nf_log: fix sleeping function called from invalid context in seq_show()
[ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280
[ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep
[ 171.925306] 2 locks held by grep/671:
[ 171.925312] #0: (&p->lock){+.+.+.}, at: [<c10b8acd>] seq_read+0x25/0x36c
[ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [<c1391dac>] seq_start+0x0/0x44
[ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3
[ 171.925380] Call Trace:
[ 171.925398] [<c105104e>] ? __debug_show_held_locks+0x1e/0x20
[ 171.925414] [<c10264ac>] __might_sleep+0xfb/0x102
[ 171.925430] [<c1461521>] mutex_lock_nested+0x1c/0x2ad
[ 171.925444] [<c1391c9e>] seq_show+0x74/0x127
[ 171.925456] [<c10b8c5c>] seq_read+0x1b4/0x36c
[ 171.925469] [<c10b8aa8>] ? seq_read+0x0/0x36c
[ 171.925483] [<c10d5c8e>] proc_reg_read+0x60/0x74
[ 171.925496] [<c10d5c2e>] ? proc_reg_read+0x0/0x74
[ 171.925510] [<c10a4468>] vfs_read+0x87/0x110
[ 171.925523] [<c10a458a>] sys_read+0x3b/0x60
[ 171.925538] [<c1002a49>] syscall_call+0x7/0xb
Fix it by replacing RCU with nf_log_mutex.
Reported-by: "Yin, Kangkai" <kangkai.yin@intel.com>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nf_log.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index c93494fef8ef..d65d3481919c 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c | |||
@@ -128,9 +128,8 @@ EXPORT_SYMBOL(nf_log_packet); | |||
128 | 128 | ||
129 | #ifdef CONFIG_PROC_FS | 129 | #ifdef CONFIG_PROC_FS |
130 | static void *seq_start(struct seq_file *seq, loff_t *pos) | 130 | static void *seq_start(struct seq_file *seq, loff_t *pos) |
131 | __acquires(RCU) | ||
132 | { | 131 | { |
133 | rcu_read_lock(); | 132 | mutex_lock(&nf_log_mutex); |
134 | 133 | ||
135 | if (*pos >= ARRAY_SIZE(nf_loggers)) | 134 | if (*pos >= ARRAY_SIZE(nf_loggers)) |
136 | return NULL; | 135 | return NULL; |
@@ -149,9 +148,8 @@ static void *seq_next(struct seq_file *s, void *v, loff_t *pos) | |||
149 | } | 148 | } |
150 | 149 | ||
151 | static void seq_stop(struct seq_file *s, void *v) | 150 | static void seq_stop(struct seq_file *s, void *v) |
152 | __releases(RCU) | ||
153 | { | 151 | { |
154 | rcu_read_unlock(); | 152 | mutex_unlock(&nf_log_mutex); |
155 | } | 153 | } |
156 | 154 | ||
157 | static int seq_show(struct seq_file *s, void *v) | 155 | static int seq_show(struct seq_file *s, void *v) |
@@ -161,7 +159,7 @@ static int seq_show(struct seq_file *s, void *v) | |||
161 | struct nf_logger *t; | 159 | struct nf_logger *t; |
162 | int ret; | 160 | int ret; |
163 | 161 | ||
164 | logger = rcu_dereference(nf_loggers[*pos]); | 162 | logger = nf_loggers[*pos]; |
165 | 163 | ||
166 | if (!logger) | 164 | if (!logger) |
167 | ret = seq_printf(s, "%2lld NONE (", *pos); | 165 | ret = seq_printf(s, "%2lld NONE (", *pos); |
@@ -171,22 +169,16 @@ static int seq_show(struct seq_file *s, void *v) | |||
171 | if (ret < 0) | 169 | if (ret < 0) |
172 | return ret; | 170 | return ret; |
173 | 171 | ||
174 | mutex_lock(&nf_log_mutex); | ||
175 | list_for_each_entry(t, &nf_loggers_l[*pos], list[*pos]) { | 172 | list_for_each_entry(t, &nf_loggers_l[*pos], list[*pos]) { |
176 | ret = seq_printf(s, "%s", t->name); | 173 | ret = seq_printf(s, "%s", t->name); |
177 | if (ret < 0) { | 174 | if (ret < 0) |
178 | mutex_unlock(&nf_log_mutex); | ||
179 | return ret; | 175 | return ret; |
180 | } | ||
181 | if (&t->list[*pos] != nf_loggers_l[*pos].prev) { | 176 | if (&t->list[*pos] != nf_loggers_l[*pos].prev) { |
182 | ret = seq_printf(s, ","); | 177 | ret = seq_printf(s, ","); |
183 | if (ret < 0) { | 178 | if (ret < 0) |
184 | mutex_unlock(&nf_log_mutex); | ||
185 | return ret; | 179 | return ret; |
186 | } | ||
187 | } | 180 | } |
188 | } | 181 | } |
189 | mutex_unlock(&nf_log_mutex); | ||
190 | 182 | ||
191 | return seq_printf(s, ")\n"); | 183 | return seq_printf(s, ")\n"); |
192 | } | 184 | } |