diff options
| author | Mark Huang <mlhuang@cs.princeton.edu> | 2006-08-13 21:57:54 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-08-13 21:57:54 -0400 |
| commit | dcb7cd97f133f7cfbd181149a1e60215a869f895 (patch) | |
| tree | 73e600aa19051981a566ad55ca5fa6f9acec4f7a | |
| parent | 0eff66e625306a794ecba4b29ed12f7a147ce219 (diff) | |
[NETFILTER]: ulog: fix panic on SMP kernels
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.
Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 3 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 5 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 3 |
3 files changed, 11 insertions, 0 deletions
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 02693a230dc1..9f950db3b76f 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
| @@ -74,6 +74,9 @@ static void ulog_send(unsigned int nlgroup) | |||
| 74 | if (timer_pending(&ub->timer)) | 74 | if (timer_pending(&ub->timer)) |
| 75 | del_timer(&ub->timer); | 75 | del_timer(&ub->timer); |
| 76 | 76 | ||
| 77 | if (!ub->skb) | ||
| 78 | return; | ||
| 79 | |||
| 77 | /* last nlmsg needs NLMSG_DONE */ | 80 | /* last nlmsg needs NLMSG_DONE */ |
| 78 | if (ub->qlen > 1) | 81 | if (ub->qlen > 1) |
| 79 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | 82 | ub->lastnlh->nlmsg_type = NLMSG_DONE; |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index d7dd7fe7051c..d46fd677fa11 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
| @@ -115,6 +115,11 @@ static void ulog_send(unsigned int nlgroupnum) | |||
| 115 | del_timer(&ub->timer); | 115 | del_timer(&ub->timer); |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | if (!ub->skb) { | ||
| 119 | DEBUGP("ipt_ULOG: ulog_send: nothing to send\n"); | ||
| 120 | return; | ||
| 121 | } | ||
| 122 | |||
| 118 | /* last nlmsg needs NLMSG_DONE */ | 123 | /* last nlmsg needs NLMSG_DONE */ |
| 119 | if (ub->qlen > 1) | 124 | if (ub->qlen > 1) |
| 120 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | 125 | ub->lastnlh->nlmsg_type = NLMSG_DONE; |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 61cdda4e5d3b..b59d3b2bde21 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
| @@ -366,6 +366,9 @@ __nfulnl_send(struct nfulnl_instance *inst) | |||
| 366 | if (timer_pending(&inst->timer)) | 366 | if (timer_pending(&inst->timer)) |
| 367 | del_timer(&inst->timer); | 367 | del_timer(&inst->timer); |
| 368 | 368 | ||
| 369 | if (!inst->skb) | ||
| 370 | return 0; | ||
| 371 | |||
| 369 | if (inst->qlen > 1) | 372 | if (inst->qlen > 1) |
| 370 | inst->lastnlh->nlmsg_type = NLMSG_DONE; | 373 | inst->lastnlh->nlmsg_type = NLMSG_DONE; |
| 371 | 374 | ||