IPVS netns exit causes crash in conntrack

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Quote from Patric Mc Hardy
"This looks like nfnetlink.c excited and destroyed the nfnl socket, but
ip_vs was still holding a reference to a conntrack. When the conntrack
got destroyed it created a ctnetlink event, causing an oops in
netlink_has_listeners when trying to use the destroyed nfnetlink
socket."

If nf_conntrack_netlink is loaded before ip_vs this is not a problem.

This patch simply avoids calling ip_vs_conn_drop_conntrack()
when netns is dying as suggested by Julian.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Simon Horman <horms@verge.net.au>

authored by

Hans Schillstrom and committed by

Simon Horman 15 years ago 8f4e0a18 d232b8dd

+10 -1

2 changed files

expand all

net

netfilter

ipvs

ip_vs_conn.c

ip_vs_core.c

+9 -1

net/netfilter/ipvs/ip_vs_conn.c

··· 776 776 if (cp->control) 777 777 ip_vs_control_del(cp); 778 778 779 - if (cp->flags & IP_VS_CONN_F_NFCT) 779 + if (cp->flags & IP_VS_CONN_F_NFCT) { 780 780 ip_vs_conn_drop_conntrack(cp); 781 + /* Do not access conntracks during subsys cleanup 782 + * because nf_conntrack_find_get can not be used after 783 + * conntrack cleanup for the net. 784 + */ 785 + smp_rmb(); 786 + if (ipvs->enable) 787 + ip_vs_conn_drop_conntrack(cp); 788 + } 781 789 782 790 ip_vs_pe_put(cp->pe); 783 791 kfree(cp->pe_data);

net/netfilter/ipvs/ip_vs_core.c

··· 1945 1945 { 1946 1946 EnterFunction(2); 1947 1947 net_ipvs(net)->enable = 0; /* Disable packet reception */ 1948 + smp_wmb(); 1948 1949 __ip_vs_sync_cleanup(net); 1949 1950 LeaveFunction(2); 1950 1951 }