lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: ip_conntrack: properly use RCU for ip_conntrack_destroyed callback

Browse Source 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2007-02-12 11:13:58 -08:00
committed by David S. Miller
parent c0e912d7ed
commit 6b48a7d08d
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
net/ipv4/netfilter/ip_conntrack_core.c
View File

@@ -303,6 +303,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
struct ip_conntrack *ct = (struct ip_conntrack *)nfct; struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
struct ip_conntrack_protocol *proto; struct ip_conntrack_protocol *proto;
struct ip_conntrack_helper *helper; struct ip_conntrack_helper *helper;
typeof(ip_conntrack_destroyed) destroyed;
DEBUGP("destroy_conntrack(%p)\n", ct); DEBUGP("destroy_conntrack(%p)\n", ct);
IP_NF_ASSERT(atomic_read(&nfct->use) == 0); IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
@@ -322,10 +323,12 @@ destroy_conntrack(struct nf_conntrack *nfct)
proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
if (proto && proto->destroy) if (proto && proto->destroy)
proto->destroy(ct); proto->destroy(ct);
rcu_read_unlock();
if (ip_conntrack_destroyed) destroyed = rcu_dereference(ip_conntrack_destroyed);
ip_conntrack_destroyed(ct); if (destroyed)
destroyed(ct);
rcu_read_unlock();
write_lock_bh(&ip_conntrack_lock); write_lock_bh(&ip_conntrack_lock);
/* Expectations will have been removed in clean_from_lists, /* Expectations will have been removed in clean_from_lists,

7
net/ipv4/netfilter/ip_nat_core.c
View File

@@ -604,8 +604,8 @@ static int __init ip_nat_init(void)
} }
/* FIXME: Man, this is a hack. <SIGH> */ /* FIXME: Man, this is a hack. <SIGH> */
IP_NF_ASSERT(ip_conntrack_destroyed == NULL); IP_NF_ASSERT(rcu_dereference(ip_conntrack_destroyed) == NULL);
ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; rcu_assign_pointer(ip_conntrack_destroyed, ip_nat_cleanup_conntrack);
/* Initialize fake conntrack so that NAT will skip it */ /* Initialize fake conntrack so that NAT will skip it */
ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK; ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
@@ -623,7 +623,8 @@ static int clean_nat(struct ip_conntrack *i, void *data)
static void __exit ip_nat_cleanup(void) static void __exit ip_nat_cleanup(void)
{ {
ip_ct_iterate_cleanup(&clean_nat, NULL); ip_ct_iterate_cleanup(&clean_nat, NULL);
ip_conntrack_destroyed = NULL; rcu_assign_pointer(ip_conntrack_destroyed, NULL);
synchronize_rcu();
vfree(bysource); vfree(bysource);
} }