diff options
author | Patrick McHardy <kaber@trash.net> | 2007-02-12 14:13:14 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-02-12 14:13:14 -0500 |
commit | abbaccda4c364815b8b1a82c45a94f60760e13e1 (patch) | |
tree | 58e28cc25db59456092fc760b7a29e6d223610c5 /include/linux | |
parent | 923f4902fefdf4e89b0fb32c4e069d4f57d704f5 (diff) |
[NETFILTER]: ip_conntrack: fix invalid conntrack statistics RCU assumption
CONNTRACK_STAT_INC assumes rcu_read_lock in nf_hook_slow disables
preemption as well, making it legal to use __get_cpu_var without
disabling preemption manually. The assumption is not correct anymore
with preemptable RCU, additionally we need to protect against softirqs
when not holding ip_conntrack_lock.
Add CONNTRACK_STAT_INC_ATOMIC macro, which disables local softirqs,
and use where necessary.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 33581c13d947..da9274e6bf12 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
@@ -301,6 +301,12 @@ extern unsigned int ip_conntrack_htable_size; | |||
301 | extern int ip_conntrack_checksum; | 301 | extern int ip_conntrack_checksum; |
302 | 302 | ||
303 | #define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++) | 303 | #define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++) |
304 | #define CONNTRACK_STAT_INC_ATOMIC(count) \ | ||
305 | do { \ | ||
306 | local_bh_disable(); \ | ||
307 | __get_cpu_var(ip_conntrack_stat).count++; \ | ||
308 | local_bh_enable(); \ | ||
309 | } while (0) | ||
304 | 310 | ||
305 | #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS | 311 | #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS |
306 | #include <linux/notifier.h> | 312 | #include <linux/notifier.h> |