summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-06-18 00:51:47 +0200
committerDavid S. Miller <davem@davemloft.net>2008-06-18 00:51:47 +0200
commit68b80f11380889996aa7eadba29dbbb5c29a5864 (patch)
treee6425d1ee4d15713678e60cd03bd5f514385e6e5 /include
parentatm: [he] send idle cells instead of unassigned when in SDH mode (diff)
downloadlinux-68b80f11380889996aa7eadba29dbbb5c29a5864.tar.xz
linux-68b80f11380889996aa7eadba29dbbb5c29a5864.zip
netfilter: nf_nat: fix RCU races
Fix three ct_extend/NAT extension related races: - When cleaning up the extension area and removing it from the bysource hash, the nat->ct pointer must not be set to NULL since it may still be used in a RCU read side - When replacing a NAT extension area in the bysource hash, the nat->ct pointer must be assigned before performing the replacement - When reallocating extension storage in ct_extend, the old memory must not be freed immediately since it may still be used by a RCU read side Possibly fixes https://bugzilla.redhat.com/show_bug.cgi?id=449315 and/or http://bugzilla.kernel.org/show_bug.cgi?id=10875 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_conntrack_extend.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
index f736e842977f..f80c0ed6d870 100644
--- a/include/net/netfilter/nf_conntrack_extend.h
+++ b/include/net/netfilter/nf_conntrack_extend.h
@@ -15,6 +15,7 @@ enum nf_ct_ext_id
/* Extensions: optional stuff which isn't permanently in struct. */
struct nf_ct_ext {
+ struct rcu_head rcu;
u8 offset[NF_CT_EXT_NUM];
u8 len;
char data[0];