Received: by 10.213.65.68 with SMTP id h4csp1680688imn; Mon, 19 Mar 2018 10:23:13 -0700 (PDT) X-Google-Smtp-Source: AG47ELvxVjiMEIdlCBZV5oBSSnzm32iPgi8Bh8XbnAEuOBHFMYzzm6eRAXDnVuFy4qdF29khL5Dz X-Received: by 10.98.85.197 with SMTP id j188mr10862014pfb.86.1521480193235; Mon, 19 Mar 2018 10:23:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521480193; cv=none; d=google.com; s=arc-20160816; b=0eiRDsMvJC4GxSORY15Pmbfa/UhvUrLUJ9PSS5v28SRCJeKt5EemTRQOBgPPXhzlK8 LxFqyo1o2DEU7D81SFV0yolAaA8Mr/Cwuvgt4X/JQWSZ7hZFB77QkcwhMnebuN4JHu9q ioFWvcJmXtpWOLyzEg8ojsH+Acyy5q9LQ3IvnMy2vD82Ac7jdevtVG37lWuU1HQfmCEM DudxGv7b5yr8NKZvXCLcmsHakDDv0SFAaQ45+LSut3RWLU8KDJsbsfNhDpPvXP6QyECc qHghukga6vTLVUia5t876asPLcupmV8KdieK1BcVlxNLaFpaAICIlSxBl24pLXV9h+D2 Ct1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :spamdiagnosticmetadata:spamdiagnosticoutput:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=yiPMx0CnbHgmhGc+02JVZDhUgEBUh4CYmmacbzfxqDE=; b=ysFmT2zi0qdcxk8DVjGgirJOegyGRODCZFY6WeuFthV7Y/Rv85XrKnCtwG7zytaIc1 bl4npp4Qhi9d60ZWgWK+Q4KCCFeZvCL6ZrrhhiccCsvPK3nd95xruRwx/T4U0gxHkF+k HQuyRDcKxD1jXfDFDt5RKKipdpd4OSiAIuCb/LFjZtwAtYqkT5T5MjezfQ57gKzsk9fh 88ysHk+QUyIlSU0YCiyVTZKbwRY3rLBOYNf+yG0SdXULyBThKb2UXeFCMx2iOnk5b2lL uC6m9LGPlp9lErgCOkeJn5VDNFaL+k1hScH8zvqiUqdcmjon1xTD6P3gG3/rtsuzrhB9 zGKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=Qzca2UdS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x3-v6si327536plo.479.2018.03.19.10.22.59; Mon, 19 Mar 2018 10:23:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector1 header.b=Qzca2UdS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966621AbeCSRUx (ORCPT + 99 others); Mon, 19 Mar 2018 13:20:53 -0400 Received: from mail-cys01nam02on0131.outbound.protection.outlook.com ([104.47.37.131]:49376 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S966400AbeCSQJJ (ORCPT ); Mon, 19 Mar 2018 12:09:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yiPMx0CnbHgmhGc+02JVZDhUgEBUh4CYmmacbzfxqDE=; b=Qzca2UdSW9bLKVbef8Q4BKqGEqw2PhD3NOM8WygCAvwzCRKJVXAf+mUP93dgr4NiPOqj3Vxgl9XynHS/HJJar517xb6j+pmdBw8FI8NSo2qNG0HWSSdGHdFp2oWEeoa9WsRAYqCvbKcp0Pd+twE1OncV5GmivSixUcxKQrdkY4c= Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by DM5PR2101MB0965.namprd21.prod.outlook.com (52.132.133.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.0; Mon, 19 Mar 2018 16:08:58 +0000 Received: from DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62]) by DM5PR2101MB1032.namprd21.prod.outlook.com ([fe80::3d9b:79e7:94eb:5d62%5]) with mapi id 15.20.0631.004; Mon, 19 Mar 2018 16:08:58 +0000 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Liping Zhang , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH AUTOSEL for 4.4 070/167] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Thread-Topic: [PATCH AUTOSEL for 4.4 070/167] netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Thread-Index: AQHTv5xJvAIm6cJFvEm/hnrDXWHMFw== Date: Mon, 19 Mar 2018 16:06:49 +0000 Message-ID: <20180319160513.16384-70-alexander.levin@microsoft.com> References: <20180319160513.16384-1-alexander.levin@microsoft.com> In-Reply-To: <20180319160513.16384-1-alexander.levin@microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [52.168.54.252] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;DM5PR2101MB0965;7:SKj9dfHFMaWo0coIPJsruww0OW5/QZW9xf2Vf9mFob6Vw/ZKysVEMbYBlKs4yik0vdYlpuoSsUqKoAu5PX3BsuFw8gP4keAqM4FBhblvBnXdcXP5XwcB6+KEJJStFh3Lt7JwI4tmkedYrf8JXW07svy1pQ0VRXp1oHdGN3sMnTtV+7+Mb3P5191bxQrAzvstN0WCDW4rvhW1lpbd/8m9gjpFjADkVRx641Do2Suhd4G7MTvypkplFahmMXHSfTK1;20:wU1BOpWgK66gJ07genOIausgzu1rXhsAdNXgfbEg942OeJarDUzLMpqDybEsNk6b4+uZ6eSFUcSYOYLJNpkKR5D8AILFrXJlmRUGcyVIoR8yOEEtUWJ8jJalfa3TVPVaEEPkEK5AOnwWXsk+6YmSlVCTcc/ASwd7iP19CkxRW9Q= x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: acadb210-42c8-4394-25a7-08d58db3b92b x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020);SRVR:DM5PR2101MB0965; x-ms-traffictypediagnostic: DM5PR2101MB0965: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alexander.Levin@microsoft.com; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(85827821059158); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501300)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6072148)(201708071742011);SRVR:DM5PR2101MB0965;BCL:0;PCL:0;RULEID:;SRVR:DM5PR2101MB0965; x-forefront-prvs: 06167FAD59 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(366004)(396003)(39860400002)(376002)(39380400002)(189003)(199004)(25786009)(7736002)(6506007)(86362001)(575784001)(86612001)(10090500001)(478600001)(53936002)(39060400002)(6666003)(6512007)(36756003)(2950100002)(8936002)(110136005)(54906003)(105586002)(14454004)(107886003)(72206003)(10290500003)(316002)(102836004)(2501003)(59450400001)(5250100002)(99286004)(22452003)(305945005)(6436002)(6486002)(1076002)(76176011)(26005)(4326008)(186003)(97736004)(106356001)(3660700001)(3846002)(6116002)(5660300001)(68736007)(2900100001)(8676002)(81166006)(81156014)(3280700002)(2906002)(66066001)(22906009)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR2101MB0965;H:DM5PR2101MB1032.namprd21.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 2LPIsGzChAg+ZuU0qVe4ugHaskAtaH50OAFTIWnPewZWZQMrs/dDthiFsBorEfQ/EPelS9uQP450BAWIYgvsGoY5uZHTuXSXT4iea/emzJ6YFdUM3Cv9ScLQgAAgtWJ4SBuhzBt082x0UCOkjU1m9q0ePPB9AqLEO/PZe385wXeSuS9gAh/PJk0ViBXRjsslrsBmywq0ULR/ycqgn66n1IafehFa6aCxdCyONyaPziwYpNnL4CKUOBlfDirLN/fDcUxwjAsVWLdYZpyuwZ2kG/M78KeWxL93tgx3L1xhktaYxegTK/IN+3OaJDevxoPnDw/80ibjJJHo+UCVr8oPpA== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: acadb210-42c8-4394-25a7-08d58db3b92b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 16:06:49.6763 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0965 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Liping Zhang [ Upstream commit fefa92679dbe0c613e62b6c27235dcfbe9640ad1 ] If nf_conntrack_htable_size was adjusted by the user during the ct dump operation, we may invoke nf_ct_put twice for the same ct, i.e. the "last" ct. This will cause the ct will be freed but still linked in hash buckets. It's very easy to reproduce the problem by the following commands: # while : ; do echo $RANDOM > /proc/sys/net/netfilter/nf_conntrack_buckets done # while : ; do conntrack -L done # iperf -s 127.0.0.1 & # iperf -c 127.0.0.1 -P 60 -t 36000 After a while, the system will hang like this: NMI watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [bash:20184] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [iperf:20382] ... So at last if we find cb->args[1] is equal to "last", this means hash resize happened, then we can set cb->args[1] to 0 to fix the above issue. Fixes: d205dc40798d ("[NETFILTER]: ctnetlink: fix deadlock in table dumping= ") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_conntrack_netlink.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntr= ack_netlink.c index 660939df7c94..3a6f0fa08338 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -887,8 +887,13 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netli= nk_callback *cb) } out: local_bh_enable(); - if (last) + if (last) { + /* nf ct hash resize happened, now clear the leftover. */ + if ((struct nf_conn *)cb->args[1] =3D=3D last) + cb->args[1] =3D 0; + nf_ct_put(last); + } =20 return skb->len; } --=20 2.14.1