diff options
author | Patrick McHardy <kaber@trash.net> | 2007-02-12 20:13:43 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-02-12 20:13:43 +0100 |
commit | c0e912d7ed8999f87fa7f084928aac1266e251f3 (patch) | |
tree | ec48a83001871b4e0db78ee9eab520a1fbb02e14 /include/net | |
parent | [NETFILTER]: ip_conntrack: fix invalid conntrack statistics RCU assumption (diff) | |
download | linux-c0e912d7ed8999f87fa7f084928aac1266e251f3.tar.xz linux-c0e912d7ed8999f87fa7f084928aac1266e251f3.zip |
[NETFILTER]: nf_conntrack: fix invalid conntrack statistics RCU assumption
NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables
preemption as well, making it legal to use __get_cpu_var without
disabling preemption manually. The assumption is not correct anymore
with preemptable RCU, additionally we need to protect against softirqs
when not holding nf_conntrack_lock.
Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs,
and use where necessary.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 68ec27490c20..0e690e34c00b 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -257,6 +257,12 @@ extern int nf_conntrack_max; DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) +#define NF_CT_STAT_INC_ATOMIC(count) \ +do { \ + local_bh_disable(); \ + __get_cpu_var(nf_conntrack_stat).count++; \ + local_bh_enable(); \ +} while (0) /* no helper, no nat */ #define NF_CT_F_BASIC 0 |