From 55871d04793d9c069ee277b1e98794b88d92ed80 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:51 +0200 Subject: [NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks New extensions may only be added to unconfirmed conntracks to avoid races when reallocating the storage. Also change NF_CT_ASSERT to use WARN_ON to get backtraces. Signed-off-by: Patrick McHardy --- net/netfilter/nf_conntrack_extend.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/netfilter') diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c index 2bd9963b5b3e..bcc19fa4ed1e 100644 --- a/net/netfilter/nf_conntrack_extend.c +++ b/net/netfilter/nf_conntrack_extend.c @@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) int i, newlen, newoff; struct nf_ct_ext_type *t; + /* Conntrack must not be confirmed to avoid races on reallocation. */ + NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); + if (!ct->ext) return nf_ct_ext_create(&ct->ext, id, gfp); -- cgit v1.2.3-59-g8ed1b