IPVS netns exit causes crash in conntrack

Quote from Patric Mc Hardy "This looks like nfnetlink.c excited and destroyed the nfnl socket, but ip_vs was still holding a reference to a conntrack. When the conntrack got destroyed it created a ctnetlink event, causing an oops in netlink_has_listeners when trying to use the destroyed nfnetlink socket." If nf_conntrack_netlink is loaded before ip_vs this is not a problem. This patch simply avoids calling ip_vs_conn_drop_conntrack() when netns is dying as suggested by Julian. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Simon Horman <horms@verge.net.au>
author: Hans Schillstrom <hans.schillstrom@ericsson.com> 2011-06-13 03:06:57 -0400
committer: Simon Horman <horms@verge.net.au> 2011-06-13 04:41:47 -0400
commit: 8f4e0a18682d91abfad72ede3d3cb5f3ebdf54b4 (patch)
tree: b2b5ec39519bbf6416ae021f108739290e565b50 /net/netfilter
parent: d232b8dded624af3e346b13807a591c63b601c44 (diff)
2 files changed, 10 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index bf28ac2fc99b..782db275ac53 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -776,8 +776,16 @@ static void ip_vs_conn_expire(unsigned long data)
                if (cp->control)
                        ip_vs_control_del(cp);
-                if (cp->flags & IP_VS_CONN_F_NFCT)
+                if (cp->flags & IP_VS_CONN_F_NFCT) {
                        ip_vs_conn_drop_conntrack(cp);
+                        /* Do not access conntracks during subsys cleanup
+                         * because nf_conntrack_find_get can not be used after
+                         * conntrack cleanup for the net.
+                         */
+                        smp_rmb();
+                        if (ipvs->enable)
+                                ip_vs_conn_drop_conntrack(cp);
+                }
                ip_vs_pe_put(cp->pe);
                kfree(cp->pe_data);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 55af2242bccd..24c28d238dcb 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1945,6 +1945,7 @@ static void __net_exit __ip_vs_dev_cleanup(struct net *net)
 {
        EnterFunction(2);
        net_ipvs(net)->enable = 0;      /* Disable packet reception */
+        smp_wmb();
        __ip_vs_sync_cleanup(net);
        LeaveFunction(2);
 }
author	Hans Schillstrom <hans.schillstrom@ericsson.com>	2011-06-13 03:06:57 -0400
committer	Simon Horman <horms@verge.net.au>	2011-06-13 04:41:47 -0400
commit	8f4e0a18682d91abfad72ede3d3cb5f3ebdf54b4 (patch)
tree	b2b5ec39519bbf6416ae021f108739290e565b50 /net/netfilter
parent	d232b8dded624af3e346b13807a591c63b601c44 (diff)