From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 02/12: nf_conntrack: use hlist_add_head_rcu() in nf_conntrack_set_hashsize()
Date: Thu, 26 Mar 2009 20:02:33 +0100 (MET) [thread overview]
Message-ID: <20090326190227.23365.25636.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20090326190225.23365.96356.sendpatchset@x2.localnet>
commit 78f3648601fdc7a8166748bbd6d0555a88efa24a
Author: Eric Dumazet <dada1@cosmosbay.com>
Date: Wed Mar 25 17:24:34 2009 +0100
netfilter: nf_conntrack: use hlist_add_head_rcu() in nf_conntrack_set_hashsize()
Using hlist_add_head() in nf_conntrack_set_hashsize() is quite dangerous.
Without any barrier, one CPU could see a loop while doing its lookup.
Its true new table cannot be seen by another cpu, but previous table is still
readable.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 55befe5..54e983f 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1121,7 +1121,7 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
struct nf_conntrack_tuple_hash, hnode);
hlist_del_rcu(&h->hnode);
bucket = __hash_conntrack(&h->tuple, hashsize, rnd);
- hlist_add_head(&h->hnode, &hash[bucket]);
+ hlist_add_head_rcu(&h->hnode, &hash[bucket]);
}
}
old_size = nf_conntrack_htable_size;
next prev parent reply other threads:[~2009-03-26 19:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-26 19:02 netfilter 00/12: Netfilter fixes/2.6.30 update part II Patrick McHardy
2009-03-26 19:02 ` netfilter 01/12: fix xt_LED build failure Patrick McHardy
2009-03-26 19:02 ` Patrick McHardy [this message]
2009-03-26 19:02 ` netfilter 03/12: factorize ifname_compare() Patrick McHardy
2009-03-26 19:02 ` netfilter 04/12: ctnetlink: add callbacks to the per-proto nlattrs Patrick McHardy
2009-03-26 19:02 ` netlink 05/12: add nla_policy_len() Patrick McHardy
2009-03-26 19:02 ` netfilter 06/12: limit the length of the helper name Patrick McHardy
2009-03-26 19:02 ` netfilter 07/12: {ip,ip6,arp}_tables: fix incorrect loop detection Patrick McHardy
2009-03-26 19:02 ` netfilter 08/12: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() Patrick McHardy
2009-03-26 19:02 ` netfilter 09/12: ctnetlink: allocate right-sized ctnetlink skb Patrick McHardy
2009-03-26 19:02 ` netfilter 10/12: nf_conntrack: add generic function to get len of generic policy Patrick McHardy
2009-03-26 19:02 ` netfilter 11/12: nf_conntrack: calculate per-protocol nlattr size Patrick McHardy
2009-03-26 19:02 ` ctnetlink 12/12: compute generic part of event more acurately Patrick McHardy
2009-03-27 5:46 ` netfilter 00/12: Netfilter fixes/2.6.30 update part II David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090326190227.23365.25636.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.