Re: [bug] __nf_ct_refresh_acct(): WARNING: at lib/list_debug.c:30__list_add+0x7d/0xad()

From: Patrick McHardy
Date: Wed Jun 17 2009 - 09:29:56 EST

Eric Dumazet wrote:
Patrick McHardy a écrit :
Eric Dumazet wrote:
Patrick McHardy a écrit :
Eric Dumazet wrote:
Patrick McHardy a écrit :
Before the conntrack is confirmed, it is exclusively handled by a
single CPU. I agree that we need to make sure the IPS_CONFIRMED_BIT
is visible before we add the conntrack to the hash table since the
lookup is lockless, but simply moving the set_bit before the hash
insertion should be fine I think.

Problem is timeout.expires is either a relative or absolute timeout,
and changes happen
in __nf_conntrack_confirm() or __nf_ct_refresh_acct().

We must have a synchronization (an barriers), a single bit wont be
Please have a look at the second patch I just sent. It relies
on the RCU barriers to make sure all stores are visible before
other CPUs can find the conntrack.

Sorry, I dont understand how your second patch corrects the problem.

This (unconfirmed) conntrack is visible by another cpu.
No, before it is confirmed, its only visible to the CPU handling
the initial packet of a connection. Confirmation is the step that
makes it visible to other CPUs.

Thanks Patrick, I missed this, and your patch seems fine now :)

Thanks for your help, I'll send it to Dave later today.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at