[kernel/f19] Use RCU safe kfree for conntrack (rhbz 1015989)

Josh Boyer jwboyer at fedoraproject.org
Tue Oct 8 12:40:58 UTC 2013 

commit b7939eea68395774562b750fac36e082deb7d24e
Author: Josh Boyer <jwboyer at fedoraproject.org>
Date:   Tue Oct 8 08:39:57 2013 -0400

    Use RCU safe kfree for conntrack (rhbz 1015989)

 kernel.spec                                        |   11 ++++++-
 ...f_conntrack-use-RCU-safe-kfree-for-conntr.patch |   35 ++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index 5067eda..b9e815b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 200
+%global baserelease 201
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -763,6 +763,9 @@ Patch25118: bonding-driver-promisc.patch
 #CVE-2013-4387 rhbz 1011927 1015166
 Patch25121: ipv6-udp-packets-following-an-UFO-enqueued-packet-ne.patch
 
+#rhbz 1015989
+Patch25122: netfilter-nf_conntrack-use-RCU-safe-kfree-for-conntr.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1474,6 +1477,9 @@ ApplyPatch bonding-driver-promisc.patch
 #CVE-2013-4387 rhbz 1011927 1015166
 ApplyPatch ipv6-udp-packets-following-an-UFO-enqueued-packet-ne.patch
 
+#rhbz 1015989
+ApplyPatch netfilter-nf_conntrack-use-RCU-safe-kfree-for-conntr.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2286,6 +2292,9 @@ fi
 # and build.
 
 %changelog
+* Tue Oct 08 2013 Josh Boyer <jwboyer at fedoraproject.org>
+- Use RCU safe kfree for conntrack (rhbz 1015989)
+
 * Mon Oct 7 2013 Justin M. Forbes <jforbes at fedoraproject.org>
 - Linux v3.11.4
 
diff --git a/netfilter-nf_conntrack-use-RCU-safe-kfree-for-conntr.patch b/netfilter-nf_conntrack-use-RCU-safe-kfree-for-conntr.patch
new file mode 100644
index 0000000..fd8351f
--- /dev/null
+++ b/netfilter-nf_conntrack-use-RCU-safe-kfree-for-conntr.patch
@@ -0,0 +1,35 @@
+From c13a84a830a208fb3443628773c8ca0557773cc7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= <mkubecek at suse.cz>
+Date: Wed, 11 Sep 2013 10:17:27 +0200
+Subject: [PATCH] netfilter: nf_conntrack: use RCU safe kfree for conntrack
+ extensions
+
+Commit 68b80f11 (netfilter: nf_nat: fix RCU races) introduced
+RCU protection for freeing extension data when reallocation
+moves them to a new location. We need the same protection when
+freeing them in nf_ct_ext_free() in order to prevent a
+use-after-free by other threads referencing a NAT extension data
+via bysource list.
+
+Signed-off-by: Michal Kubecek <mkubecek at suse.cz>
+Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
+---
+ include/net/netfilter/nf_conntrack_extend.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
+index ff95434..88a1d40 100644
+--- a/include/net/netfilter/nf_conntrack_extend.h
++++ b/include/net/netfilter/nf_conntrack_extend.h
+@@ -86,7 +86,7 @@ static inline void nf_ct_ext_destroy(struct nf_conn *ct)
+ static inline void nf_ct_ext_free(struct nf_conn *ct)
+ {
+ 	if (ct->ext)
+-		kfree(ct->ext);
++		kfree_rcu(ct->ext, rcu);
+ }
+ 
+ /* Add this type, returns pointer to data or NULL. */
+-- 
+1.8.3.1
+

More information about the scm-commits mailing list