projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b7779d0) | patch
netfilter: avoid race with exp->master ct
authorJesper Dangaard Brouer <brouer@redhat.com>
Mon, 3 Mar 2014 13:45:39 +0000 (14:45 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 7 Mar 2014 10:40:47 +0000 (11:40 +0100)
commite1b207dac13ddb2f8ddebc7dc9729a97421909bd
tree971503a1e212f5f42b3e50d9540c9ee409bf30fdtree | snapshot (tar.gz zip)
parentb7779d06f9950e14a008a2de970b44233fe49c86commit | diff
netfilter: avoid race with exp->master ct

Preparation for disconnecting the nf_conntrack_lock from the
expectations code.  Once the nf_conntrack_lock is lifted, a race
condition is exposed.

The expectations master conntrack exp->master, can race with
delete operations, as the refcnt increment happens too late in
init_conntrack().  Race is against other CPUs invoking
->destroy() (destroy_conntrack()), or nf_ct_delete() (via timeout
or early_drop()).

Avoid this race in nf_ct_find_expectation() by using atomic_inc_not_zero(),
and checking if nf_ct_is_dying() (path via nf_ct_delete()).

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_core.c diff | blob | blame | history
net/netfilter/nf_conntrack_expect.c diff | blob | blame | history