linux-hardened/net/netfilter
Pablo Neira Ayuso fab00c5d15 netfilter: ctnetlink: sleepable allocation with spin lock bh
This patch removes a GFP_KERNEL allocation while holding a spin lock with
bottom halves disabled in ctnetlink_change_helper().

This problem was introduced in 2.6.23 with the netfilter extension
infrastructure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-08-18 21:31:46 -07:00
..
core.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
Kconfig netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
Makefile netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_acct.c netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_core.c netfilter: fix two recent sysctl problems 2008-08-06 02:35:44 -07:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack_expect: function naming unification 2007-07-10 22:17:53 -07:00
nf_conntrack_expect.c netfilter: nf_conntrack_expect: fix error path unwind in nf_conntrack_expect_init() 2008-05-29 03:19:37 -07:00
nf_conntrack_extend.c netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences 2008-07-26 17:50:05 -07:00
nf_conntrack_ftp.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: fix module unload crash 2008-06-17 15:52:32 -07:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_helper.c rcu: fix nf_conntrack_helper.c build bug 2008-05-22 10:08:38 +02:00
nf_conntrack_irc.c [NETFILTER]: annotate rest of nf_conntrack_* with const 2008-04-14 11:15:42 +02:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto 2008-04-14 11:15:52 +02:00
nf_conntrack_netbios_ns.c [NETFILTER]: nf_conntrack: introduce expectation classes and policies 2008-03-25 20:09:15 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: sleepable allocation with spin lock bh 2008-08-18 21:31:46 -07:00
nf_conntrack_pptp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_proto_dccp.c netfilter: nf_conntrack: properly account terminating packets 2008-06-09 15:59:40 -07:00
nf_conntrack_proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_gre.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack_sctp: fix sparse warnings 2008-07-21 10:11:02 -07:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged 2008-07-31 00:38:01 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_udplite.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_sane.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last request 2008-05-08 01:15:21 -07:00
nf_conntrack_standalone.c netfilter: fix two recent sysctl problems 2008-08-06 02:35:44 -07:00
nf_conntrack_tftp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_internals.h [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_log.c netfilter: Make nflog quiet when no one listen in userspace. 2008-06-11 17:50:27 -07:00
nf_queue.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
nf_sockopt.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
nfnetlink.c [NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28 15:08:07 -08:00
nfnetlink_log.c netfilter: nfnetlink_log: send complete hardware header 2008-07-21 10:11:00 -07:00
nfnetlink_queue.c netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
x_tables.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:11:52 -07:00
xt_CLASSIFY.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_comment.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_connbytes.c netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
xt_connlimit.c netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state 2008-06-04 09:57:51 -07:00
xt_CONNMARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_connmark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_CONNSECMARK.c netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
xt_conntrack.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
xt_dccp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_dscp.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_DSCP.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_esp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_hashlimit.c netfilter: xt_hashlimit: fix race between htable_destroy and htable_gc 2008-07-31 00:38:52 -07:00
xt_helper.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_iprange.c netfilter: xt_iprange: module aliases for xt_iprange 2008-05-13 23:27:48 -07:00
xt_length.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_limit.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mac.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_MARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_multiport.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_NFLOG.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NFQUEUE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NOTRACK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_owner.c [NETFILTER]: xt_owner: allow matching UID/GID ranges 2008-01-31 19:27:43 -08:00
xt_physdev.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_pkttype.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_policy.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_quota.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_RATEEST.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_rateest.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_realm.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_sctp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_SECMARK.c netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
xt_state.c [NETFILTER]: x_tables: use %u format specifiers 2008-01-28 14:59:07 -08:00
xt_statistic.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_string.c netfilter: fix string extension for case insensitive pattern matching 2008-07-08 02:38:56 -07:00
xt_TCPMSS.c netfilter: xt_TCPMSS: collapse tcpmss_reverse_mtu{4,6} into one function 2008-07-21 10:11:01 -07:00
xt_tcpmss.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_TCPOPTSTRIP.c netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval 2008-04-29 03:15:10 -07:00
xt_tcpudp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_time.c netfilter: xt_time: fix time's time_mt()'s use of do_div() 2008-07-21 10:10:59 -07:00
xt_TRACE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_u32.c [NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it 2008-02-19 17:18:20 -08:00