Commit 8f4e0a18 authored by Hans Schillstrom's avatar Hans Schillstrom Committed by Simon Horman

IPVS netns exit causes crash in conntrack

Quote from Patric Mc Hardy
"This looks like nfnetlink.c excited and destroyed the nfnl socket, but
ip_vs was still holding a reference to a conntrack. When the conntrack
got destroyed it created a ctnetlink event, causing an oops in
netlink_has_listeners when trying to use the destroyed nfnetlink
socket."

If nf_conntrack_netlink is loaded before ip_vs this is not a problem.

This patch simply avoids calling ip_vs_conn_drop_conntrack()
when netns is dying as suggested by Julian.
Signed-off-by: default avatarHans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
parent d232b8dd
...@@ -776,8 +776,16 @@ static void ip_vs_conn_expire(unsigned long data) ...@@ -776,8 +776,16 @@ static void ip_vs_conn_expire(unsigned long data)
if (cp->control) if (cp->control)
ip_vs_control_del(cp); ip_vs_control_del(cp);
if (cp->flags & IP_VS_CONN_F_NFCT) if (cp->flags & IP_VS_CONN_F_NFCT) {
ip_vs_conn_drop_conntrack(cp); ip_vs_conn_drop_conntrack(cp);
/* Do not access conntracks during subsys cleanup
* because nf_conntrack_find_get can not be used after
* conntrack cleanup for the net.
*/
smp_rmb();
if (ipvs->enable)
ip_vs_conn_drop_conntrack(cp);
}
ip_vs_pe_put(cp->pe); ip_vs_pe_put(cp->pe);
kfree(cp->pe_data); kfree(cp->pe_data);
......
...@@ -1945,6 +1945,7 @@ static void __net_exit __ip_vs_dev_cleanup(struct net *net) ...@@ -1945,6 +1945,7 @@ static void __net_exit __ip_vs_dev_cleanup(struct net *net)
{ {
EnterFunction(2); EnterFunction(2);
net_ipvs(net)->enable = 0; /* Disable packet reception */ net_ipvs(net)->enable = 0; /* Disable packet reception */
smp_wmb();
__ip_vs_sync_cleanup(net); __ip_vs_sync_cleanup(net);
LeaveFunction(2); LeaveFunction(2);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment