[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 30 Jul 2008 12:52:53 +0200
From: Patrick McHardy <kaber@...sh.net>
To: Pavel Emelyanov <xemul@...nvz.org>
CC: David Miller <davem@...emloft.net>,
Linux Netdev List <netdev@...r.kernel.org>,
Netfilter Development Mailinglist
<netfilter-devel@...r.kernel.org>
Subject: Re: [PATCH] ipt_recent: fix race between recent_mt_destroy and proc
manipulations
Pavel Emelyanov wrote:
> The thing is that recent_mt_destroy first flushes the entries
> from table with the recent_table_flush and only *after* this
> removes the proc file, corresponding to that table.
>
> Thus, if we manage to write to this file the '+XXX' command we
> will leak some entries. If we manage to write there a 'clean'
> command we'll race in two recent_table_flush flows, since the
> recent_mt_destroy calls this outside the recent_lock.
>
> The proper solution as I see it is to remove the proc file first
> and then go on with flushing the table. This flushing becomes
> safe w/o the lock, since the table is already inaccessible from
> the outside.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists