diff options
author | Patrick McHardy <kaber@trash.net> | 2007-02-12 20:13:58 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-02-12 20:13:58 +0100 |
commit | 6b48a7d08d1bb2e3932bce1662fe411304acc18f (patch) | |
tree | f0405cee3ff4fb3898a2a691e25cd77c31e392d8 /net | |
parent | [NETFILTER]: nf_conntrack: fix invalid conntrack statistics RCU assumption (diff) | |
download | linux-6b48a7d08d1bb2e3932bce1662fe411304acc18f.tar.xz linux-6b48a7d08d1bb2e3932bce1662fe411304acc18f.zip |
[NETFILTER]: ip_conntrack: properly use RCU for ip_conntrack_destroyed callback
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 9 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 7 |
2 files changed, 10 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a7e34d007ab0..07ba1dd136b5 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c @@ -303,6 +303,7 @@ destroy_conntrack(struct nf_conntrack *nfct) struct ip_conntrack *ct = (struct ip_conntrack *)nfct; struct ip_conntrack_protocol *proto; struct ip_conntrack_helper *helper; + typeof(ip_conntrack_destroyed) destroyed; DEBUGP("destroy_conntrack(%p)\n", ct); IP_NF_ASSERT(atomic_read(&nfct->use) == 0); @@ -322,10 +323,12 @@ destroy_conntrack(struct nf_conntrack *nfct) proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); if (proto && proto->destroy) proto->destroy(ct); - rcu_read_unlock(); - if (ip_conntrack_destroyed) - ip_conntrack_destroyed(ct); + destroyed = rcu_dereference(ip_conntrack_destroyed); + if (destroyed) + destroyed(ct); + + rcu_read_unlock(); write_lock_bh(&ip_conntrack_lock); /* Expectations will have been removed in clean_from_lists, diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 18daabc22069..40737fdbe9a7 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c @@ -604,8 +604,8 @@ static int __init ip_nat_init(void) } /* FIXME: Man, this is a hack. <SIGH> */ - IP_NF_ASSERT(ip_conntrack_destroyed == NULL); - ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; + IP_NF_ASSERT(rcu_dereference(ip_conntrack_destroyed) == NULL); + rcu_assign_pointer(ip_conntrack_destroyed, ip_nat_cleanup_conntrack); /* Initialize fake conntrack so that NAT will skip it */ ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK; @@ -623,7 +623,8 @@ static int clean_nat(struct ip_conntrack *i, void *data) static void __exit ip_nat_cleanup(void) { ip_ct_iterate_cleanup(&clean_nat, NULL); - ip_conntrack_destroyed = NULL; + rcu_assign_pointer(ip_conntrack_destroyed, NULL); + synchronize_rcu(); vfree(bysource); } |