diff options
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_amanda.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 84 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_ftp.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_irc.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_proto_sctp.c | 23 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 27 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 22 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 32 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 10 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_rule.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_standalone.c | 5 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 49 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 10 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 15 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_hashlimit.c | 17 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_helper.c | 4 |
18 files changed, 158 insertions, 167 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index df79f5ed6a0a..fa1634256680 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -60,7 +60,6 @@ static DECLARE_MUTEX(arpt_mutex); | |||
60 | 60 | ||
61 | #define ASSERT_READ_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) | 61 | #define ASSERT_READ_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) |
62 | #define ASSERT_WRITE_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) | 62 | #define ASSERT_WRITE_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) |
63 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
64 | #include <linux/netfilter_ipv4/listhelp.h> | 63 | #include <linux/netfilter_ipv4/listhelp.h> |
65 | 64 | ||
66 | struct arpt_table_info { | 65 | struct arpt_table_info { |
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index 3dbddd062605..a78a320eee08 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c | |||
@@ -26,7 +26,6 @@ | |||
26 | #include <net/checksum.h> | 26 | #include <net/checksum.h> |
27 | #include <net/udp.h> | 27 | #include <net/udp.h> |
28 | 28 | ||
29 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
30 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> | 29 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
31 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | 30 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> |
32 | 31 | ||
@@ -42,7 +41,7 @@ static char *conns[] = { "DATA ", "MESG ", "INDEX " }; | |||
42 | 41 | ||
43 | /* This is slow, but it's simple. --RR */ | 42 | /* This is slow, but it's simple. --RR */ |
44 | static char amanda_buffer[65536]; | 43 | static char amanda_buffer[65536]; |
45 | static DECLARE_LOCK(amanda_buffer_lock); | 44 | static DEFINE_SPINLOCK(amanda_buffer_lock); |
46 | 45 | ||
47 | unsigned int (*ip_nat_amanda_hook)(struct sk_buff **pskb, | 46 | unsigned int (*ip_nat_amanda_hook)(struct sk_buff **pskb, |
48 | enum ip_conntrack_info ctinfo, | 47 | enum ip_conntrack_info ctinfo, |
@@ -76,7 +75,7 @@ static int help(struct sk_buff **pskb, | |||
76 | return NF_ACCEPT; | 75 | return NF_ACCEPT; |
77 | } | 76 | } |
78 | 77 | ||
79 | LOCK_BH(&amanda_buffer_lock); | 78 | spin_lock_bh(&amanda_buffer_lock); |
80 | skb_copy_bits(*pskb, dataoff, amanda_buffer, (*pskb)->len - dataoff); | 79 | skb_copy_bits(*pskb, dataoff, amanda_buffer, (*pskb)->len - dataoff); |
81 | data = amanda_buffer; | 80 | data = amanda_buffer; |
82 | data_limit = amanda_buffer + (*pskb)->len - dataoff; | 81 | data_limit = amanda_buffer + (*pskb)->len - dataoff; |
@@ -134,7 +133,7 @@ static int help(struct sk_buff **pskb, | |||
134 | } | 133 | } |
135 | 134 | ||
136 | out: | 135 | out: |
137 | UNLOCK_BH(&amanda_buffer_lock); | 136 | spin_unlock_bh(&amanda_buffer_lock); |
138 | return ret; | 137 | return ret; |
139 | } | 138 | } |
140 | 139 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 09e824622977..a7377a331ade 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -38,10 +38,10 @@ | |||
38 | #include <linux/percpu.h> | 38 | #include <linux/percpu.h> |
39 | #include <linux/moduleparam.h> | 39 | #include <linux/moduleparam.h> |
40 | 40 | ||
41 | /* This rwlock protects the main hash table, protocol/helper/expected | 41 | /* ip_conntrack_lock protects the main hash table, protocol/helper/expected |
42 | registrations, conntrack timers*/ | 42 | registrations, conntrack timers*/ |
43 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock) | 43 | #define ASSERT_READ_LOCK(x) |
44 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_conntrack_lock) | 44 | #define ASSERT_WRITE_LOCK(x) |
45 | 45 | ||
46 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 46 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
47 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> | 47 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> |
@@ -57,7 +57,7 @@ | |||
57 | #define DEBUGP(format, args...) | 57 | #define DEBUGP(format, args...) |
58 | #endif | 58 | #endif |
59 | 59 | ||
60 | DECLARE_RWLOCK(ip_conntrack_lock); | 60 | DEFINE_RWLOCK(ip_conntrack_lock); |
61 | 61 | ||
62 | /* ip_conntrack_standalone needs this */ | 62 | /* ip_conntrack_standalone needs this */ |
63 | atomic_t ip_conntrack_count = ATOMIC_INIT(0); | 63 | atomic_t ip_conntrack_count = ATOMIC_INIT(0); |
@@ -147,7 +147,7 @@ static void destroy_expect(struct ip_conntrack_expect *exp) | |||
147 | 147 | ||
148 | static void unlink_expect(struct ip_conntrack_expect *exp) | 148 | static void unlink_expect(struct ip_conntrack_expect *exp) |
149 | { | 149 | { |
150 | MUST_BE_WRITE_LOCKED(&ip_conntrack_lock); | 150 | ASSERT_WRITE_LOCK(&ip_conntrack_lock); |
151 | list_del(&exp->list); | 151 | list_del(&exp->list); |
152 | /* Logically in destroy_expect, but we hold the lock here. */ | 152 | /* Logically in destroy_expect, but we hold the lock here. */ |
153 | exp->master->expecting--; | 153 | exp->master->expecting--; |
@@ -157,9 +157,9 @@ static void expectation_timed_out(unsigned long ul_expect) | |||
157 | { | 157 | { |
158 | struct ip_conntrack_expect *exp = (void *)ul_expect; | 158 | struct ip_conntrack_expect *exp = (void *)ul_expect; |
159 | 159 | ||
160 | WRITE_LOCK(&ip_conntrack_lock); | 160 | write_lock_bh(&ip_conntrack_lock); |
161 | unlink_expect(exp); | 161 | unlink_expect(exp); |
162 | WRITE_UNLOCK(&ip_conntrack_lock); | 162 | write_unlock_bh(&ip_conntrack_lock); |
163 | destroy_expect(exp); | 163 | destroy_expect(exp); |
164 | } | 164 | } |
165 | 165 | ||
@@ -209,7 +209,7 @@ clean_from_lists(struct ip_conntrack *ct) | |||
209 | unsigned int ho, hr; | 209 | unsigned int ho, hr; |
210 | 210 | ||
211 | DEBUGP("clean_from_lists(%p)\n", ct); | 211 | DEBUGP("clean_from_lists(%p)\n", ct); |
212 | MUST_BE_WRITE_LOCKED(&ip_conntrack_lock); | 212 | ASSERT_WRITE_LOCK(&ip_conntrack_lock); |
213 | 213 | ||
214 | ho = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 214 | ho = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
215 | hr = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); | 215 | hr = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); |
@@ -240,7 +240,7 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
240 | if (ip_conntrack_destroyed) | 240 | if (ip_conntrack_destroyed) |
241 | ip_conntrack_destroyed(ct); | 241 | ip_conntrack_destroyed(ct); |
242 | 242 | ||
243 | WRITE_LOCK(&ip_conntrack_lock); | 243 | write_lock_bh(&ip_conntrack_lock); |
244 | /* Expectations will have been removed in clean_from_lists, | 244 | /* Expectations will have been removed in clean_from_lists, |
245 | * except TFTP can create an expectation on the first packet, | 245 | * except TFTP can create an expectation on the first packet, |
246 | * before connection is in the list, so we need to clean here, | 246 | * before connection is in the list, so we need to clean here, |
@@ -254,7 +254,7 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
254 | } | 254 | } |
255 | 255 | ||
256 | CONNTRACK_STAT_INC(delete); | 256 | CONNTRACK_STAT_INC(delete); |
257 | WRITE_UNLOCK(&ip_conntrack_lock); | 257 | write_unlock_bh(&ip_conntrack_lock); |
258 | 258 | ||
259 | if (ct->master) | 259 | if (ct->master) |
260 | ip_conntrack_put(ct->master); | 260 | ip_conntrack_put(ct->master); |
@@ -268,12 +268,12 @@ static void death_by_timeout(unsigned long ul_conntrack) | |||
268 | { | 268 | { |
269 | struct ip_conntrack *ct = (void *)ul_conntrack; | 269 | struct ip_conntrack *ct = (void *)ul_conntrack; |
270 | 270 | ||
271 | WRITE_LOCK(&ip_conntrack_lock); | 271 | write_lock_bh(&ip_conntrack_lock); |
272 | /* Inside lock so preempt is disabled on module removal path. | 272 | /* Inside lock so preempt is disabled on module removal path. |
273 | * Otherwise we can get spurious warnings. */ | 273 | * Otherwise we can get spurious warnings. */ |
274 | CONNTRACK_STAT_INC(delete_list); | 274 | CONNTRACK_STAT_INC(delete_list); |
275 | clean_from_lists(ct); | 275 | clean_from_lists(ct); |
276 | WRITE_UNLOCK(&ip_conntrack_lock); | 276 | write_unlock_bh(&ip_conntrack_lock); |
277 | ip_conntrack_put(ct); | 277 | ip_conntrack_put(ct); |
278 | } | 278 | } |
279 | 279 | ||
@@ -282,7 +282,7 @@ conntrack_tuple_cmp(const struct ip_conntrack_tuple_hash *i, | |||
282 | const struct ip_conntrack_tuple *tuple, | 282 | const struct ip_conntrack_tuple *tuple, |
283 | const struct ip_conntrack *ignored_conntrack) | 283 | const struct ip_conntrack *ignored_conntrack) |
284 | { | 284 | { |
285 | MUST_BE_READ_LOCKED(&ip_conntrack_lock); | 285 | ASSERT_READ_LOCK(&ip_conntrack_lock); |
286 | return tuplehash_to_ctrack(i) != ignored_conntrack | 286 | return tuplehash_to_ctrack(i) != ignored_conntrack |
287 | && ip_ct_tuple_equal(tuple, &i->tuple); | 287 | && ip_ct_tuple_equal(tuple, &i->tuple); |
288 | } | 288 | } |
@@ -294,7 +294,7 @@ __ip_conntrack_find(const struct ip_conntrack_tuple *tuple, | |||
294 | struct ip_conntrack_tuple_hash *h; | 294 | struct ip_conntrack_tuple_hash *h; |
295 | unsigned int hash = hash_conntrack(tuple); | 295 | unsigned int hash = hash_conntrack(tuple); |
296 | 296 | ||
297 | MUST_BE_READ_LOCKED(&ip_conntrack_lock); | 297 | ASSERT_READ_LOCK(&ip_conntrack_lock); |
298 | list_for_each_entry(h, &ip_conntrack_hash[hash], list) { | 298 | list_for_each_entry(h, &ip_conntrack_hash[hash], list) { |
299 | if (conntrack_tuple_cmp(h, tuple, ignored_conntrack)) { | 299 | if (conntrack_tuple_cmp(h, tuple, ignored_conntrack)) { |
300 | CONNTRACK_STAT_INC(found); | 300 | CONNTRACK_STAT_INC(found); |
@@ -313,11 +313,11 @@ ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple, | |||
313 | { | 313 | { |
314 | struct ip_conntrack_tuple_hash *h; | 314 | struct ip_conntrack_tuple_hash *h; |
315 | 315 | ||
316 | READ_LOCK(&ip_conntrack_lock); | 316 | read_lock_bh(&ip_conntrack_lock); |
317 | h = __ip_conntrack_find(tuple, ignored_conntrack); | 317 | h = __ip_conntrack_find(tuple, ignored_conntrack); |
318 | if (h) | 318 | if (h) |
319 | atomic_inc(&tuplehash_to_ctrack(h)->ct_general.use); | 319 | atomic_inc(&tuplehash_to_ctrack(h)->ct_general.use); |
320 | READ_UNLOCK(&ip_conntrack_lock); | 320 | read_unlock_bh(&ip_conntrack_lock); |
321 | 321 | ||
322 | return h; | 322 | return h; |
323 | } | 323 | } |
@@ -352,7 +352,7 @@ __ip_conntrack_confirm(struct sk_buff **pskb) | |||
352 | IP_NF_ASSERT(!is_confirmed(ct)); | 352 | IP_NF_ASSERT(!is_confirmed(ct)); |
353 | DEBUGP("Confirming conntrack %p\n", ct); | 353 | DEBUGP("Confirming conntrack %p\n", ct); |
354 | 354 | ||
355 | WRITE_LOCK(&ip_conntrack_lock); | 355 | write_lock_bh(&ip_conntrack_lock); |
356 | 356 | ||
357 | /* See if there's one in the list already, including reverse: | 357 | /* See if there's one in the list already, including reverse: |
358 | NAT could have grabbed it without realizing, since we're | 358 | NAT could have grabbed it without realizing, since we're |
@@ -380,12 +380,12 @@ __ip_conntrack_confirm(struct sk_buff **pskb) | |||
380 | atomic_inc(&ct->ct_general.use); | 380 | atomic_inc(&ct->ct_general.use); |
381 | set_bit(IPS_CONFIRMED_BIT, &ct->status); | 381 | set_bit(IPS_CONFIRMED_BIT, &ct->status); |
382 | CONNTRACK_STAT_INC(insert); | 382 | CONNTRACK_STAT_INC(insert); |
383 | WRITE_UNLOCK(&ip_conntrack_lock); | 383 | write_unlock_bh(&ip_conntrack_lock); |
384 | return NF_ACCEPT; | 384 | return NF_ACCEPT; |
385 | } | 385 | } |
386 | 386 | ||
387 | CONNTRACK_STAT_INC(insert_failed); | 387 | CONNTRACK_STAT_INC(insert_failed); |
388 | WRITE_UNLOCK(&ip_conntrack_lock); | 388 | write_unlock_bh(&ip_conntrack_lock); |
389 | 389 | ||
390 | return NF_DROP; | 390 | return NF_DROP; |
391 | } | 391 | } |
@@ -398,9 +398,9 @@ ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple, | |||
398 | { | 398 | { |
399 | struct ip_conntrack_tuple_hash *h; | 399 | struct ip_conntrack_tuple_hash *h; |
400 | 400 | ||
401 | READ_LOCK(&ip_conntrack_lock); | 401 | read_lock_bh(&ip_conntrack_lock); |
402 | h = __ip_conntrack_find(tuple, ignored_conntrack); | 402 | h = __ip_conntrack_find(tuple, ignored_conntrack); |
403 | READ_UNLOCK(&ip_conntrack_lock); | 403 | read_unlock_bh(&ip_conntrack_lock); |
404 | 404 | ||
405 | return h != NULL; | 405 | return h != NULL; |
406 | } | 406 | } |
@@ -419,13 +419,13 @@ static int early_drop(struct list_head *chain) | |||
419 | struct ip_conntrack *ct = NULL; | 419 | struct ip_conntrack *ct = NULL; |
420 | int dropped = 0; | 420 | int dropped = 0; |
421 | 421 | ||
422 | READ_LOCK(&ip_conntrack_lock); | 422 | read_lock_bh(&ip_conntrack_lock); |
423 | h = LIST_FIND_B(chain, unreplied, struct ip_conntrack_tuple_hash *); | 423 | h = LIST_FIND_B(chain, unreplied, struct ip_conntrack_tuple_hash *); |
424 | if (h) { | 424 | if (h) { |
425 | ct = tuplehash_to_ctrack(h); | 425 | ct = tuplehash_to_ctrack(h); |
426 | atomic_inc(&ct->ct_general.use); | 426 | atomic_inc(&ct->ct_general.use); |
427 | } | 427 | } |
428 | READ_UNLOCK(&ip_conntrack_lock); | 428 | read_unlock_bh(&ip_conntrack_lock); |
429 | 429 | ||
430 | if (!ct) | 430 | if (!ct) |
431 | return dropped; | 431 | return dropped; |
@@ -508,7 +508,7 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, | |||
508 | conntrack->timeout.data = (unsigned long)conntrack; | 508 | conntrack->timeout.data = (unsigned long)conntrack; |
509 | conntrack->timeout.function = death_by_timeout; | 509 | conntrack->timeout.function = death_by_timeout; |
510 | 510 | ||
511 | WRITE_LOCK(&ip_conntrack_lock); | 511 | write_lock_bh(&ip_conntrack_lock); |
512 | exp = find_expectation(tuple); | 512 | exp = find_expectation(tuple); |
513 | 513 | ||
514 | if (exp) { | 514 | if (exp) { |
@@ -532,7 +532,7 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, | |||
532 | list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed); | 532 | list_add(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL].list, &unconfirmed); |
533 | 533 | ||
534 | atomic_inc(&ip_conntrack_count); | 534 | atomic_inc(&ip_conntrack_count); |
535 | WRITE_UNLOCK(&ip_conntrack_lock); | 535 | write_unlock_bh(&ip_conntrack_lock); |
536 | 536 | ||
537 | if (exp) { | 537 | if (exp) { |
538 | if (exp->expectfn) | 538 | if (exp->expectfn) |
@@ -723,17 +723,17 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) | |||
723 | { | 723 | { |
724 | struct ip_conntrack_expect *i; | 724 | struct ip_conntrack_expect *i; |
725 | 725 | ||
726 | WRITE_LOCK(&ip_conntrack_lock); | 726 | write_lock_bh(&ip_conntrack_lock); |
727 | /* choose the the oldest expectation to evict */ | 727 | /* choose the the oldest expectation to evict */ |
728 | list_for_each_entry_reverse(i, &ip_conntrack_expect_list, list) { | 728 | list_for_each_entry_reverse(i, &ip_conntrack_expect_list, list) { |
729 | if (expect_matches(i, exp) && del_timer(&i->timeout)) { | 729 | if (expect_matches(i, exp) && del_timer(&i->timeout)) { |
730 | unlink_expect(i); | 730 | unlink_expect(i); |
731 | WRITE_UNLOCK(&ip_conntrack_lock); | 731 | write_unlock_bh(&ip_conntrack_lock); |
732 | destroy_expect(i); | 732 | destroy_expect(i); |
733 | return; | 733 | return; |
734 | } | 734 | } |
735 | } | 735 | } |
736 | WRITE_UNLOCK(&ip_conntrack_lock); | 736 | write_unlock_bh(&ip_conntrack_lock); |
737 | } | 737 | } |
738 | 738 | ||
739 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(void) | 739 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(void) |
@@ -808,7 +808,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect) | |||
808 | DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple); | 808 | DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple); |
809 | DEBUGP("mask: "); DUMP_TUPLE(&expect->mask); | 809 | DEBUGP("mask: "); DUMP_TUPLE(&expect->mask); |
810 | 810 | ||
811 | WRITE_LOCK(&ip_conntrack_lock); | 811 | write_lock_bh(&ip_conntrack_lock); |
812 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { | 812 | list_for_each_entry(i, &ip_conntrack_expect_list, list) { |
813 | if (expect_matches(i, expect)) { | 813 | if (expect_matches(i, expect)) { |
814 | /* Refresh timer: if it's dying, ignore.. */ | 814 | /* Refresh timer: if it's dying, ignore.. */ |
@@ -832,7 +832,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect) | |||
832 | ip_conntrack_expect_insert(expect); | 832 | ip_conntrack_expect_insert(expect); |
833 | ret = 0; | 833 | ret = 0; |
834 | out: | 834 | out: |
835 | WRITE_UNLOCK(&ip_conntrack_lock); | 835 | write_unlock_bh(&ip_conntrack_lock); |
836 | return ret; | 836 | return ret; |
837 | } | 837 | } |
838 | 838 | ||
@@ -841,7 +841,7 @@ out: | |||
841 | void ip_conntrack_alter_reply(struct ip_conntrack *conntrack, | 841 | void ip_conntrack_alter_reply(struct ip_conntrack *conntrack, |
842 | const struct ip_conntrack_tuple *newreply) | 842 | const struct ip_conntrack_tuple *newreply) |
843 | { | 843 | { |
844 | WRITE_LOCK(&ip_conntrack_lock); | 844 | write_lock_bh(&ip_conntrack_lock); |
845 | /* Should be unconfirmed, so not in hash table yet */ | 845 | /* Should be unconfirmed, so not in hash table yet */ |
846 | IP_NF_ASSERT(!is_confirmed(conntrack)); | 846 | IP_NF_ASSERT(!is_confirmed(conntrack)); |
847 | 847 | ||
@@ -851,15 +851,15 @@ void ip_conntrack_alter_reply(struct ip_conntrack *conntrack, | |||
851 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply; | 851 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply; |
852 | if (!conntrack->master && conntrack->expecting == 0) | 852 | if (!conntrack->master && conntrack->expecting == 0) |
853 | conntrack->helper = ip_ct_find_helper(newreply); | 853 | conntrack->helper = ip_ct_find_helper(newreply); |
854 | WRITE_UNLOCK(&ip_conntrack_lock); | 854 | write_unlock_bh(&ip_conntrack_lock); |
855 | } | 855 | } |
856 | 856 | ||
857 | int ip_conntrack_helper_register(struct ip_conntrack_helper *me) | 857 | int ip_conntrack_helper_register(struct ip_conntrack_helper *me) |
858 | { | 858 | { |
859 | BUG_ON(me->timeout == 0); | 859 | BUG_ON(me->timeout == 0); |
860 | WRITE_LOCK(&ip_conntrack_lock); | 860 | write_lock_bh(&ip_conntrack_lock); |
861 | list_prepend(&helpers, me); | 861 | list_prepend(&helpers, me); |
862 | WRITE_UNLOCK(&ip_conntrack_lock); | 862 | write_unlock_bh(&ip_conntrack_lock); |
863 | 863 | ||
864 | return 0; | 864 | return 0; |
865 | } | 865 | } |
@@ -878,7 +878,7 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me) | |||
878 | struct ip_conntrack_expect *exp, *tmp; | 878 | struct ip_conntrack_expect *exp, *tmp; |
879 | 879 | ||
880 | /* Need write lock here, to delete helper. */ | 880 | /* Need write lock here, to delete helper. */ |
881 | WRITE_LOCK(&ip_conntrack_lock); | 881 | write_lock_bh(&ip_conntrack_lock); |
882 | LIST_DELETE(&helpers, me); | 882 | LIST_DELETE(&helpers, me); |
883 | 883 | ||
884 | /* Get rid of expectations */ | 884 | /* Get rid of expectations */ |
@@ -893,7 +893,7 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me) | |||
893 | for (i = 0; i < ip_conntrack_htable_size; i++) | 893 | for (i = 0; i < ip_conntrack_htable_size; i++) |
894 | LIST_FIND_W(&ip_conntrack_hash[i], unhelp, | 894 | LIST_FIND_W(&ip_conntrack_hash[i], unhelp, |
895 | struct ip_conntrack_tuple_hash *, me); | 895 | struct ip_conntrack_tuple_hash *, me); |
896 | WRITE_UNLOCK(&ip_conntrack_lock); | 896 | write_unlock_bh(&ip_conntrack_lock); |
897 | 897 | ||
898 | /* Someone could be still looking at the helper in a bh. */ | 898 | /* Someone could be still looking at the helper in a bh. */ |
899 | synchronize_net(); | 899 | synchronize_net(); |
@@ -925,14 +925,14 @@ void ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
925 | ct->timeout.expires = extra_jiffies; | 925 | ct->timeout.expires = extra_jiffies; |
926 | ct_add_counters(ct, ctinfo, skb); | 926 | ct_add_counters(ct, ctinfo, skb); |
927 | } else { | 927 | } else { |
928 | WRITE_LOCK(&ip_conntrack_lock); | 928 | write_lock_bh(&ip_conntrack_lock); |
929 | /* Need del_timer for race avoidance (may already be dying). */ | 929 | /* Need del_timer for race avoidance (may already be dying). */ |
930 | if (del_timer(&ct->timeout)) { | 930 | if (del_timer(&ct->timeout)) { |
931 | ct->timeout.expires = jiffies + extra_jiffies; | 931 | ct->timeout.expires = jiffies + extra_jiffies; |
932 | add_timer(&ct->timeout); | 932 | add_timer(&ct->timeout); |
933 | } | 933 | } |
934 | ct_add_counters(ct, ctinfo, skb); | 934 | ct_add_counters(ct, ctinfo, skb); |
935 | WRITE_UNLOCK(&ip_conntrack_lock); | 935 | write_unlock_bh(&ip_conntrack_lock); |
936 | } | 936 | } |
937 | } | 937 | } |
938 | 938 | ||
@@ -997,7 +997,7 @@ get_next_corpse(int (*iter)(struct ip_conntrack *i, void *data), | |||
997 | { | 997 | { |
998 | struct ip_conntrack_tuple_hash *h = NULL; | 998 | struct ip_conntrack_tuple_hash *h = NULL; |
999 | 999 | ||
1000 | WRITE_LOCK(&ip_conntrack_lock); | 1000 | write_lock_bh(&ip_conntrack_lock); |
1001 | for (; *bucket < ip_conntrack_htable_size; (*bucket)++) { | 1001 | for (; *bucket < ip_conntrack_htable_size; (*bucket)++) { |
1002 | h = LIST_FIND_W(&ip_conntrack_hash[*bucket], do_iter, | 1002 | h = LIST_FIND_W(&ip_conntrack_hash[*bucket], do_iter, |
1003 | struct ip_conntrack_tuple_hash *, iter, data); | 1003 | struct ip_conntrack_tuple_hash *, iter, data); |
@@ -1009,7 +1009,7 @@ get_next_corpse(int (*iter)(struct ip_conntrack *i, void *data), | |||
1009 | struct ip_conntrack_tuple_hash *, iter, data); | 1009 | struct ip_conntrack_tuple_hash *, iter, data); |
1010 | if (h) | 1010 | if (h) |
1011 | atomic_inc(&tuplehash_to_ctrack(h)->ct_general.use); | 1011 | atomic_inc(&tuplehash_to_ctrack(h)->ct_general.use); |
1012 | WRITE_UNLOCK(&ip_conntrack_lock); | 1012 | write_unlock_bh(&ip_conntrack_lock); |
1013 | 1013 | ||
1014 | return h; | 1014 | return h; |
1015 | } | 1015 | } |
@@ -1201,14 +1201,14 @@ int __init ip_conntrack_init(void) | |||
1201 | } | 1201 | } |
1202 | 1202 | ||
1203 | /* Don't NEED lock here, but good form anyway. */ | 1203 | /* Don't NEED lock here, but good form anyway. */ |
1204 | WRITE_LOCK(&ip_conntrack_lock); | 1204 | write_lock_bh(&ip_conntrack_lock); |
1205 | for (i = 0; i < MAX_IP_CT_PROTO; i++) | 1205 | for (i = 0; i < MAX_IP_CT_PROTO; i++) |
1206 | ip_ct_protos[i] = &ip_conntrack_generic_protocol; | 1206 | ip_ct_protos[i] = &ip_conntrack_generic_protocol; |
1207 | /* Sew in builtin protocols. */ | 1207 | /* Sew in builtin protocols. */ |
1208 | ip_ct_protos[IPPROTO_TCP] = &ip_conntrack_protocol_tcp; | 1208 | ip_ct_protos[IPPROTO_TCP] = &ip_conntrack_protocol_tcp; |
1209 | ip_ct_protos[IPPROTO_UDP] = &ip_conntrack_protocol_udp; | 1209 | ip_ct_protos[IPPROTO_UDP] = &ip_conntrack_protocol_udp; |
1210 | ip_ct_protos[IPPROTO_ICMP] = &ip_conntrack_protocol_icmp; | 1210 | ip_ct_protos[IPPROTO_ICMP] = &ip_conntrack_protocol_icmp; |
1211 | WRITE_UNLOCK(&ip_conntrack_lock); | 1211 | write_unlock_bh(&ip_conntrack_lock); |
1212 | 1212 | ||
1213 | for (i = 0; i < ip_conntrack_htable_size; i++) | 1213 | for (i = 0; i < ip_conntrack_htable_size; i++) |
1214 | INIT_LIST_HEAD(&ip_conntrack_hash[i]); | 1214 | INIT_LIST_HEAD(&ip_conntrack_hash[i]); |
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c index dd86503aa788..fea6dd2a00b6 100644 --- a/net/ipv4/netfilter/ip_conntrack_ftp.c +++ b/net/ipv4/netfilter/ip_conntrack_ftp.c | |||
@@ -16,7 +16,6 @@ | |||
16 | #include <net/checksum.h> | 16 | #include <net/checksum.h> |
17 | #include <net/tcp.h> | 17 | #include <net/tcp.h> |
18 | 18 | ||
19 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
20 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> | 19 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
21 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | 20 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> |
22 | #include <linux/moduleparam.h> | 21 | #include <linux/moduleparam.h> |
@@ -28,7 +27,7 @@ MODULE_DESCRIPTION("ftp connection tracking helper"); | |||
28 | /* This is slow, but it's simple. --RR */ | 27 | /* This is slow, but it's simple. --RR */ |
29 | static char ftp_buffer[65536]; | 28 | static char ftp_buffer[65536]; |
30 | 29 | ||
31 | static DECLARE_LOCK(ip_ftp_lock); | 30 | static DEFINE_SPINLOCK(ip_ftp_lock); |
32 | 31 | ||
33 | #define MAX_PORTS 8 | 32 | #define MAX_PORTS 8 |
34 | static int ports[MAX_PORTS]; | 33 | static int ports[MAX_PORTS]; |
@@ -319,7 +318,7 @@ static int help(struct sk_buff **pskb, | |||
319 | } | 318 | } |
320 | datalen = (*pskb)->len - dataoff; | 319 | datalen = (*pskb)->len - dataoff; |
321 | 320 | ||
322 | LOCK_BH(&ip_ftp_lock); | 321 | spin_lock_bh(&ip_ftp_lock); |
323 | fb_ptr = skb_header_pointer(*pskb, dataoff, | 322 | fb_ptr = skb_header_pointer(*pskb, dataoff, |
324 | (*pskb)->len - dataoff, ftp_buffer); | 323 | (*pskb)->len - dataoff, ftp_buffer); |
325 | BUG_ON(fb_ptr == NULL); | 324 | BUG_ON(fb_ptr == NULL); |
@@ -442,7 +441,7 @@ out_update_nl: | |||
442 | if (ends_in_nl) | 441 | if (ends_in_nl) |
443 | update_nl_seq(seq, ct_ftp_info,dir); | 442 | update_nl_seq(seq, ct_ftp_info,dir); |
444 | out: | 443 | out: |
445 | UNLOCK_BH(&ip_ftp_lock); | 444 | spin_unlock_bh(&ip_ftp_lock); |
446 | return ret; | 445 | return ret; |
447 | } | 446 | } |
448 | 447 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c index 33cc7348b6ee..cd98772cc332 100644 --- a/net/ipv4/netfilter/ip_conntrack_irc.c +++ b/net/ipv4/netfilter/ip_conntrack_irc.c | |||
@@ -29,7 +29,6 @@ | |||
29 | #include <net/checksum.h> | 29 | #include <net/checksum.h> |
30 | #include <net/tcp.h> | 30 | #include <net/tcp.h> |
31 | 31 | ||
32 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
33 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> | 32 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
34 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | 33 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> |
35 | #include <linux/moduleparam.h> | 34 | #include <linux/moduleparam.h> |
@@ -41,7 +40,7 @@ static int max_dcc_channels = 8; | |||
41 | static unsigned int dcc_timeout = 300; | 40 | static unsigned int dcc_timeout = 300; |
42 | /* This is slow, but it's simple. --RR */ | 41 | /* This is slow, but it's simple. --RR */ |
43 | static char irc_buffer[65536]; | 42 | static char irc_buffer[65536]; |
44 | static DECLARE_LOCK(irc_buffer_lock); | 43 | static DEFINE_SPINLOCK(irc_buffer_lock); |
45 | 44 | ||
46 | unsigned int (*ip_nat_irc_hook)(struct sk_buff **pskb, | 45 | unsigned int (*ip_nat_irc_hook)(struct sk_buff **pskb, |
47 | enum ip_conntrack_info ctinfo, | 46 | enum ip_conntrack_info ctinfo, |
@@ -141,7 +140,7 @@ static int help(struct sk_buff **pskb, | |||
141 | if (dataoff >= (*pskb)->len) | 140 | if (dataoff >= (*pskb)->len) |
142 | return NF_ACCEPT; | 141 | return NF_ACCEPT; |
143 | 142 | ||
144 | LOCK_BH(&irc_buffer_lock); | 143 | spin_lock_bh(&irc_buffer_lock); |
145 | ib_ptr = skb_header_pointer(*pskb, dataoff, | 144 | ib_ptr = skb_header_pointer(*pskb, dataoff, |
146 | (*pskb)->len - dataoff, irc_buffer); | 145 | (*pskb)->len - dataoff, irc_buffer); |
147 | BUG_ON(ib_ptr == NULL); | 146 | BUG_ON(ib_ptr == NULL); |
@@ -237,7 +236,7 @@ static int help(struct sk_buff **pskb, | |||
237 | } /* while data < ... */ | 236 | } /* while data < ... */ |
238 | 237 | ||
239 | out: | 238 | out: |
240 | UNLOCK_BH(&irc_buffer_lock); | 239 | spin_unlock_bh(&irc_buffer_lock); |
241 | return ret; | 240 | return ret; |
242 | } | 241 | } |
243 | 242 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c index ff8c34a860ff..31d75390bf12 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c | |||
@@ -26,7 +26,6 @@ | |||
26 | 26 | ||
27 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 27 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
28 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> | 28 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> |
29 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
30 | 29 | ||
31 | #if 0 | 30 | #if 0 |
32 | #define DEBUGP(format, ...) printk(format, ## __VA_ARGS__) | 31 | #define DEBUGP(format, ...) printk(format, ## __VA_ARGS__) |
@@ -35,7 +34,7 @@ | |||
35 | #endif | 34 | #endif |
36 | 35 | ||
37 | /* Protects conntrack->proto.sctp */ | 36 | /* Protects conntrack->proto.sctp */ |
38 | static DECLARE_RWLOCK(sctp_lock); | 37 | static DEFINE_RWLOCK(sctp_lock); |
39 | 38 | ||
40 | /* FIXME: Examine ipfilter's timeouts and conntrack transitions more | 39 | /* FIXME: Examine ipfilter's timeouts and conntrack transitions more |
41 | closely. They're more complex. --RR | 40 | closely. They're more complex. --RR |
@@ -199,9 +198,9 @@ static int sctp_print_conntrack(struct seq_file *s, | |||
199 | DEBUGP(__FUNCTION__); | 198 | DEBUGP(__FUNCTION__); |
200 | DEBUGP("\n"); | 199 | DEBUGP("\n"); |
201 | 200 | ||
202 | READ_LOCK(&sctp_lock); | 201 | read_lock_bh(&sctp_lock); |
203 | state = conntrack->proto.sctp.state; | 202 | state = conntrack->proto.sctp.state; |
204 | READ_UNLOCK(&sctp_lock); | 203 | read_unlock_bh(&sctp_lock); |
205 | 204 | ||
206 | return seq_printf(s, "%s ", sctp_conntrack_names[state]); | 205 | return seq_printf(s, "%s ", sctp_conntrack_names[state]); |
207 | } | 206 | } |
@@ -343,13 +342,13 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
343 | 342 | ||
344 | oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; | 343 | oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; |
345 | for_each_sctp_chunk (skb, sch, _sch, offset, count) { | 344 | for_each_sctp_chunk (skb, sch, _sch, offset, count) { |
346 | WRITE_LOCK(&sctp_lock); | 345 | write_lock_bh(&sctp_lock); |
347 | 346 | ||
348 | /* Special cases of Verification tag check (Sec 8.5.1) */ | 347 | /* Special cases of Verification tag check (Sec 8.5.1) */ |
349 | if (sch->type == SCTP_CID_INIT) { | 348 | if (sch->type == SCTP_CID_INIT) { |
350 | /* Sec 8.5.1 (A) */ | 349 | /* Sec 8.5.1 (A) */ |
351 | if (sh->vtag != 0) { | 350 | if (sh->vtag != 0) { |
352 | WRITE_UNLOCK(&sctp_lock); | 351 | write_unlock_bh(&sctp_lock); |
353 | return -1; | 352 | return -1; |
354 | } | 353 | } |
355 | } else if (sch->type == SCTP_CID_ABORT) { | 354 | } else if (sch->type == SCTP_CID_ABORT) { |
@@ -357,7 +356,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
357 | if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) | 356 | if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) |
358 | && !(sh->vtag == conntrack->proto.sctp.vtag | 357 | && !(sh->vtag == conntrack->proto.sctp.vtag |
359 | [1 - CTINFO2DIR(ctinfo)])) { | 358 | [1 - CTINFO2DIR(ctinfo)])) { |
360 | WRITE_UNLOCK(&sctp_lock); | 359 | write_unlock_bh(&sctp_lock); |
361 | return -1; | 360 | return -1; |
362 | } | 361 | } |
363 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { | 362 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { |
@@ -366,13 +365,13 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
366 | && !(sh->vtag == conntrack->proto.sctp.vtag | 365 | && !(sh->vtag == conntrack->proto.sctp.vtag |
367 | [1 - CTINFO2DIR(ctinfo)] | 366 | [1 - CTINFO2DIR(ctinfo)] |
368 | && (sch->flags & 1))) { | 367 | && (sch->flags & 1))) { |
369 | WRITE_UNLOCK(&sctp_lock); | 368 | write_unlock_bh(&sctp_lock); |
370 | return -1; | 369 | return -1; |
371 | } | 370 | } |
372 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { | 371 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { |
373 | /* Sec 8.5.1 (D) */ | 372 | /* Sec 8.5.1 (D) */ |
374 | if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) { | 373 | if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) { |
375 | WRITE_UNLOCK(&sctp_lock); | 374 | write_unlock_bh(&sctp_lock); |
376 | return -1; | 375 | return -1; |
377 | } | 376 | } |
378 | } | 377 | } |
@@ -384,7 +383,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
384 | if (newconntrack == SCTP_CONNTRACK_MAX) { | 383 | if (newconntrack == SCTP_CONNTRACK_MAX) { |
385 | DEBUGP("ip_conntrack_sctp: Invalid dir=%i ctype=%u conntrack=%u\n", | 384 | DEBUGP("ip_conntrack_sctp: Invalid dir=%i ctype=%u conntrack=%u\n", |
386 | CTINFO2DIR(ctinfo), sch->type, oldsctpstate); | 385 | CTINFO2DIR(ctinfo), sch->type, oldsctpstate); |
387 | WRITE_UNLOCK(&sctp_lock); | 386 | write_unlock_bh(&sctp_lock); |
388 | return -1; | 387 | return -1; |
389 | } | 388 | } |
390 | 389 | ||
@@ -396,7 +395,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
396 | ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), | 395 | ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), |
397 | sizeof(_inithdr), &_inithdr); | 396 | sizeof(_inithdr), &_inithdr); |
398 | if (ih == NULL) { | 397 | if (ih == NULL) { |
399 | WRITE_UNLOCK(&sctp_lock); | 398 | write_unlock_bh(&sctp_lock); |
400 | return -1; | 399 | return -1; |
401 | } | 400 | } |
402 | DEBUGP("Setting vtag %x for dir %d\n", | 401 | DEBUGP("Setting vtag %x for dir %d\n", |
@@ -405,7 +404,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, | |||
405 | } | 404 | } |
406 | 405 | ||
407 | conntrack->proto.sctp.state = newconntrack; | 406 | conntrack->proto.sctp.state = newconntrack; |
408 | WRITE_UNLOCK(&sctp_lock); | 407 | write_unlock_bh(&sctp_lock); |
409 | } | 408 | } |
410 | 409 | ||
411 | ip_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]); | 410 | ip_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]); |
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index 721ddbf522b4..809dfed766d4 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c | |||
@@ -36,7 +36,6 @@ | |||
36 | #include <linux/netfilter_ipv4.h> | 36 | #include <linux/netfilter_ipv4.h> |
37 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 37 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
38 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> | 38 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> |
39 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
40 | 39 | ||
41 | #if 0 | 40 | #if 0 |
42 | #define DEBUGP printk | 41 | #define DEBUGP printk |
@@ -46,7 +45,7 @@ | |||
46 | #endif | 45 | #endif |
47 | 46 | ||
48 | /* Protects conntrack->proto.tcp */ | 47 | /* Protects conntrack->proto.tcp */ |
49 | static DECLARE_RWLOCK(tcp_lock); | 48 | static DEFINE_RWLOCK(tcp_lock); |
50 | 49 | ||
51 | /* "Be conservative in what you do, | 50 | /* "Be conservative in what you do, |
52 | be liberal in what you accept from others." | 51 | be liberal in what you accept from others." |
@@ -330,9 +329,9 @@ static int tcp_print_conntrack(struct seq_file *s, | |||
330 | { | 329 | { |
331 | enum tcp_conntrack state; | 330 | enum tcp_conntrack state; |
332 | 331 | ||
333 | READ_LOCK(&tcp_lock); | 332 | read_lock_bh(&tcp_lock); |
334 | state = conntrack->proto.tcp.state; | 333 | state = conntrack->proto.tcp.state; |
335 | READ_UNLOCK(&tcp_lock); | 334 | read_unlock_bh(&tcp_lock); |
336 | 335 | ||
337 | return seq_printf(s, "%s ", tcp_conntrack_names[state]); | 336 | return seq_printf(s, "%s ", tcp_conntrack_names[state]); |
338 | } | 337 | } |
@@ -738,14 +737,14 @@ void ip_conntrack_tcp_update(struct sk_buff *skb, | |||
738 | 737 | ||
739 | end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, iph, tcph); | 738 | end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, iph, tcph); |
740 | 739 | ||
741 | WRITE_LOCK(&tcp_lock); | 740 | write_lock_bh(&tcp_lock); |
742 | /* | 741 | /* |
743 | * We have to worry for the ack in the reply packet only... | 742 | * We have to worry for the ack in the reply packet only... |
744 | */ | 743 | */ |
745 | if (after(end, conntrack->proto.tcp.seen[dir].td_end)) | 744 | if (after(end, conntrack->proto.tcp.seen[dir].td_end)) |
746 | conntrack->proto.tcp.seen[dir].td_end = end; | 745 | conntrack->proto.tcp.seen[dir].td_end = end; |
747 | conntrack->proto.tcp.last_end = end; | 746 | conntrack->proto.tcp.last_end = end; |
748 | WRITE_UNLOCK(&tcp_lock); | 747 | write_unlock_bh(&tcp_lock); |
749 | DEBUGP("tcp_update: sender end=%u maxend=%u maxwin=%u scale=%i " | 748 | DEBUGP("tcp_update: sender end=%u maxend=%u maxwin=%u scale=%i " |
750 | "receiver end=%u maxend=%u maxwin=%u scale=%i\n", | 749 | "receiver end=%u maxend=%u maxwin=%u scale=%i\n", |
751 | sender->td_end, sender->td_maxend, sender->td_maxwin, | 750 | sender->td_end, sender->td_maxend, sender->td_maxwin, |
@@ -857,7 +856,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
857 | sizeof(_tcph), &_tcph); | 856 | sizeof(_tcph), &_tcph); |
858 | BUG_ON(th == NULL); | 857 | BUG_ON(th == NULL); |
859 | 858 | ||
860 | WRITE_LOCK(&tcp_lock); | 859 | write_lock_bh(&tcp_lock); |
861 | old_state = conntrack->proto.tcp.state; | 860 | old_state = conntrack->proto.tcp.state; |
862 | dir = CTINFO2DIR(ctinfo); | 861 | dir = CTINFO2DIR(ctinfo); |
863 | index = get_conntrack_index(th); | 862 | index = get_conntrack_index(th); |
@@ -879,7 +878,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
879 | * that the client cannot but retransmit its SYN and | 878 | * that the client cannot but retransmit its SYN and |
880 | * thus initiate a clean new session. | 879 | * thus initiate a clean new session. |
881 | */ | 880 | */ |
882 | WRITE_UNLOCK(&tcp_lock); | 881 | write_unlock_bh(&tcp_lock); |
883 | if (LOG_INVALID(IPPROTO_TCP)) | 882 | if (LOG_INVALID(IPPROTO_TCP)) |
884 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, | 883 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, |
885 | "ip_ct_tcp: killing out of sync session "); | 884 | "ip_ct_tcp: killing out of sync session "); |
@@ -894,7 +893,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
894 | conntrack->proto.tcp.last_end = | 893 | conntrack->proto.tcp.last_end = |
895 | segment_seq_plus_len(ntohl(th->seq), skb->len, iph, th); | 894 | segment_seq_plus_len(ntohl(th->seq), skb->len, iph, th); |
896 | 895 | ||
897 | WRITE_UNLOCK(&tcp_lock); | 896 | write_unlock_bh(&tcp_lock); |
898 | if (LOG_INVALID(IPPROTO_TCP)) | 897 | if (LOG_INVALID(IPPROTO_TCP)) |
899 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, | 898 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, |
900 | "ip_ct_tcp: invalid packet ignored "); | 899 | "ip_ct_tcp: invalid packet ignored "); |
@@ -904,7 +903,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
904 | DEBUGP("ip_ct_tcp: Invalid dir=%i index=%u ostate=%u\n", | 903 | DEBUGP("ip_ct_tcp: Invalid dir=%i index=%u ostate=%u\n", |
905 | dir, get_conntrack_index(th), | 904 | dir, get_conntrack_index(th), |
906 | old_state); | 905 | old_state); |
907 | WRITE_UNLOCK(&tcp_lock); | 906 | write_unlock_bh(&tcp_lock); |
908 | if (LOG_INVALID(IPPROTO_TCP)) | 907 | if (LOG_INVALID(IPPROTO_TCP)) |
909 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, | 908 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, |
910 | "ip_ct_tcp: invalid state "); | 909 | "ip_ct_tcp: invalid state "); |
@@ -918,13 +917,13 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
918 | conntrack->proto.tcp.seen[dir].td_end)) { | 917 | conntrack->proto.tcp.seen[dir].td_end)) { |
919 | /* Attempt to reopen a closed connection. | 918 | /* Attempt to reopen a closed connection. |
920 | * Delete this connection and look up again. */ | 919 | * Delete this connection and look up again. */ |
921 | WRITE_UNLOCK(&tcp_lock); | 920 | write_unlock_bh(&tcp_lock); |
922 | if (del_timer(&conntrack->timeout)) | 921 | if (del_timer(&conntrack->timeout)) |
923 | conntrack->timeout.function((unsigned long) | 922 | conntrack->timeout.function((unsigned long) |
924 | conntrack); | 923 | conntrack); |
925 | return -NF_REPEAT; | 924 | return -NF_REPEAT; |
926 | } else { | 925 | } else { |
927 | WRITE_UNLOCK(&tcp_lock); | 926 | write_unlock_bh(&tcp_lock); |
928 | if (LOG_INVALID(IPPROTO_TCP)) | 927 | if (LOG_INVALID(IPPROTO_TCP)) |
929 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, | 928 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, |
930 | "ip_ct_tcp: invalid SYN"); | 929 | "ip_ct_tcp: invalid SYN"); |
@@ -949,7 +948,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
949 | 948 | ||
950 | if (!tcp_in_window(&conntrack->proto.tcp, dir, index, | 949 | if (!tcp_in_window(&conntrack->proto.tcp, dir, index, |
951 | skb, iph, th)) { | 950 | skb, iph, th)) { |
952 | WRITE_UNLOCK(&tcp_lock); | 951 | write_unlock_bh(&tcp_lock); |
953 | return -NF_ACCEPT; | 952 | return -NF_ACCEPT; |
954 | } | 953 | } |
955 | in_window: | 954 | in_window: |
@@ -972,7 +971,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, | |||
972 | timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans | 971 | timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans |
973 | && *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans | 972 | && *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans |
974 | ? ip_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state]; | 973 | ? ip_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state]; |
975 | WRITE_UNLOCK(&tcp_lock); | 974 | write_unlock_bh(&tcp_lock); |
976 | 975 | ||
977 | if (!test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) { | 976 | if (!test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) { |
978 | /* If only reply is a RST, we can consider ourselves not to | 977 | /* If only reply is a RST, we can consider ourselves not to |
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index bc59f7b39805..42dc95102873 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -28,8 +28,8 @@ | |||
28 | #include <net/checksum.h> | 28 | #include <net/checksum.h> |
29 | #include <net/ip.h> | 29 | #include <net/ip.h> |
30 | 30 | ||
31 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock) | 31 | #define ASSERT_READ_LOCK(x) |
32 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_conntrack_lock) | 32 | #define ASSERT_WRITE_LOCK(x) |
33 | 33 | ||
34 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 34 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
35 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> | 35 | #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> |
@@ -119,7 +119,7 @@ static struct list_head *ct_get_idx(struct seq_file *seq, loff_t pos) | |||
119 | 119 | ||
120 | static void *ct_seq_start(struct seq_file *seq, loff_t *pos) | 120 | static void *ct_seq_start(struct seq_file *seq, loff_t *pos) |
121 | { | 121 | { |
122 | READ_LOCK(&ip_conntrack_lock); | 122 | read_lock_bh(&ip_conntrack_lock); |
123 | return ct_get_idx(seq, *pos); | 123 | return ct_get_idx(seq, *pos); |
124 | } | 124 | } |
125 | 125 | ||
@@ -131,7 +131,7 @@ static void *ct_seq_next(struct seq_file *s, void *v, loff_t *pos) | |||
131 | 131 | ||
132 | static void ct_seq_stop(struct seq_file *s, void *v) | 132 | static void ct_seq_stop(struct seq_file *s, void *v) |
133 | { | 133 | { |
134 | READ_UNLOCK(&ip_conntrack_lock); | 134 | read_unlock_bh(&ip_conntrack_lock); |
135 | } | 135 | } |
136 | 136 | ||
137 | static int ct_seq_show(struct seq_file *s, void *v) | 137 | static int ct_seq_show(struct seq_file *s, void *v) |
@@ -140,7 +140,7 @@ static int ct_seq_show(struct seq_file *s, void *v) | |||
140 | const struct ip_conntrack *conntrack = tuplehash_to_ctrack(hash); | 140 | const struct ip_conntrack *conntrack = tuplehash_to_ctrack(hash); |
141 | struct ip_conntrack_protocol *proto; | 141 | struct ip_conntrack_protocol *proto; |
142 | 142 | ||
143 | MUST_BE_READ_LOCKED(&ip_conntrack_lock); | 143 | ASSERT_READ_LOCK(&ip_conntrack_lock); |
144 | IP_NF_ASSERT(conntrack); | 144 | IP_NF_ASSERT(conntrack); |
145 | 145 | ||
146 | /* we only want to print DIR_ORIGINAL */ | 146 | /* we only want to print DIR_ORIGINAL */ |
@@ -239,7 +239,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos) | |||
239 | 239 | ||
240 | /* strange seq_file api calls stop even if we fail, | 240 | /* strange seq_file api calls stop even if we fail, |
241 | * thus we need to grab lock since stop unlocks */ | 241 | * thus we need to grab lock since stop unlocks */ |
242 | READ_LOCK(&ip_conntrack_lock); | 242 | read_lock_bh(&ip_conntrack_lock); |
243 | 243 | ||
244 | if (list_empty(e)) | 244 | if (list_empty(e)) |
245 | return NULL; | 245 | return NULL; |
@@ -267,7 +267,7 @@ static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos) | |||
267 | 267 | ||
268 | static void exp_seq_stop(struct seq_file *s, void *v) | 268 | static void exp_seq_stop(struct seq_file *s, void *v) |
269 | { | 269 | { |
270 | READ_UNLOCK(&ip_conntrack_lock); | 270 | read_unlock_bh(&ip_conntrack_lock); |
271 | } | 271 | } |
272 | 272 | ||
273 | static int exp_seq_show(struct seq_file *s, void *v) | 273 | static int exp_seq_show(struct seq_file *s, void *v) |
@@ -921,22 +921,22 @@ int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto) | |||
921 | { | 921 | { |
922 | int ret = 0; | 922 | int ret = 0; |
923 | 923 | ||
924 | WRITE_LOCK(&ip_conntrack_lock); | 924 | write_lock_bh(&ip_conntrack_lock); |
925 | if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) { | 925 | if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) { |
926 | ret = -EBUSY; | 926 | ret = -EBUSY; |
927 | goto out; | 927 | goto out; |
928 | } | 928 | } |
929 | ip_ct_protos[proto->proto] = proto; | 929 | ip_ct_protos[proto->proto] = proto; |
930 | out: | 930 | out: |
931 | WRITE_UNLOCK(&ip_conntrack_lock); | 931 | write_unlock_bh(&ip_conntrack_lock); |
932 | return ret; | 932 | return ret; |
933 | } | 933 | } |
934 | 934 | ||
935 | void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto) | 935 | void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto) |
936 | { | 936 | { |
937 | WRITE_LOCK(&ip_conntrack_lock); | 937 | write_lock_bh(&ip_conntrack_lock); |
938 | ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol; | 938 | ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol; |
939 | WRITE_UNLOCK(&ip_conntrack_lock); | 939 | write_unlock_bh(&ip_conntrack_lock); |
940 | 940 | ||
941 | /* Somebody could be still looking at the proto in bh. */ | 941 | /* Somebody could be still looking at the proto in bh. */ |
942 | synchronize_net(); | 942 | synchronize_net(); |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 9fc6f93af0dd..739b6dde1c82 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
@@ -22,8 +22,8 @@ | |||
22 | #include <linux/udp.h> | 22 | #include <linux/udp.h> |
23 | #include <linux/jhash.h> | 23 | #include <linux/jhash.h> |
24 | 24 | ||
25 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock) | 25 | #define ASSERT_READ_LOCK(x) |
26 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock) | 26 | #define ASSERT_WRITE_LOCK(x) |
27 | 27 | ||
28 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 28 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
29 | #include <linux/netfilter_ipv4/ip_conntrack_core.h> | 29 | #include <linux/netfilter_ipv4/ip_conntrack_core.h> |
@@ -41,7 +41,7 @@ | |||
41 | #define DEBUGP(format, args...) | 41 | #define DEBUGP(format, args...) |
42 | #endif | 42 | #endif |
43 | 43 | ||
44 | DECLARE_RWLOCK(ip_nat_lock); | 44 | DEFINE_RWLOCK(ip_nat_lock); |
45 | 45 | ||
46 | /* Calculated at init based on memory size */ | 46 | /* Calculated at init based on memory size */ |
47 | static unsigned int ip_nat_htable_size; | 47 | static unsigned int ip_nat_htable_size; |
@@ -65,9 +65,9 @@ static void ip_nat_cleanup_conntrack(struct ip_conntrack *conn) | |||
65 | if (!(conn->status & IPS_NAT_DONE_MASK)) | 65 | if (!(conn->status & IPS_NAT_DONE_MASK)) |
66 | return; | 66 | return; |
67 | 67 | ||
68 | WRITE_LOCK(&ip_nat_lock); | 68 | write_lock_bh(&ip_nat_lock); |
69 | list_del(&conn->nat.info.bysource); | 69 | list_del(&conn->nat.info.bysource); |
70 | WRITE_UNLOCK(&ip_nat_lock); | 70 | write_unlock_bh(&ip_nat_lock); |
71 | } | 71 | } |
72 | 72 | ||
73 | /* We do checksum mangling, so if they were wrong before they're still | 73 | /* We do checksum mangling, so if they were wrong before they're still |
@@ -142,7 +142,7 @@ find_appropriate_src(const struct ip_conntrack_tuple *tuple, | |||
142 | unsigned int h = hash_by_src(tuple); | 142 | unsigned int h = hash_by_src(tuple); |
143 | struct ip_conntrack *ct; | 143 | struct ip_conntrack *ct; |
144 | 144 | ||
145 | READ_LOCK(&ip_nat_lock); | 145 | read_lock_bh(&ip_nat_lock); |
146 | list_for_each_entry(ct, &bysource[h], nat.info.bysource) { | 146 | list_for_each_entry(ct, &bysource[h], nat.info.bysource) { |
147 | if (same_src(ct, tuple)) { | 147 | if (same_src(ct, tuple)) { |
148 | /* Copy source part from reply tuple. */ | 148 | /* Copy source part from reply tuple. */ |
@@ -151,12 +151,12 @@ find_appropriate_src(const struct ip_conntrack_tuple *tuple, | |||
151 | result->dst = tuple->dst; | 151 | result->dst = tuple->dst; |
152 | 152 | ||
153 | if (in_range(result, range)) { | 153 | if (in_range(result, range)) { |
154 | READ_UNLOCK(&ip_nat_lock); | 154 | read_unlock_bh(&ip_nat_lock); |
155 | return 1; | 155 | return 1; |
156 | } | 156 | } |
157 | } | 157 | } |
158 | } | 158 | } |
159 | READ_UNLOCK(&ip_nat_lock); | 159 | read_unlock_bh(&ip_nat_lock); |
160 | return 0; | 160 | return 0; |
161 | } | 161 | } |
162 | 162 | ||
@@ -297,9 +297,9 @@ ip_nat_setup_info(struct ip_conntrack *conntrack, | |||
297 | unsigned int srchash | 297 | unsigned int srchash |
298 | = hash_by_src(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL] | 298 | = hash_by_src(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL] |
299 | .tuple); | 299 | .tuple); |
300 | WRITE_LOCK(&ip_nat_lock); | 300 | write_lock_bh(&ip_nat_lock); |
301 | list_add(&info->bysource, &bysource[srchash]); | 301 | list_add(&info->bysource, &bysource[srchash]); |
302 | WRITE_UNLOCK(&ip_nat_lock); | 302 | write_unlock_bh(&ip_nat_lock); |
303 | } | 303 | } |
304 | 304 | ||
305 | /* It's done. */ | 305 | /* It's done. */ |
@@ -474,23 +474,23 @@ int ip_nat_protocol_register(struct ip_nat_protocol *proto) | |||
474 | { | 474 | { |
475 | int ret = 0; | 475 | int ret = 0; |
476 | 476 | ||
477 | WRITE_LOCK(&ip_nat_lock); | 477 | write_lock_bh(&ip_nat_lock); |
478 | if (ip_nat_protos[proto->protonum] != &ip_nat_unknown_protocol) { | 478 | if (ip_nat_protos[proto->protonum] != &ip_nat_unknown_protocol) { |
479 | ret = -EBUSY; | 479 | ret = -EBUSY; |
480 | goto out; | 480 | goto out; |
481 | } | 481 | } |
482 | ip_nat_protos[proto->protonum] = proto; | 482 | ip_nat_protos[proto->protonum] = proto; |
483 | out: | 483 | out: |
484 | WRITE_UNLOCK(&ip_nat_lock); | 484 | write_unlock_bh(&ip_nat_lock); |
485 | return ret; | 485 | return ret; |
486 | } | 486 | } |
487 | 487 | ||
488 | /* Noone stores the protocol anywhere; simply delete it. */ | 488 | /* Noone stores the protocol anywhere; simply delete it. */ |
489 | void ip_nat_protocol_unregister(struct ip_nat_protocol *proto) | 489 | void ip_nat_protocol_unregister(struct ip_nat_protocol *proto) |
490 | { | 490 | { |
491 | WRITE_LOCK(&ip_nat_lock); | 491 | write_lock_bh(&ip_nat_lock); |
492 | ip_nat_protos[proto->protonum] = &ip_nat_unknown_protocol; | 492 | ip_nat_protos[proto->protonum] = &ip_nat_unknown_protocol; |
493 | WRITE_UNLOCK(&ip_nat_lock); | 493 | write_unlock_bh(&ip_nat_lock); |
494 | 494 | ||
495 | /* Someone could be still looking at the proto in a bh. */ | 495 | /* Someone could be still looking at the proto in a bh. */ |
496 | synchronize_net(); | 496 | synchronize_net(); |
@@ -509,13 +509,13 @@ int __init ip_nat_init(void) | |||
509 | return -ENOMEM; | 509 | return -ENOMEM; |
510 | 510 | ||
511 | /* Sew in builtin protocols. */ | 511 | /* Sew in builtin protocols. */ |
512 | WRITE_LOCK(&ip_nat_lock); | 512 | write_lock_bh(&ip_nat_lock); |
513 | for (i = 0; i < MAX_IP_NAT_PROTO; i++) | 513 | for (i = 0; i < MAX_IP_NAT_PROTO; i++) |
514 | ip_nat_protos[i] = &ip_nat_unknown_protocol; | 514 | ip_nat_protos[i] = &ip_nat_unknown_protocol; |
515 | ip_nat_protos[IPPROTO_TCP] = &ip_nat_protocol_tcp; | 515 | ip_nat_protos[IPPROTO_TCP] = &ip_nat_protocol_tcp; |
516 | ip_nat_protos[IPPROTO_UDP] = &ip_nat_protocol_udp; | 516 | ip_nat_protos[IPPROTO_UDP] = &ip_nat_protocol_udp; |
517 | ip_nat_protos[IPPROTO_ICMP] = &ip_nat_protocol_icmp; | 517 | ip_nat_protos[IPPROTO_ICMP] = &ip_nat_protocol_icmp; |
518 | WRITE_UNLOCK(&ip_nat_lock); | 518 | write_unlock_bh(&ip_nat_lock); |
519 | 519 | ||
520 | for (i = 0; i < ip_nat_htable_size; i++) { | 520 | for (i = 0; i < ip_nat_htable_size; i++) { |
521 | INIT_LIST_HEAD(&bysource[i]); | 521 | INIT_LIST_HEAD(&bysource[i]); |
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 1637b96d8c01..9cd51f180dcf 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
@@ -28,8 +28,8 @@ | |||
28 | #include <net/tcp.h> | 28 | #include <net/tcp.h> |
29 | #include <net/udp.h> | 29 | #include <net/udp.h> |
30 | 30 | ||
31 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock) | 31 | #define ASSERT_READ_LOCK(x) |
32 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock) | 32 | #define ASSERT_WRITE_LOCK(x) |
33 | 33 | ||
34 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 34 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
35 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> | 35 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
@@ -47,7 +47,7 @@ | |||
47 | #define DUMP_OFFSET(x) | 47 | #define DUMP_OFFSET(x) |
48 | #endif | 48 | #endif |
49 | 49 | ||
50 | static DECLARE_LOCK(ip_nat_seqofs_lock); | 50 | static DEFINE_SPINLOCK(ip_nat_seqofs_lock); |
51 | 51 | ||
52 | /* Setup TCP sequence correction given this change at this sequence */ | 52 | /* Setup TCP sequence correction given this change at this sequence */ |
53 | static inline void | 53 | static inline void |
@@ -70,7 +70,7 @@ adjust_tcp_sequence(u32 seq, | |||
70 | DEBUGP("ip_nat_resize_packet: Seq_offset before: "); | 70 | DEBUGP("ip_nat_resize_packet: Seq_offset before: "); |
71 | DUMP_OFFSET(this_way); | 71 | DUMP_OFFSET(this_way); |
72 | 72 | ||
73 | LOCK_BH(&ip_nat_seqofs_lock); | 73 | spin_lock_bh(&ip_nat_seqofs_lock); |
74 | 74 | ||
75 | /* SYN adjust. If it's uninitialized, or this is after last | 75 | /* SYN adjust. If it's uninitialized, or this is after last |
76 | * correction, record it: we don't handle more than one | 76 | * correction, record it: we don't handle more than one |
@@ -82,7 +82,7 @@ adjust_tcp_sequence(u32 seq, | |||
82 | this_way->offset_before = this_way->offset_after; | 82 | this_way->offset_before = this_way->offset_after; |
83 | this_way->offset_after += sizediff; | 83 | this_way->offset_after += sizediff; |
84 | } | 84 | } |
85 | UNLOCK_BH(&ip_nat_seqofs_lock); | 85 | spin_unlock_bh(&ip_nat_seqofs_lock); |
86 | 86 | ||
87 | DEBUGP("ip_nat_resize_packet: Seq_offset after: "); | 87 | DEBUGP("ip_nat_resize_packet: Seq_offset after: "); |
88 | DUMP_OFFSET(this_way); | 88 | DUMP_OFFSET(this_way); |
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c index 581f097f5a24..60d70fa41a15 100644 --- a/net/ipv4/netfilter/ip_nat_rule.c +++ b/net/ipv4/netfilter/ip_nat_rule.c | |||
@@ -19,8 +19,8 @@ | |||
19 | #include <net/route.h> | 19 | #include <net/route.h> |
20 | #include <linux/bitops.h> | 20 | #include <linux/bitops.h> |
21 | 21 | ||
22 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock) | 22 | #define ASSERT_READ_LOCK(x) |
23 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock) | 23 | #define ASSERT_WRITE_LOCK(x) |
24 | 24 | ||
25 | #include <linux/netfilter_ipv4/ip_tables.h> | 25 | #include <linux/netfilter_ipv4/ip_tables.h> |
26 | #include <linux/netfilter_ipv4/ip_nat.h> | 26 | #include <linux/netfilter_ipv4/ip_nat.h> |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 79f56f662b33..bc59d0d6e89e 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
@@ -31,8 +31,8 @@ | |||
31 | #include <net/checksum.h> | 31 | #include <net/checksum.h> |
32 | #include <linux/spinlock.h> | 32 | #include <linux/spinlock.h> |
33 | 33 | ||
34 | #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock) | 34 | #define ASSERT_READ_LOCK(x) |
35 | #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock) | 35 | #define ASSERT_WRITE_LOCK(x) |
36 | 36 | ||
37 | #include <linux/netfilter_ipv4/ip_nat.h> | 37 | #include <linux/netfilter_ipv4/ip_nat.h> |
38 | #include <linux/netfilter_ipv4/ip_nat_rule.h> | 38 | #include <linux/netfilter_ipv4/ip_nat_rule.h> |
@@ -373,7 +373,6 @@ static int init_or_cleanup(int init) | |||
373 | cleanup_rule_init: | 373 | cleanup_rule_init: |
374 | ip_nat_rule_cleanup(); | 374 | ip_nat_rule_cleanup(); |
375 | cleanup_nothing: | 375 | cleanup_nothing: |
376 | MUST_BE_READ_WRITE_UNLOCKED(&ip_nat_lock); | ||
377 | return ret; | 376 | return ret; |
378 | } | 377 | } |
379 | 378 | ||
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 8a54f92b8496..c88dfcd38c56 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -67,7 +67,6 @@ static DECLARE_MUTEX(ipt_mutex); | |||
67 | /* Must have mutex */ | 67 | /* Must have mutex */ |
68 | #define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) | 68 | #define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) |
69 | #define ASSERT_WRITE_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) | 69 | #define ASSERT_WRITE_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) |
70 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
71 | #include <linux/netfilter_ipv4/listhelp.h> | 70 | #include <linux/netfilter_ipv4/listhelp.h> |
72 | 71 | ||
73 | #if 0 | 72 | #if 0 |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 0f12e3a3dc73..dc4362b57cfa 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -29,7 +29,6 @@ | |||
29 | #include <linux/netfilter_ipv4/ip_tables.h> | 29 | #include <linux/netfilter_ipv4/ip_tables.h> |
30 | #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> | 30 | #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h> |
31 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 31 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
32 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
33 | 32 | ||
34 | #define CLUSTERIP_VERSION "0.6" | 33 | #define CLUSTERIP_VERSION "0.6" |
35 | 34 | ||
@@ -41,6 +40,8 @@ | |||
41 | #define DEBUGP | 40 | #define DEBUGP |
42 | #endif | 41 | #endif |
43 | 42 | ||
43 | #define ASSERT_READ_LOCK(x) | ||
44 | |||
44 | MODULE_LICENSE("GPL"); | 45 | MODULE_LICENSE("GPL"); |
45 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | 46 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
46 | MODULE_DESCRIPTION("iptables target for CLUSTERIP"); | 47 | MODULE_DESCRIPTION("iptables target for CLUSTERIP"); |
@@ -67,7 +68,7 @@ static LIST_HEAD(clusterip_configs); | |||
67 | 68 | ||
68 | /* clusterip_lock protects the clusterip_configs list _AND_ the configurable | 69 | /* clusterip_lock protects the clusterip_configs list _AND_ the configurable |
69 | * data within all structurses (num_local_nodes, local_nodes[]) */ | 70 | * data within all structurses (num_local_nodes, local_nodes[]) */ |
70 | static DECLARE_RWLOCK(clusterip_lock); | 71 | static DEFINE_RWLOCK(clusterip_lock); |
71 | 72 | ||
72 | #ifdef CONFIG_PROC_FS | 73 | #ifdef CONFIG_PROC_FS |
73 | static struct file_operations clusterip_proc_fops; | 74 | static struct file_operations clusterip_proc_fops; |
@@ -82,9 +83,9 @@ clusterip_config_get(struct clusterip_config *c) { | |||
82 | static inline void | 83 | static inline void |
83 | clusterip_config_put(struct clusterip_config *c) { | 84 | clusterip_config_put(struct clusterip_config *c) { |
84 | if (atomic_dec_and_test(&c->refcount)) { | 85 | if (atomic_dec_and_test(&c->refcount)) { |
85 | WRITE_LOCK(&clusterip_lock); | 86 | write_lock_bh(&clusterip_lock); |
86 | list_del(&c->list); | 87 | list_del(&c->list); |
87 | WRITE_UNLOCK(&clusterip_lock); | 88 | write_unlock_bh(&clusterip_lock); |
88 | dev_mc_delete(c->dev, c->clustermac, ETH_ALEN, 0); | 89 | dev_mc_delete(c->dev, c->clustermac, ETH_ALEN, 0); |
89 | dev_put(c->dev); | 90 | dev_put(c->dev); |
90 | kfree(c); | 91 | kfree(c); |
@@ -97,7 +98,7 @@ __clusterip_config_find(u_int32_t clusterip) | |||
97 | { | 98 | { |
98 | struct list_head *pos; | 99 | struct list_head *pos; |
99 | 100 | ||
100 | MUST_BE_READ_LOCKED(&clusterip_lock); | 101 | ASSERT_READ_LOCK(&clusterip_lock); |
101 | list_for_each(pos, &clusterip_configs) { | 102 | list_for_each(pos, &clusterip_configs) { |
102 | struct clusterip_config *c = list_entry(pos, | 103 | struct clusterip_config *c = list_entry(pos, |
103 | struct clusterip_config, list); | 104 | struct clusterip_config, list); |
@@ -114,14 +115,14 @@ clusterip_config_find_get(u_int32_t clusterip) | |||
114 | { | 115 | { |
115 | struct clusterip_config *c; | 116 | struct clusterip_config *c; |
116 | 117 | ||
117 | READ_LOCK(&clusterip_lock); | 118 | read_lock_bh(&clusterip_lock); |
118 | c = __clusterip_config_find(clusterip); | 119 | c = __clusterip_config_find(clusterip); |
119 | if (!c) { | 120 | if (!c) { |
120 | READ_UNLOCK(&clusterip_lock); | 121 | read_unlock_bh(&clusterip_lock); |
121 | return NULL; | 122 | return NULL; |
122 | } | 123 | } |
123 | atomic_inc(&c->refcount); | 124 | atomic_inc(&c->refcount); |
124 | READ_UNLOCK(&clusterip_lock); | 125 | read_unlock_bh(&clusterip_lock); |
125 | 126 | ||
126 | return c; | 127 | return c; |
127 | } | 128 | } |
@@ -160,9 +161,9 @@ clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip, | |||
160 | c->pde->data = c; | 161 | c->pde->data = c; |
161 | #endif | 162 | #endif |
162 | 163 | ||
163 | WRITE_LOCK(&clusterip_lock); | 164 | write_lock_bh(&clusterip_lock); |
164 | list_add(&c->list, &clusterip_configs); | 165 | list_add(&c->list, &clusterip_configs); |
165 | WRITE_UNLOCK(&clusterip_lock); | 166 | write_unlock_bh(&clusterip_lock); |
166 | 167 | ||
167 | return c; | 168 | return c; |
168 | } | 169 | } |
@@ -172,25 +173,25 @@ clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum) | |||
172 | { | 173 | { |
173 | int i; | 174 | int i; |
174 | 175 | ||
175 | WRITE_LOCK(&clusterip_lock); | 176 | write_lock_bh(&clusterip_lock); |
176 | 177 | ||
177 | if (c->num_local_nodes >= CLUSTERIP_MAX_NODES | 178 | if (c->num_local_nodes >= CLUSTERIP_MAX_NODES |
178 | || nodenum > CLUSTERIP_MAX_NODES) { | 179 | || nodenum > CLUSTERIP_MAX_NODES) { |
179 | WRITE_UNLOCK(&clusterip_lock); | 180 | write_unlock_bh(&clusterip_lock); |
180 | return 1; | 181 | return 1; |
181 | } | 182 | } |
182 | 183 | ||
183 | /* check if we alrady have this number in our array */ | 184 | /* check if we alrady have this number in our array */ |
184 | for (i = 0; i < c->num_local_nodes; i++) { | 185 | for (i = 0; i < c->num_local_nodes; i++) { |
185 | if (c->local_nodes[i] == nodenum) { | 186 | if (c->local_nodes[i] == nodenum) { |
186 | WRITE_UNLOCK(&clusterip_lock); | 187 | write_unlock_bh(&clusterip_lock); |
187 | return 1; | 188 | return 1; |
188 | } | 189 | } |
189 | } | 190 | } |
190 | 191 | ||
191 | c->local_nodes[c->num_local_nodes++] = nodenum; | 192 | c->local_nodes[c->num_local_nodes++] = nodenum; |
192 | 193 | ||
193 | WRITE_UNLOCK(&clusterip_lock); | 194 | write_unlock_bh(&clusterip_lock); |
194 | return 0; | 195 | return 0; |
195 | } | 196 | } |
196 | 197 | ||
@@ -199,10 +200,10 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) | |||
199 | { | 200 | { |
200 | int i; | 201 | int i; |
201 | 202 | ||
202 | WRITE_LOCK(&clusterip_lock); | 203 | write_lock_bh(&clusterip_lock); |
203 | 204 | ||
204 | if (c->num_local_nodes <= 1 || nodenum > CLUSTERIP_MAX_NODES) { | 205 | if (c->num_local_nodes <= 1 || nodenum > CLUSTERIP_MAX_NODES) { |
205 | WRITE_UNLOCK(&clusterip_lock); | 206 | write_unlock_bh(&clusterip_lock); |
206 | return 1; | 207 | return 1; |
207 | } | 208 | } |
208 | 209 | ||
@@ -211,12 +212,12 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) | |||
211 | int size = sizeof(u_int16_t)*(c->num_local_nodes-(i+1)); | 212 | int size = sizeof(u_int16_t)*(c->num_local_nodes-(i+1)); |
212 | memmove(&c->local_nodes[i], &c->local_nodes[i+1], size); | 213 | memmove(&c->local_nodes[i], &c->local_nodes[i+1], size); |
213 | c->num_local_nodes--; | 214 | c->num_local_nodes--; |
214 | WRITE_UNLOCK(&clusterip_lock); | 215 | write_unlock_bh(&clusterip_lock); |
215 | return 0; | 216 | return 0; |
216 | } | 217 | } |
217 | } | 218 | } |
218 | 219 | ||
219 | WRITE_UNLOCK(&clusterip_lock); | 220 | write_unlock_bh(&clusterip_lock); |
220 | return 1; | 221 | return 1; |
221 | } | 222 | } |
222 | 223 | ||
@@ -286,21 +287,21 @@ clusterip_responsible(struct clusterip_config *config, u_int32_t hash) | |||
286 | { | 287 | { |
287 | int i; | 288 | int i; |
288 | 289 | ||
289 | READ_LOCK(&clusterip_lock); | 290 | read_lock_bh(&clusterip_lock); |
290 | 291 | ||
291 | if (config->num_local_nodes == 0) { | 292 | if (config->num_local_nodes == 0) { |
292 | READ_UNLOCK(&clusterip_lock); | 293 | read_unlock_bh(&clusterip_lock); |
293 | return 0; | 294 | return 0; |
294 | } | 295 | } |
295 | 296 | ||
296 | for (i = 0; i < config->num_local_nodes; i++) { | 297 | for (i = 0; i < config->num_local_nodes; i++) { |
297 | if (config->local_nodes[i] == hash) { | 298 | if (config->local_nodes[i] == hash) { |
298 | READ_UNLOCK(&clusterip_lock); | 299 | read_unlock_bh(&clusterip_lock); |
299 | return 1; | 300 | return 1; |
300 | } | 301 | } |
301 | } | 302 | } |
302 | 303 | ||
303 | READ_UNLOCK(&clusterip_lock); | 304 | read_unlock_bh(&clusterip_lock); |
304 | 305 | ||
305 | return 0; | 306 | return 0; |
306 | } | 307 | } |
@@ -578,7 +579,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) | |||
578 | struct clusterip_config *c = pde->data; | 579 | struct clusterip_config *c = pde->data; |
579 | unsigned int *nodeidx; | 580 | unsigned int *nodeidx; |
580 | 581 | ||
581 | READ_LOCK(&clusterip_lock); | 582 | read_lock_bh(&clusterip_lock); |
582 | if (*pos >= c->num_local_nodes) | 583 | if (*pos >= c->num_local_nodes) |
583 | return NULL; | 584 | return NULL; |
584 | 585 | ||
@@ -608,7 +609,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v) | |||
608 | { | 609 | { |
609 | kfree(v); | 610 | kfree(v); |
610 | 611 | ||
611 | READ_UNLOCK(&clusterip_lock); | 612 | read_unlock_bh(&clusterip_lock); |
612 | } | 613 | } |
613 | 614 | ||
614 | static int clusterip_seq_show(struct seq_file *s, void *v) | 615 | static int clusterip_seq_show(struct seq_file *s, void *v) |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 57e9f6cf1c36..91e74502c3d3 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -33,7 +33,7 @@ MODULE_DESCRIPTION("iptables MASQUERADE target module"); | |||
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | /* Lock protects masq region inside conntrack */ | 35 | /* Lock protects masq region inside conntrack */ |
36 | static DECLARE_RWLOCK(masq_lock); | 36 | static DEFINE_RWLOCK(masq_lock); |
37 | 37 | ||
38 | /* FIXME: Multiple targets. --RR */ | 38 | /* FIXME: Multiple targets. --RR */ |
39 | static int | 39 | static int |
@@ -103,9 +103,9 @@ masquerade_target(struct sk_buff **pskb, | |||
103 | return NF_DROP; | 103 | return NF_DROP; |
104 | } | 104 | } |
105 | 105 | ||
106 | WRITE_LOCK(&masq_lock); | 106 | write_lock_bh(&masq_lock); |
107 | ct->nat.masq_index = out->ifindex; | 107 | ct->nat.masq_index = out->ifindex; |
108 | WRITE_UNLOCK(&masq_lock); | 108 | write_unlock_bh(&masq_lock); |
109 | 109 | ||
110 | /* Transfer from original range. */ | 110 | /* Transfer from original range. */ |
111 | newrange = ((struct ip_nat_range) | 111 | newrange = ((struct ip_nat_range) |
@@ -122,9 +122,9 @@ device_cmp(struct ip_conntrack *i, void *ifindex) | |||
122 | { | 122 | { |
123 | int ret; | 123 | int ret; |
124 | 124 | ||
125 | READ_LOCK(&masq_lock); | 125 | read_lock_bh(&masq_lock); |
126 | ret = (i->nat.masq_index == (int)(long)ifindex); | 126 | ret = (i->nat.masq_index == (int)(long)ifindex); |
127 | READ_UNLOCK(&masq_lock); | 127 | read_unlock_bh(&masq_lock); |
128 | 128 | ||
129 | return ret; | 129 | return ret; |
130 | } | 130 | } |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 6f2cefbe16cd..52a0076302a7 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -56,7 +56,6 @@ | |||
56 | #include <linux/netfilter.h> | 56 | #include <linux/netfilter.h> |
57 | #include <linux/netfilter_ipv4/ip_tables.h> | 57 | #include <linux/netfilter_ipv4/ip_tables.h> |
58 | #include <linux/netfilter_ipv4/ipt_ULOG.h> | 58 | #include <linux/netfilter_ipv4/ipt_ULOG.h> |
59 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
60 | #include <net/sock.h> | 59 | #include <net/sock.h> |
61 | #include <linux/bitops.h> | 60 | #include <linux/bitops.h> |
62 | 61 | ||
@@ -99,8 +98,8 @@ typedef struct { | |||
99 | 98 | ||
100 | static ulog_buff_t ulog_buffers[ULOG_MAXNLGROUPS]; /* array of buffers */ | 99 | static ulog_buff_t ulog_buffers[ULOG_MAXNLGROUPS]; /* array of buffers */ |
101 | 100 | ||
102 | static struct sock *nflognl; /* our socket */ | 101 | static struct sock *nflognl; /* our socket */ |
103 | static DECLARE_LOCK(ulog_lock); /* spinlock */ | 102 | static DEFINE_SPINLOCK(ulog_lock); /* spinlock */ |
104 | 103 | ||
105 | /* send one ulog_buff_t to userspace */ | 104 | /* send one ulog_buff_t to userspace */ |
106 | static void ulog_send(unsigned int nlgroupnum) | 105 | static void ulog_send(unsigned int nlgroupnum) |
@@ -135,9 +134,9 @@ static void ulog_timer(unsigned long data) | |||
135 | 134 | ||
136 | /* lock to protect against somebody modifying our structure | 135 | /* lock to protect against somebody modifying our structure |
137 | * from ipt_ulog_target at the same time */ | 136 | * from ipt_ulog_target at the same time */ |
138 | LOCK_BH(&ulog_lock); | 137 | spin_lock_bh(&ulog_lock); |
139 | ulog_send(data); | 138 | ulog_send(data); |
140 | UNLOCK_BH(&ulog_lock); | 139 | spin_unlock_bh(&ulog_lock); |
141 | } | 140 | } |
142 | 141 | ||
143 | static struct sk_buff *ulog_alloc_skb(unsigned int size) | 142 | static struct sk_buff *ulog_alloc_skb(unsigned int size) |
@@ -193,7 +192,7 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
193 | 192 | ||
194 | ub = &ulog_buffers[groupnum]; | 193 | ub = &ulog_buffers[groupnum]; |
195 | 194 | ||
196 | LOCK_BH(&ulog_lock); | 195 | spin_lock_bh(&ulog_lock); |
197 | 196 | ||
198 | if (!ub->skb) { | 197 | if (!ub->skb) { |
199 | if (!(ub->skb = ulog_alloc_skb(size))) | 198 | if (!(ub->skb = ulog_alloc_skb(size))) |
@@ -278,7 +277,7 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
278 | ulog_send(groupnum); | 277 | ulog_send(groupnum); |
279 | } | 278 | } |
280 | 279 | ||
281 | UNLOCK_BH(&ulog_lock); | 280 | spin_unlock_bh(&ulog_lock); |
282 | 281 | ||
283 | return; | 282 | return; |
284 | 283 | ||
@@ -288,7 +287,7 @@ nlmsg_failure: | |||
288 | alloc_failure: | 287 | alloc_failure: |
289 | PRINTR("ipt_ULOG: Error building netlink message\n"); | 288 | PRINTR("ipt_ULOG: Error building netlink message\n"); |
290 | 289 | ||
291 | UNLOCK_BH(&ulog_lock); | 290 | spin_unlock_bh(&ulog_lock); |
292 | } | 291 | } |
293 | 292 | ||
294 | static unsigned int ipt_ulog_target(struct sk_buff **pskb, | 293 | static unsigned int ipt_ulog_target(struct sk_buff **pskb, |
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c index f1937190cd77..564b49bfebcf 100644 --- a/net/ipv4/netfilter/ipt_hashlimit.c +++ b/net/ipv4/netfilter/ipt_hashlimit.c | |||
@@ -37,7 +37,6 @@ | |||
37 | 37 | ||
38 | #include <linux/netfilter_ipv4/ip_tables.h> | 38 | #include <linux/netfilter_ipv4/ip_tables.h> |
39 | #include <linux/netfilter_ipv4/ipt_hashlimit.h> | 39 | #include <linux/netfilter_ipv4/ipt_hashlimit.h> |
40 | #include <linux/netfilter_ipv4/lockhelp.h> | ||
41 | 40 | ||
42 | /* FIXME: this is just for IP_NF_ASSERRT */ | 41 | /* FIXME: this is just for IP_NF_ASSERRT */ |
43 | #include <linux/netfilter_ipv4/ip_conntrack.h> | 42 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
@@ -92,7 +91,7 @@ struct ipt_hashlimit_htable { | |||
92 | struct hlist_head hash[0]; /* hashtable itself */ | 91 | struct hlist_head hash[0]; /* hashtable itself */ |
93 | }; | 92 | }; |
94 | 93 | ||
95 | static DECLARE_LOCK(hashlimit_lock); /* protects htables list */ | 94 | static DEFINE_SPINLOCK(hashlimit_lock); /* protects htables list */ |
96 | static DECLARE_MUTEX(hlimit_mutex); /* additional checkentry protection */ | 95 | static DECLARE_MUTEX(hlimit_mutex); /* additional checkentry protection */ |
97 | static HLIST_HEAD(hashlimit_htables); | 96 | static HLIST_HEAD(hashlimit_htables); |
98 | static kmem_cache_t *hashlimit_cachep; | 97 | static kmem_cache_t *hashlimit_cachep; |
@@ -233,9 +232,9 @@ static int htable_create(struct ipt_hashlimit_info *minfo) | |||
233 | hinfo->timer.function = htable_gc; | 232 | hinfo->timer.function = htable_gc; |
234 | add_timer(&hinfo->timer); | 233 | add_timer(&hinfo->timer); |
235 | 234 | ||
236 | LOCK_BH(&hashlimit_lock); | 235 | spin_lock_bh(&hashlimit_lock); |
237 | hlist_add_head(&hinfo->node, &hashlimit_htables); | 236 | hlist_add_head(&hinfo->node, &hashlimit_htables); |
238 | UNLOCK_BH(&hashlimit_lock); | 237 | spin_unlock_bh(&hashlimit_lock); |
239 | 238 | ||
240 | return 0; | 239 | return 0; |
241 | } | 240 | } |
@@ -301,15 +300,15 @@ static struct ipt_hashlimit_htable *htable_find_get(char *name) | |||
301 | struct ipt_hashlimit_htable *hinfo; | 300 | struct ipt_hashlimit_htable *hinfo; |
302 | struct hlist_node *pos; | 301 | struct hlist_node *pos; |
303 | 302 | ||
304 | LOCK_BH(&hashlimit_lock); | 303 | spin_lock_bh(&hashlimit_lock); |
305 | hlist_for_each_entry(hinfo, pos, &hashlimit_htables, node) { | 304 | hlist_for_each_entry(hinfo, pos, &hashlimit_htables, node) { |
306 | if (!strcmp(name, hinfo->pde->name)) { | 305 | if (!strcmp(name, hinfo->pde->name)) { |
307 | atomic_inc(&hinfo->use); | 306 | atomic_inc(&hinfo->use); |
308 | UNLOCK_BH(&hashlimit_lock); | 307 | spin_unlock_bh(&hashlimit_lock); |
309 | return hinfo; | 308 | return hinfo; |
310 | } | 309 | } |
311 | } | 310 | } |
312 | UNLOCK_BH(&hashlimit_lock); | 311 | spin_unlock_bh(&hashlimit_lock); |
313 | 312 | ||
314 | return NULL; | 313 | return NULL; |
315 | } | 314 | } |
@@ -317,9 +316,9 @@ static struct ipt_hashlimit_htable *htable_find_get(char *name) | |||
317 | static void htable_put(struct ipt_hashlimit_htable *hinfo) | 316 | static void htable_put(struct ipt_hashlimit_htable *hinfo) |
318 | { | 317 | { |
319 | if (atomic_dec_and_test(&hinfo->use)) { | 318 | if (atomic_dec_and_test(&hinfo->use)) { |
320 | LOCK_BH(&hashlimit_lock); | 319 | spin_lock_bh(&hashlimit_lock); |
321 | hlist_del(&hinfo->node); | 320 | hlist_del(&hinfo->node); |
322 | UNLOCK_BH(&hashlimit_lock); | 321 | spin_unlock_bh(&hashlimit_lock); |
323 | htable_destroy(hinfo); | 322 | htable_destroy(hinfo); |
324 | } | 323 | } |
325 | } | 324 | } |
diff --git a/net/ipv4/netfilter/ipt_helper.c b/net/ipv4/netfilter/ipt_helper.c index 33fdf364d3d3..3e7dd014de43 100644 --- a/net/ipv4/netfilter/ipt_helper.c +++ b/net/ipv4/netfilter/ipt_helper.c | |||
@@ -53,7 +53,7 @@ match(const struct sk_buff *skb, | |||
53 | return ret; | 53 | return ret; |
54 | } | 54 | } |
55 | 55 | ||
56 | READ_LOCK(&ip_conntrack_lock); | 56 | read_lock_bh(&ip_conntrack_lock); |
57 | if (!ct->master->helper) { | 57 | if (!ct->master->helper) { |
58 | DEBUGP("ipt_helper: master ct %p has no helper\n", | 58 | DEBUGP("ipt_helper: master ct %p has no helper\n", |
59 | exp->expectant); | 59 | exp->expectant); |
@@ -69,7 +69,7 @@ match(const struct sk_buff *skb, | |||
69 | ret ^= !strncmp(ct->master->helper->name, info->name, | 69 | ret ^= !strncmp(ct->master->helper->name, info->name, |
70 | strlen(ct->master->helper->name)); | 70 | strlen(ct->master->helper->name)); |
71 | out_unlock: | 71 | out_unlock: |
72 | READ_UNLOCK(&ip_conntrack_lock); | 72 | read_unlock_bh(&ip_conntrack_lock); |
73 | return ret; | 73 | return ret; |
74 | } | 74 | } |
75 | 75 | ||