diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-20 12:55:02 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-23 16:17:58 +0200 |
| commit | 2385eb0c5fbcb4316d3490b3affba8e15efc7eb8 (patch) | |
| tree | e8fbd0199a5524032c9a57184bbf9a3c21137154 /net/netfilter/core.c | |
| parent | netfilter: Fix memory leak in nf_register_net_hook (diff) | |
| download | linux-dev-2385eb0c5fbcb4316d3490b3affba8e15efc7eb8.tar.xz linux-dev-2385eb0c5fbcb4316d3490b3affba8e15efc7eb8.zip | |
netfilter: nf_queue: fix nf_queue_nf_hook_drop()
This function reacquires the rtnl_lock() which is already held by
nf_unregister_hook().
This can be triggered via: modprobe nf_conntrack_ipv4 && rmmod nf_conntrack_ipv4
[ 720.628746] INFO: task rmmod:3578 blocked for more than 120 seconds.
[ 720.628749] Not tainted 4.2.0-rc2+ #113
[ 720.628752] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 720.628754] rmmod D ffff8800ca46fd58 0 3578 3571 0x00000080
[...]
[ 720.628783] Call Trace:
[ 720.628790] [<ffffffff8152ea0b>] schedule+0x6b/0x90
[ 720.628795] [<ffffffff8152ecb3>] schedule_preempt_disabled+0x13/0x20
[ 720.628799] [<ffffffff8152ff55>] mutex_lock_nested+0x1f5/0x380
[ 720.628803] [<ffffffff81462622>] ? rtnl_lock+0x12/0x20
[ 720.628807] [<ffffffff81462622>] ? rtnl_lock+0x12/0x20
[ 720.628812] [<ffffffff81462622>] rtnl_lock+0x12/0x20
[ 720.628817] [<ffffffff8148ab25>] nf_queue_nf_hook_drop+0x15/0x160
[ 720.628825] [<ffffffff81488d48>] nf_unregister_net_hook+0x168/0x190
[ 720.628831] [<ffffffff81488e24>] nf_unregister_hook+0x64/0x80
[ 720.628837] [<ffffffff81488e60>] nf_unregister_hooks+0x20/0x30
[...]
Moreover, nf_unregister_net_hook() should only destroy the queue for this
netns, not for every netns.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Fixes: 085db2c04557 ("netfilter: Per network namespace netfilter hooks.")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'net/netfilter/core.c')
| -rw-r--r-- | net/netfilter/core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 87d237d20870..12504fbbeef7 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -154,7 +154,7 @@ void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) static_key_slow_dec(&nf_hooks_needed[reg->pf][reg->hooknum]); #endif synchronize_net(); - nf_queue_nf_hook_drop(elem); + nf_queue_nf_hook_drop(net, elem); kfree(elem); } EXPORT_SYMBOL(nf_unregister_net_hook); |