[tproxy] Deadlock in tproxy
Balazs Scheidler
bazsi at balabit.hu
Thu Jun 7 13:25:08 CEST 2007
On Wed, 2007-06-06 at 16:07 +0800, Daniel wrote:
> I think there is deadlock in tproxy. Two CPUs will wait for each other, ip_conntrack_lock and ip_nat_lock will never be unlocked.
> To reproduce this deadlock, we need ftp traffic(or other traffic which yields expect) and iptable_tproxy loaded.
>
> Plz see call trace below:
>
> CPU0 call trace:
>
> run_timer_softirq <-- invoked by timer
> death_by_timeout <-- write_lock_bh(&ip_conntrack_lock)
> clean_from_lists
> remove_expectations
> unexpect_related
> __unexpect_related
> ip_conntrack_expect_put
> ip_conntrack_expect_destroyed <-- hooked by nat_reservation patch
> #######
> #ifdef CONFIG_IP_NF_NAT_NRES
> ip_conntrack_expect_destroyed = &ip_nat_reserved_cleanup_expect;
> #endif
> #######
> ip_nat_reserved_cleanup_expect
> ip_nat_reserved_unregister_all <-- write_lock_bh(&ip_nat_lock) ##failed##
> [waiting...]
>
> CPU1 call trace:
>
> ip_tproxy_fn
> ip_tproxy_setup_nat
> ip_tproxy_setup_nat_bidir <-- write_lock_bh(&ip_nat_lock)
> ip_nat_setup_info
> ip_conntrack_alter_reply <-- write_lock_bh(&ip_conntrack_lock) ##failed##
> [waiting...]
I see, we don't usually use conntrack helpers and tproxy together, as
the functionality of the helper is performed by our proxies. I'll see
what I can do.
--
Bazsi
More information about the tproxy
mailing list