netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks - linux-dev - Linux kernel development work

diff options

author	Florian Westphal <fw@strlen.de>	2019-10-15 15:19:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-17 11:46:51 +0200
commit	49ca022bccc577d323526215092040fe3b13d68b (patch)
tree	c8f09c6d9710875110ac3d12dcd9f5fcf83a2f24 /include/net
parent	Merge tag 'ipvs-next-for-v5.5' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next (diff)
download	linux-dev-49ca022bccc577d323526215092040fe3b13d68b.tar.xz linux-dev-49ca022bccc577d323526215092040fe3b13d68b.zip

netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks

When dumping the unconfirmed lists, the cpu that is processing the ct entry can reallocate ct->ext at any time. Right now accessing the extensions from another CPU is ok provided we're holding rcu read lock: extension reallocation does use rcu. Once RCU isn't used anymore this becomes unsafe, so skip extensions for the unconfirmed list. Dumping the extension area for confirmed or dying conntracks is fine: no reallocations are allowed and list iteration holds appropriate locks that prevent ct (and this ct->ext) from getting free'd. v2: fix compiler warnings due to misue of 'const' and missing return statement (kbuild robot). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include/net')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: