Ingo Molnar wrote: > * David Miller <[EMAIL PROTECTED]> wrote: > >>net/netfilter/nf_conntrack_core.c, calls: >> >> l4proto = __nf_ct_l4proto_find((u_int16_t)pf, protonum); >> >>whichs assumes that preemption is disabled.
Yes, that is certainly broken. > you are right - i mistakenly read that mail only up to the point where > you point out the (slightly) buggy NF_CT_STATIC_INC use and missed your > final point about other coding having implicit preempt_disable() > assumptions. > > I've looked at __nf_ct_l4proto_find() and it's not obvious to me what > the hidden preempt_disable() assumption is. Its main use seems to be of > nf_ct_protos[] array, which is protected by nf_conntrack_lock. I'm > wondering whether what you say suggests that it's safe to call > __nf_ct_l4proto_find() without the nf_conntrack_lock locked (as read or > as write), and if it's safe, how it protects against simultaneous > modifications to the nf_ct_protos[] array. > > Ahh ... unregister does a synchronize_net(), right? That means that > removal of the pointer only happens if all CPUs have gone through a > quiescent state. > > this means that this particular use could be fixed by converting the > preempt_disable()/enable() pair in nf_ct_l4proto_find_get() to > rcu_read_lock()/unlock(), correct? That is another bug (all uses of preempt_disable in netfilter actually), but calling __nf_ct_l[34]proto_find without rcu_read_lock is broken as well. > Furthermore, every user of > synchronize_net() [and synchronize_rcu() in general] needs to be > reviewed. I'll take care of netfilter. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
