netfilter: ctnetlink: fix GFP_KERNEL allocation under spinlock
Patrick McHardy [Wed, 26 Nov 2008 11:57:44 +0000 (03:57 -0800)]
The previous fix for the conntrack creation race (netfilter: ctnetlink:
fix conntrack creation race) missed a GFP_KERNEL allocation that is
now performed while holding a spinlock. Switch to GFP_ATOMIC.

Reported-and-tested-by: Zoltan Borbely <bozo@andrews.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/netfilter/nf_conntrack_netlink.c

index 3b009a3..5f4a651 100644 (file)
@@ -1138,7 +1138,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
                }
        }
 
-       nf_ct_acct_ext_add(ct, GFP_KERNEL);
+       nf_ct_acct_ext_add(ct, GFP_ATOMIC);
 
 #if defined(CONFIG_NF_CONNTRACK_MARK)
        if (cda[CTA_MARK])