[PATCH AUTOSEL 4.19 019/123] netfilter: nf_conncount: fix unexpected permanent node of list.

From: Sasha Levin
Date: Wed Dec 05 2018 - 05:13:05 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 4.19 015/123] arm64: dts: sdm845-mtp: Reserve reserved gpios"
Previous message: Bryan O'Donoghue: "Re: [PATCH 2/2] staging: greybus: Added space between string concatenated"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.19 028/123] hwmon: (raspberrypi) Fix initial notify"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.19 015/123] arm64: dts: sdm845-mtp: Reserve reserved gpios"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Taehee Yoo <ap420073@xxxxxxxxx>

[ Upstream commit 3c5cdb17c3be76714dfd0d03e384f70579545614 ]

When list->count is 0, the list is deleted by GC. But list->count is
never reached 0 because initial count value is 1 and it is increased
when node is inserted. So that initial value of list->count should be 0.

Originally GC always finds zero count list through deleting node and
decreasing count. However, list may be left empty since node insertion
may fail eg. allocaton problem. In order to solve this problem, GC
routine also finds zero count list without deleting node.

Fixes: cb2b36f5a97d ("netfilter: nf_conncount: Switch to plain list")
Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
net/netfilter/nf_conncount.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index cb33709138df..8acae4a3e4c0 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -144,8 +144,10 @@ static bool conn_free(struct nf_conncount_list *list,
list->count--;
conn->dead = true;
list_del_rcu(&conn->node);
- if (list->count == 0)
+ if (list->count == 0) {
+ list->dead = true;
free_entry = true;
+ }

spin_unlock_bh(&list->list_lock);
call_rcu(&conn->rcu_head, __conn_free);
@@ -248,7 +250,7 @@ void nf_conncount_list_init(struct nf_conncount_list *list)
{
spin_lock_init(&list->list_lock);
INIT_LIST_HEAD(&list->head);
- list->count = 1;
+ list->count = 0;
list->dead = false;
}
EXPORT_SYMBOL_GPL(nf_conncount_list_init);
@@ -262,6 +264,7 @@ bool nf_conncount_gc_list(struct net *net,
struct nf_conn *found_ct;
unsigned int collected = 0;
bool free_entry = false;
+ bool ret = false;

list_for_each_entry_safe(conn, conn_n, &list->head, node) {
found = find_or_evict(net, list, conn, &free_entry);
@@ -291,7 +294,15 @@ bool nf_conncount_gc_list(struct net *net,
if (collected > CONNCOUNT_GC_MAX_NODES)
return false;
}
- return false;
+
+ spin_lock_bh(&list->list_lock);
+ if (!list->count) {
+ list->dead = true;
+ ret = true;
+ }
+ spin_unlock_bh(&list->list_lock);
+
+ return ret;
}
EXPORT_SYMBOL_GPL(nf_conncount_gc_list);

@@ -417,6 +428,7 @@ insert_tree(struct net *net,
nf_conncount_list_init(&rbconn->list);
list_add(&conn->node, &rbconn->list.head);
count = 1;
+ rbconn->list.count = count;

rb_link_node(&rbconn->node, parent, rbnode);
rb_insert_color(&rbconn->node, root);
--
2.17.1

Next message: Sasha Levin: "[PATCH AUTOSEL 4.19 015/123] arm64: dts: sdm845-mtp: Reserve reserved gpios"
Previous message: Bryan O'Donoghue: "Re: [PATCH 2/2] staging: greybus: Added space between string concatenated"
In reply to: Sasha Levin: "[PATCH AUTOSEL 4.19 028/123] hwmon: (raspberrypi) Fix initial notify"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 4.19 015/123] arm64: dts: sdm845-mtp: Reserve reserved gpios"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]