linux-hardened/net/ipv4
Harald Welte 1dfbab5949 [NETFILTER] Fix conntrack event cache deadlock/oops
This patch fixes a number of bugs.  It cannot be reasonably split up in
multiple fixes, since all bugs interact with each other and affect the same
function:

Bug #1:
The event cache code cannot be called while a lock is held.  Therefore, the
call to ip_conntrack_event_cache() within ip_ct_refresh_acct() needs to be
moved outside of the locked section.  This fixes a number of 2.6.14-rcX
oops and deadlock reports.

Bug #2:
We used to call ct_add_counters() for unconfirmed connections without
holding a lock.  Since the add operations are not atomic, we could race
with another CPU.

Bug #3:
ip_ct_refresh_acct() lost REFRESH events in some cases where refresh
(and the corresponding event) are desired, but no accounting shall be
performed.  Both, evenst and accounting implicitly depended on the skb
parameter bein non-null.   We now re-introduce a non-accounting
"ip_ct_refresh()" variant to explicitly state the desired behaviour.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-09-22 23:46:57 -07:00
..
ipvs [IPVS]: ip_vs_ftp breaks connections using persistence 2005-09-14 21:08:51 -07:00
netfilter [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
af_inet.c [IPV4] fib_trie: fix proc interface 2005-09-09 13:35:42 -07:00
ah4.c [CRYPTO]: crypto_free_tfm() callers no longer need to check for NULL 2005-09-01 17:44:29 -07:00
arp.c [NET]: Store skb->timestamp as offset to a base timestamp 2005-08-29 15:58:24 -07:00
datagram.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
devinet.c [NETLINK]: Convert netlink users to use group numbers instead of bitmasks 2005-08-29 16:00:54 -07:00
esp4.c [CRYPTO]: crypto_free_tfm() callers no longer need to check for NULL 2005-09-01 17:44:29 -07:00
fib_frontend.c [NETLINK]: Add "groups" argument to netlink_kernel_create 2005-08-29 16:01:11 -07:00
fib_hash.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
fib_lookup.h [IPV4]: Prepare FIB core for RCU. 2005-08-29 16:08:31 -07:00
fib_rules.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_semantics.c [IPV4]: Prepare FIB core for RCU. 2005-08-29 16:08:31 -07:00
fib_trie.c [FIB_TRIE]: message cleanup 2005-09-21 00:15:39 -07:00
icmp.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
igmp.c [MCAST]: Fix MCAST_EXCLUDE line dupes 2005-09-14 20:53:42 -07:00
inet_connection_sock.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
inet_diag.c [NETLINK]: Add "groups" argument to netlink_kernel_create 2005-08-29 16:01:11 -07:00
inet_hashtables.c [NET]: Introduce inet_connection_sock 2005-08-29 15:43:19 -07:00
inet_timewait_sock.c [TIMEWAIT]: Move inet_timewait_death_row routines to net/ipv4/inet_timewait_sock.c 2005-08-29 15:55:58 -07:00
inetpeer.c [PATCH] timer initialization cleanup: DEFINE_TIMER 2005-09-09 14:03:48 -07:00
ip_forward.c [IPV4]: Remove some dead code from ip_forward() 2005-08-29 16:03:06 -07:00
ip_fragment.c [IPV4]: Reassembly trim not clearing CHECKSUM_HW 2005-09-06 15:51:48 -07:00
ip_gre.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ip_input.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
ip_options.c [IP]: Introduce ip_options_get_from_user 2005-08-29 16:01:39 -07:00
ip_output.c [IPV4]: ip_finish_output() can be inlined 2005-08-29 16:03:10 -07:00
ip_sockglue.c [IP]: Introduce ip_options_get_from_user 2005-08-29 16:01:39 -07:00
ipcomp.c [CRYPTO]: crypto_free_tfm() callers no longer need to check for NULL 2005-09-01 17:44:29 -07:00
ipconfig.c [NET]: fix-up schedule_timeout() usage 2005-09-12 14:15:34 -07:00
ipip.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ipmr.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
Kconfig [INET_DIAG]: Move the tcp_diag interface to the proper place 2005-08-29 15:57:54 -07:00
Makefile [INET_DIAG]: Move the tcp_diag interface to the proper place 2005-08-29 15:57:54 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
multipath_drr.c [IPV4]: possible cleanups 2005-08-29 15:33:20 -07:00
multipath_random.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_rr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_wrandom.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
netfilter.c [NETFILTER]: Move reroute-after-queue code up to the nf_queue layer. 2005-08-29 15:36:19 -07:00
proc.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
protocol.c [TCP]: Move the tcp sock states to net/tcp_states.h 2005-08-29 15:41:54 -07:00
raw.c [PATCH] raw_sendmsg DoS on 2.6 2005-09-19 18:45:42 -07:00
route.c [IPV4]: Fix refcount damaging in net/ipv4/route.c 2005-09-08 13:34:47 -07:00
syncookies.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
sysctl_net_ipv4.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
tcp.c [TCP]: Fix TCP_OFF() bug check introduced by previous change. 2005-09-05 18:55:48 -07:00
tcp_bic.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_cong.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_diag.c [INET_DIAG]: Move the tcp_diag interface to the proper place 2005-08-29 15:57:54 -07:00
tcp_highspeed.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_htcp.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_hybla.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_input.c [TCP]: Compute in_sacked properly when we split up a TSO frame. 2005-09-14 20:50:35 -07:00
tcp_ipv4.c [NET]: Fix sparse warnings 2005-08-29 16:01:32 -07:00
tcp_minisocks.c [TCP]: Set default congestion control correctly for incoming connections. 2005-09-21 00:19:46 -07:00
tcp_output.c [TCP]: Adjust Reno SACK estimate in tcp_fragment 2005-09-22 23:32:56 -07:00
tcp_scalable.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_timer.c [ICSK]: Move TCP congestion avoidance members to icsk 2005-08-29 15:56:18 -07:00
tcp_vegas.c [INET_DIAG]: Rename tcp_diag.[ch] to inet_diag.[ch] 2005-08-29 15:57:48 -07:00
tcp_westwood.c [INET_DIAG]: Rename tcp_diag.[ch] to inet_diag.[ch] 2005-08-29 15:57:48 -07:00
udp.c [IPV4] udp: trim forgets about CHECKSUM_HW 2005-09-08 12:32:21 -07:00
xfrm4_input.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm4_output.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_policy.c [IPSEC]: Store idev entries 2005-05-03 16:27:10 -07:00
xfrm4_state.c [IPV4]: possible cleanups 2005-08-29 15:33:20 -07:00
xfrm4_tunnel.c [NET]: Make ipip/ip6_tunnel independant of XFRM 2005-07-19 14:03:34 -07:00