netfilter: nf_ct_expect: use proper RCU list traversal/update APIs

We should use proper RCU list APIs to manipulate help->expectations, as we can dump the conntrack's expectations via nfnetlink, i.e. in ctnetlink_exp_ct_dump_table(), where only rcu_read_lock is acquired. So for list traversal, use hlist_for_each_entry_rcu; for list add/del, use hlist_add_head_rcu and hlist_del_rcu. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <zlpnobody@gmail.com> 2017-04-02 06:25:37 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-04-08 17:52:17 -0400
commit: 7cddd967bfc2e4fc6b3218c2ddc67fbeed433ad3 (patch)
tree: a6f7bdfda4629a5a413b941c2a76ce965ee9b61e
parent: 207df81501021f6d1a935cebf8e1f34d6d25564b (diff)
2 files changed, 5 insertions, 5 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 4b2e1fb28bb4..d80073037856 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -57,7 +57,7 @@ void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
        hlist_del_rcu(&exp->hnode);
        net->ct.expect_count--;
-        hlist_del(&exp->lnode);
+        hlist_del_rcu(&exp->lnode);
        master_help->expecting[exp->class]--;
        nf_ct_expect_event_report(IPEXP_DESTROY, exp, portid, report);
@@ -363,7 +363,7 @@ static void nf_ct_expect_insert(struct nf_conntrack_expect *exp)
        /* two references : one for hash insert, one for the timer */
        atomic_add(2, &exp->use);
-        hlist_add_head(&exp->lnode, &master_help->expectations);
+        hlist_add_head_rcu(&exp->lnode, &master_help->expectations);
        master_help->expecting[exp->class]++;
        hlist_add_head_rcu(&exp->hnode, &nf_ct_expect_hash[h]);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index f78eadba343d..dc7dfd68fafe 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2680,8 +2680,8 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
        last = (struct nf_conntrack_expect *)cb->args[1];
        for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) {
 restart:
-                hlist_for_each_entry(exp, &nf_ct_expect_hash[cb->args[0]],
+                hlist_for_each_entry_rcu(exp, &nf_ct_expect_hash[cb->args[0]],
-                                     hnode) {
+                                         hnode) {
                        if (l3proto && exp->tuple.src.l3num != l3proto)
                                continue;
@@ -2732,7 +2732,7 @@ ctnetlink_exp_ct_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
        rcu_read_lock();
        last = (struct nf_conntrack_expect *)cb->args[1];
 restart:
-        hlist_for_each_entry(exp, &help->expectations, lnode) {
+        hlist_for_each_entry_rcu(exp, &help->expectations, lnode) {
                if (l3proto && exp->tuple.src.l3num != l3proto)
                        continue;
                if (cb->args[1]) {
author	Liping Zhang <zlpnobody@gmail.com>	2017-04-02 06:25:37 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-04-08 17:52:17 -0400
commit	7cddd967bfc2e4fc6b3218c2ddc67fbeed433ad3 (patch)
tree	a6f7bdfda4629a5a413b941c2a76ce965ee9b61e
parent	207df81501021f6d1a935cebf8e1f34d6d25564b (diff)

diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 4b2e1fb28bb4..d80073037856 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c
@@ -57,7 +57,7 @@ void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
57	hlist_del_rcu(&exp->hnode);	57	hlist_del_rcu(&exp->hnode);
58	net->ct.expect_count--;	58	net->ct.expect_count--;
59		59
60	hlist_del(&exp->lnode);	60	hlist_del_rcu(&exp->lnode);
61	master_help->expecting[exp->class]--;	61	master_help->expecting[exp->class]--;
62		62
63	nf_ct_expect_event_report(IPEXP_DESTROY, exp, portid, report);	63	nf_ct_expect_event_report(IPEXP_DESTROY, exp, portid, report);
@@ -363,7 +363,7 @@ static void nf_ct_expect_insert(struct nf_conntrack_expect *exp)
363	/* two references : one for hash insert, one for the timer */	363	/* two references : one for hash insert, one for the timer */
364	atomic_add(2, &exp->use);	364	atomic_add(2, &exp->use);
365		365
366	hlist_add_head(&exp->lnode, &master_help->expectations);	366	hlist_add_head_rcu(&exp->lnode, &master_help->expectations);
367	master_help->expecting[exp->class]++;	367	master_help->expecting[exp->class]++;
368		368
369	hlist_add_head_rcu(&exp->hnode, &nf_ct_expect_hash[h]);	369	hlist_add_head_rcu(&exp->hnode, &nf_ct_expect_hash[h]);


diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index f78eadba343d..dc7dfd68fafe 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2680,8 +2680,8 @@ ctnetlink_exp_dump_table(struct sk_buff skb, struct netlink_callback cb)
2680	last = (struct nf_conntrack_expect *)cb->args[1];	2680	last = (struct nf_conntrack_expect *)cb->args[1];
2681	for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) {	2681	for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) {
2682	restart:	2682	restart:
2683	hlist_for_each_entry(exp, &nf_ct_expect_hash[cb->args[0]],	2683	hlist_for_each_entry_rcu(exp, &nf_ct_expect_hash[cb->args[0]],
2684	hnode) {	2684	hnode) {
2685	if (l3proto && exp->tuple.src.l3num != l3proto)	2685	if (l3proto && exp->tuple.src.l3num != l3proto)
2686	continue;	2686	continue;
2687		2687
@@ -2732,7 +2732,7 @@ ctnetlink_exp_ct_dump_table(struct sk_buff skb, struct netlink_callback cb)
2732	rcu_read_lock();	2732	rcu_read_lock();
2733	last = (struct nf_conntrack_expect *)cb->args[1];	2733	last = (struct nf_conntrack_expect *)cb->args[1];
2734	restart:	2734	restart:
2735	hlist_for_each_entry(exp, &help->expectations, lnode) {	2735	hlist_for_each_entry_rcu(exp, &help->expectations, lnode) {
2736	if (l3proto && exp->tuple.src.l3num != l3proto)	2736	if (l3proto && exp->tuple.src.l3num != l3proto)
2737	continue;	2737	continue;
2738	if (cb->args[1]) {	2738	if (cb->args[1]) {