src/patches/suse-2.6.27.31/patches.suse/SoN-24-emergency-nf_queue.patch

   1 From: Peter Zijlstra <a.p.zijlstra@chello.nl>
   2 Subject: netfilter: NF_QUEUE vs emergency skbs
   3 Patch-mainline: No
   4 References: FATE#303834
   5
   6 Avoid memory getting stuck waiting for userspace, drop all emergency packets.
   7 This of course requires the regular storage route to not include an NF_QUEUE
   8 target ;-)
   9
  10 Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
  11 Acked-by: Neil Brown <neilb@suse.de>
  12 Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
  13
  14 ---
  15  net/netfilter/core.c |    3 +++
  16  1 file changed, 3 insertions(+)
  17
  18 Index: linux-2.6.26/net/netfilter/core.c
  19 ===================================================================
  20 --- linux-2.6.26.orig/net/netfilter/core.c
  21 +++ linux-2.6.26/net/netfilter/core.c
  22 @@ -184,9 +184,12 @@ next_hook:
  23                 ret = 1;
  24                 goto unlock;
  25         } else if (verdict == NF_DROP) {
  26 +drop:
  27                 kfree_skb(skb);
  28                 ret = -EPERM;
  29         } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
  30 +               if (skb_emergency(skb))
  31 +                       goto drop;
  32                 if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
  33                               verdict >> NF_VERDICT_BITS))
  34                         goto next_hook;