rpms/kernel/F-11 fix-conntrack-bug-with-namespaces.patch, NONE, 1.1.2.1 kernel.spec, 1.1784.2.13, 1.1784.2.14

[Kyle McMartin]

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15652

Modified Files:
      Tag: private-fedora-11-2_6_30
	kernel.spec 
Added Files:
      Tag: private-fedora-11-2_6_30
	fix-conntrack-bug-with-namespaces.patch 
Log Message:
* Wed Feb 03 2010 Kyle McMartin <kyle at redhat.com>
- fix-conntrack-bug-with-namespaces.patch (rhbz#533087) fix kvm crash.


fix-conntrack-bug-with-namespaces.patch:
 nf_conntrack_core.c |   24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

--- NEW FILE fix-conntrack-bug-with-namespaces.patch ---
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0d961ee..35f190c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1059,6 +1059,10 @@ EXPORT_SYMBOL_GPL(nf_conntrack_flush);
 
 static void nf_conntrack_cleanup_init_net(void)
 {
+	/* wait until all references to nf_conntrack_untracked are dropped */
+	while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
+		schedule();
+
 	nf_conntrack_helper_fini();
 	nf_conntrack_proto_fini();
 	kmem_cache_destroy(nf_conntrack_cachep);
@@ -1074,9 +1078,6 @@ static void nf_conntrack_cleanup_net(struct net *net)
 		schedule();
 		goto i_see_dead_people;
 	}
-	/* wait until all references to nf_conntrack_untracked are dropped */
-	while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
-		schedule();
 
 	nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc,
 			     nf_conntrack_htable_size);
@@ -1234,6 +1235,14 @@ static int nf_conntrack_init_init_net(void)
 	if (ret < 0)
 		goto err_helper;
 
+	/* Set up fake conntrack: to never be deleted, not in any hashes */
+#ifdef CONFIG_NET_NS
+	nf_conntrack_untracked.ct_net = &init_net;
+#endif
+	atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
+	/*  - and look it like as a confirmed connection */
+	set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
+
 	return 0;
 
 err_helper:
@@ -1272,15 +1281,6 @@ static int nf_conntrack_init_net(struct net *net)
 	if (ret < 0)
 		goto err_acct;
 
-	/* Set up fake conntrack:
-	    - to never be deleted, not in any hashes */
-#ifdef CONFIG_NET_NS
-	nf_conntrack_untracked.ct_net = &init_net;
-#endif
-	atomic_set(&nf_conntrack_untracked.ct_general.use, 1);
-	/*  - and look it like as a confirmed connection */
-	set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status);
-
 	return 0;
 
 err_acct:


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1784.2.13
retrieving revision 1.1784.2.14
diff -u -p -r1.1784.2.13 -r1.1784.2.14
--- kernel.spec	2 Feb 2010 23:39:59 -0000	1.1784.2.13
+++ kernel.spec	3 Feb 2010 20:31:49 -0000	1.1784.2.14
@@ -852,6 +852,9 @@ Patch16472: fuse-fix-kunmap-in-fuse_ioct
 # kernel commit e9024a059f2c17fb2bfab212ee9d31511d7b8e57
 Patch16473: linux-2.6-libertas-crash.patch
 
+# rhbz#533087
+Patch16474: fix-conntrack-bug-with-namespaces.patch
+
 # cve-2010-0006
 Patch16500: ipv6-skb_dst-can-be-null-in-ipv6_hop_jumbo.patch
 # cve-2010-0007
@@ -1629,6 +1632,9 @@ ApplyPatch fuse-fix-kunmap-in-fuse_ioctl
 # libertas 64-bit crash fix [e9024a059f2c17fb2bfab212ee9d31511d7b8e57]
 ApplyPatch linux-2.6-libertas-crash.patch
 
+# rhbz#533087
+ApplyPatch fix-conntrack-bug-with-namespaces.patch
+
 # cve-2010-0006
 ApplyPatch ipv6-skb_dst-can-be-null-in-ipv6_hop_jumbo.patch
 # cve-2010-0007
@@ -2247,6 +2253,9 @@ fi
 # and build.
 
 %changelog
+* Wed Feb 03 2010 Kyle McMartin <kyle at redhat.com>
+- fix-conntrack-bug-with-namespaces.patch (rhbz#533087) fix kvm crash.
+
 * Tue Feb 02 2010 Chuck Ebbert <cebbert at redhat.com>  2.6.30.10-105.2.13
 - Add x86 and sparc bits of the CVE-2010-0307 fix.