On Sun, Aug 14, 2005 at 08:15:53PM -0600, Zwane Mwaikambo wrote:
> Is the following patch correct? ip_conntrack_event_cache should never be
> called with ip_conntrack_lock held and ct_add_counters does not need to be
> called with ip_conntrack_lock held.
No, it's not correct. ct_add_countes has to be called from within
write_lock_bh() on ip_conntrack_lock.
So if you keep the ct_add_counters() call where it is and only apply the
rest of your patch (i.e. deferring of ip_conntrack_event_cache() call),
then I think your patch would work.
However, the whole eventcache needs to be audited, it's called from a
number of places.
As Patrick wrote he's working on a solution, I'm not going to intervene
or replicate his work. As a interim solution I'd suggest disabling
CONFIG_IP_NF_CT_ACCT [which can't be vital anyway, since it was only
added in net-2.6.14 (and thus -mm)].
Cheers,
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpxvuBR4ohdM.pgp
Description: PGP signature
|