diff options
author | Mark Huang <mlhuang@cs.princeton.edu> | 2006-08-13 21:57:54 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-08-13 21:57:54 -0400 |
commit | dcb7cd97f133f7cfbd181149a1e60215a869f895 (patch) | |
tree | 73e600aa19051981a566ad55ca5fa6f9acec4f7a | |
parent | 0eff66e625306a794ecba4b29ed12f7a147ce219 (diff) |
[NETFILTER]: ulog: fix panic on SMP kernels
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.
Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 5 | ||||
-rw-r--r-- | net/netfilter/nfnetlink_log.c | 3 |
3 files changed, 11 insertions, 0 deletions
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 02693a230dc1..9f950db3b76f 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -74,6 +74,9 @@ static void ulog_send(unsigned int nlgroup) | |||
74 | if (timer_pending(&ub->timer)) | 74 | if (timer_pending(&ub->timer)) |
75 | del_timer(&ub->timer); | 75 | del_timer(&ub->timer); |
76 | 76 | ||
77 | if (!ub->skb) | ||
78 | return; | ||
79 | |||
77 | /* last nlmsg needs NLMSG_DONE */ | 80 | /* last nlmsg needs NLMSG_DONE */ |
78 | if (ub->qlen > 1) | 81 | if (ub->qlen > 1) |
79 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | 82 | ub->lastnlh->nlmsg_type = NLMSG_DONE; |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index d7dd7fe7051c..d46fd677fa11 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -115,6 +115,11 @@ static void ulog_send(unsigned int nlgroupnum) | |||
115 | del_timer(&ub->timer); | 115 | del_timer(&ub->timer); |
116 | } | 116 | } |
117 | 117 | ||
118 | if (!ub->skb) { | ||
119 | DEBUGP("ipt_ULOG: ulog_send: nothing to send\n"); | ||
120 | return; | ||
121 | } | ||
122 | |||
118 | /* last nlmsg needs NLMSG_DONE */ | 123 | /* last nlmsg needs NLMSG_DONE */ |
119 | if (ub->qlen > 1) | 124 | if (ub->qlen > 1) |
120 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | 125 | ub->lastnlh->nlmsg_type = NLMSG_DONE; |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 61cdda4e5d3b..b59d3b2bde21 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
@@ -366,6 +366,9 @@ __nfulnl_send(struct nfulnl_instance *inst) | |||
366 | if (timer_pending(&inst->timer)) | 366 | if (timer_pending(&inst->timer)) |
367 | del_timer(&inst->timer); | 367 | del_timer(&inst->timer); |
368 | 368 | ||
369 | if (!inst->skb) | ||
370 | return 0; | ||
371 | |||
369 | if (inst->qlen > 1) | 372 | if (inst->qlen > 1) |
370 | inst->lastnlh->nlmsg_type = NLMSG_DONE; | 373 | inst->lastnlh->nlmsg_type = NLMSG_DONE; |
371 | 374 | ||