aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/netfilter/nf_conntrack_expect.h2
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c14
-rw-r--r--net/netfilter/nf_conntrack_expect.c43
-rw-r--r--net/netfilter/nf_conntrack_netlink.c7
4 files changed, 41 insertions, 25 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 6c3fd254c28e..cb608a1b44e5 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -49,6 +49,8 @@ struct nf_conntrack_expect
49 /* Direction relative to the master connection. */ 49 /* Direction relative to the master connection. */
50 enum ip_conntrack_dir dir; 50 enum ip_conntrack_dir dir;
51#endif 51#endif
52
53 struct rcu_head rcu;
52}; 54};
53 55
54#define NF_CT_EXPECT_PERMANENT 0x1 56#define NF_CT_EXPECT_PERMANENT 0x1
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 543c02b74c96..2fdcd9233a03 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -191,10 +191,12 @@ struct ct_expect_iter_state {
191static struct hlist_node *ct_expect_get_first(struct seq_file *seq) 191static struct hlist_node *ct_expect_get_first(struct seq_file *seq)
192{ 192{
193 struct ct_expect_iter_state *st = seq->private; 193 struct ct_expect_iter_state *st = seq->private;
194 struct hlist_node *n;
194 195
195 for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) { 196 for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {
196 if (!hlist_empty(&nf_ct_expect_hash[st->bucket])) 197 n = rcu_dereference(nf_ct_expect_hash[st->bucket].first);
197 return nf_ct_expect_hash[st->bucket].first; 198 if (n)
199 return n;
198 } 200 }
199 return NULL; 201 return NULL;
200} 202}
@@ -204,11 +206,11 @@ static struct hlist_node *ct_expect_get_next(struct seq_file *seq,
204{ 206{
205 struct ct_expect_iter_state *st = seq->private; 207 struct ct_expect_iter_state *st = seq->private;
206 208
207 head = head->next; 209 head = rcu_dereference(head->next);
208 while (head == NULL) { 210 while (head == NULL) {
209 if (++st->bucket >= nf_ct_expect_hsize) 211 if (++st->bucket >= nf_ct_expect_hsize)
210 return NULL; 212 return NULL;
211 head = nf_ct_expect_hash[st->bucket].first; 213 head = rcu_dereference(nf_ct_expect_hash[st->bucket].first);
212 } 214 }
213 return head; 215 return head;
214} 216}
@@ -225,7 +227,7 @@ static struct hlist_node *ct_expect_get_idx(struct seq_file *seq, loff_t pos)
225 227
226static void *exp_seq_start(struct seq_file *seq, loff_t *pos) 228static void *exp_seq_start(struct seq_file *seq, loff_t *pos)
227{ 229{
228 read_lock_bh(&nf_conntrack_lock); 230 rcu_read_lock();
229 return ct_expect_get_idx(seq, *pos); 231 return ct_expect_get_idx(seq, *pos);
230} 232}
231 233
@@ -237,7 +239,7 @@ static void *exp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
237 239
238static void exp_seq_stop(struct seq_file *seq, void *v) 240static void exp_seq_stop(struct seq_file *seq, void *v)
239{ 241{
240 read_unlock_bh(&nf_conntrack_lock); 242 rcu_read_unlock();
241} 243}
242 244
243static int exp_seq_show(struct seq_file *s, void *v) 245static int exp_seq_show(struct seq_file *s, void *v)
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index e405079e5a49..a5c8ef01f925 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -50,7 +50,7 @@ void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
50 NF_CT_ASSERT(master_help); 50 NF_CT_ASSERT(master_help);
51 NF_CT_ASSERT(!timer_pending(&exp->timeout)); 51 NF_CT_ASSERT(!timer_pending(&exp->timeout));
52 52
53 hlist_del(&exp->hnode); 53 hlist_del_rcu(&exp->hnode);
54 nf_ct_expect_count--; 54 nf_ct_expect_count--;
55 55
56 hlist_del(&exp->lnode); 56 hlist_del(&exp->lnode);
@@ -97,7 +97,7 @@ __nf_ct_expect_find(const struct nf_conntrack_tuple *tuple)
97 return NULL; 97 return NULL;
98 98
99 h = nf_ct_expect_dst_hash(tuple); 99 h = nf_ct_expect_dst_hash(tuple);
100 hlist_for_each_entry(i, n, &nf_ct_expect_hash[h], hnode) { 100 hlist_for_each_entry_rcu(i, n, &nf_ct_expect_hash[h], hnode) {
101 if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) 101 if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
102 return i; 102 return i;
103 } 103 }
@@ -111,11 +111,11 @@ nf_ct_expect_find_get(const struct nf_conntrack_tuple *tuple)
111{ 111{
112 struct nf_conntrack_expect *i; 112 struct nf_conntrack_expect *i;
113 113
114 read_lock_bh(&nf_conntrack_lock); 114 rcu_read_lock();
115 i = __nf_ct_expect_find(tuple); 115 i = __nf_ct_expect_find(tuple);
116 if (i) 116 if (i && !atomic_inc_not_zero(&i->use))
117 atomic_inc(&i->use); 117 i = NULL;
118 read_unlock_bh(&nf_conntrack_lock); 118 rcu_read_unlock();
119 119
120 return i; 120 return i;
121} 121}
@@ -223,6 +223,7 @@ struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me)
223 223
224 new->master = me; 224 new->master = me;
225 atomic_set(&new->use, 1); 225 atomic_set(&new->use, 1);
226 INIT_RCU_HEAD(&new->rcu);
226 return new; 227 return new;
227} 228}
228EXPORT_SYMBOL_GPL(nf_ct_expect_alloc); 229EXPORT_SYMBOL_GPL(nf_ct_expect_alloc);
@@ -278,10 +279,18 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
278} 279}
279EXPORT_SYMBOL_GPL(nf_ct_expect_init); 280EXPORT_SYMBOL_GPL(nf_ct_expect_init);
280 281
282static void nf_ct_expect_free_rcu(struct rcu_head *head)
283{
284 struct nf_conntrack_expect *exp;
285
286 exp = container_of(head, struct nf_conntrack_expect, rcu);
287 kmem_cache_free(nf_ct_expect_cachep, exp);
288}
289
281void nf_ct_expect_put(struct nf_conntrack_expect *exp) 290void nf_ct_expect_put(struct nf_conntrack_expect *exp)
282{ 291{
283 if (atomic_dec_and_test(&exp->use)) 292 if (atomic_dec_and_test(&exp->use))
284 kmem_cache_free(nf_ct_expect_cachep, exp); 293 call_rcu(&exp->rcu, nf_ct_expect_free_rcu);
285} 294}
286EXPORT_SYMBOL_GPL(nf_ct_expect_put); 295EXPORT_SYMBOL_GPL(nf_ct_expect_put);
287 296
@@ -295,7 +304,7 @@ static void nf_ct_expect_insert(struct nf_conntrack_expect *exp)
295 hlist_add_head(&exp->lnode, &master_help->expectations); 304 hlist_add_head(&exp->lnode, &master_help->expectations);
296 master_help->expecting++; 305 master_help->expecting++;
297 306
298 hlist_add_head(&exp->hnode, &nf_ct_expect_hash[h]); 307 hlist_add_head_rcu(&exp->hnode, &nf_ct_expect_hash[h]);
299 nf_ct_expect_count++; 308 nf_ct_expect_count++;
300 309
301 setup_timer(&exp->timeout, nf_ct_expectation_timed_out, 310 setup_timer(&exp->timeout, nf_ct_expectation_timed_out,
@@ -394,10 +403,12 @@ struct ct_expect_iter_state {
394static struct hlist_node *ct_expect_get_first(struct seq_file *seq) 403static struct hlist_node *ct_expect_get_first(struct seq_file *seq)
395{ 404{
396 struct ct_expect_iter_state *st = seq->private; 405 struct ct_expect_iter_state *st = seq->private;
406 struct hlist_node *n;
397 407
398 for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) { 408 for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {
399 if (!hlist_empty(&nf_ct_expect_hash[st->bucket])) 409 n = rcu_dereference(nf_ct_expect_hash[st->bucket].first);
400 return nf_ct_expect_hash[st->bucket].first; 410 if (n)
411 return n;
401 } 412 }
402 return NULL; 413 return NULL;
403} 414}
@@ -407,11 +418,11 @@ static struct hlist_node *ct_expect_get_next(struct seq_file *seq,
407{ 418{
408 struct ct_expect_iter_state *st = seq->private; 419 struct ct_expect_iter_state *st = seq->private;
409 420
410 head = head->next; 421 head = rcu_dereference(head->next);
411 while (head == NULL) { 422 while (head == NULL) {
412 if (++st->bucket >= nf_ct_expect_hsize) 423 if (++st->bucket >= nf_ct_expect_hsize)
413 return NULL; 424 return NULL;
414 head = nf_ct_expect_hash[st->bucket].first; 425 head = rcu_dereference(nf_ct_expect_hash[st->bucket].first);
415 } 426 }
416 return head; 427 return head;
417} 428}
@@ -427,9 +438,9 @@ static struct hlist_node *ct_expect_get_idx(struct seq_file *seq, loff_t pos)
427} 438}
428 439
429static void *exp_seq_start(struct seq_file *seq, loff_t *pos) 440static void *exp_seq_start(struct seq_file *seq, loff_t *pos)
430 __acquires(nf_conntrack_lock) 441 __acquires(RCU)
431{ 442{
432 read_lock_bh(&nf_conntrack_lock); 443 rcu_read_lock();
433 return ct_expect_get_idx(seq, *pos); 444 return ct_expect_get_idx(seq, *pos);
434} 445}
435 446
@@ -440,9 +451,9 @@ static void *exp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
440} 451}
441 452
442static void exp_seq_stop(struct seq_file *seq, void *v) 453static void exp_seq_stop(struct seq_file *seq, void *v)
443 __releases(nf_conntrack_lock) 454 __releases(RCU)
444{ 455{
445 read_unlock_bh(&nf_conntrack_lock); 456 rcu_read_unlock();
446} 457}
447 458
448static int exp_seq_show(struct seq_file *s, void *v) 459static int exp_seq_show(struct seq_file *s, void *v)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index b6c0935e09df..557f47137da0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1471,7 +1471,7 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1471 struct hlist_node *n; 1471 struct hlist_node *n;
1472 u_int8_t l3proto = nfmsg->nfgen_family; 1472 u_int8_t l3proto = nfmsg->nfgen_family;
1473 1473
1474 read_lock_bh(&nf_conntrack_lock); 1474 rcu_read_lock();
1475 last = (struct nf_conntrack_expect *)cb->args[1]; 1475 last = (struct nf_conntrack_expect *)cb->args[1];
1476 for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) { 1476 for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) {
1477restart: 1477restart:
@@ -1488,7 +1488,8 @@ restart:
1488 cb->nlh->nlmsg_seq, 1488 cb->nlh->nlmsg_seq,
1489 IPCTNL_MSG_EXP_NEW, 1489 IPCTNL_MSG_EXP_NEW,
1490 1, exp) < 0) { 1490 1, exp) < 0) {
1491 atomic_inc(&exp->use); 1491 if (!atomic_inc_not_zero(&exp->use))
1492 continue;
1492 cb->args[1] = (unsigned long)exp; 1493 cb->args[1] = (unsigned long)exp;
1493 goto out; 1494 goto out;
1494 } 1495 }
@@ -1499,7 +1500,7 @@ restart:
1499 } 1500 }
1500 } 1501 }
1501out: 1502out:
1502 read_unlock_bh(&nf_conntrack_lock); 1503 rcu_read_unlock();
1503 if (last) 1504 if (last)
1504 nf_ct_expect_put(last); 1505 nf_ct_expect_put(last);
1505 1506