aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/netfilter
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-02-12 11:13:43 -0800
committerDavid S. Miller <davem@davemloft.net>2007-02-12 11:13:43 -0800
commitc0e912d7ed8999f87fa7f084928aac1266e251f3 (patch)
treeec48a83001871b4e0db78ee9eab520a1fbb02e14 /include/net/netfilter
parent[NETFILTER]: ip_conntrack: fix invalid conntrack statistics RCU assumption (diff)
downloadlinux-dev-c0e912d7ed8999f87fa7f084928aac1266e251f3.tar.xz
linux-dev-c0e912d7ed8999f87fa7f084928aac1266e251f3.zip
[NETFILTER]: nf_conntrack: fix invalid conntrack statistics RCU assumption
NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables preemption as well, making it legal to use __get_cpu_var without disabling preemption manually. The assumption is not correct anymore with preemptable RCU, additionally we need to protect against softirqs when not holding nf_conntrack_lock. Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs, and use where necessary. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/netfilter')
-rw-r--r--include/net/netfilter/nf_conntrack.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 68ec27490c20..0e690e34c00b 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -257,6 +257,12 @@ extern int nf_conntrack_max;
DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat);
#define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++)
+#define NF_CT_STAT_INC_ATOMIC(count) \
+do { \
+ local_bh_disable(); \
+ __get_cpu_var(nf_conntrack_stat).count++; \
+ local_bh_enable(); \
+} while (0)
/* no helper, no nat */
#define NF_CT_F_BASIC 0
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.