* [PATCH] netfilter: fix the race when initializing nf_ct_expect_hash_rnd
@ 2010-12-05 16:26 Changli Gao
2010-12-15 22:16 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Changli Gao @ 2010-12-05 16:26 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, David S. Miller, netdev, Changli Gao
Since nf_ct_expect_dst_hash() may be called without nf_conntrack_lock
locked, nf_ct_expect_hash_rnd should be initialized in the atomic way.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
---
net/netfilter/nf_conntrack_expect.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 46e8966..e2bb3ef 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -34,7 +34,6 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
static unsigned int nf_ct_expect_hash_rnd __read_mostly;
unsigned int nf_ct_expect_max __read_mostly;
-static int nf_ct_expect_hash_rnd_initted __read_mostly;
static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
@@ -77,10 +76,13 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
{
unsigned int hash;
- if (unlikely(!nf_ct_expect_hash_rnd_initted)) {
- get_random_bytes(&nf_ct_expect_hash_rnd,
- sizeof(nf_ct_expect_hash_rnd));
- nf_ct_expect_hash_rnd_initted = 1;
+ if (unlikely(!nf_ct_expect_hash_rnd)) {
+ unsigned int rand;
+
+ do {
+ get_random_bytes(&rand, sizeof(rand));
+ } while (!rand);
+ cmpxchg(&nf_ct_expect_hash_rnd, 0, rand);
}
hash = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] netfilter: fix the race when initializing nf_ct_expect_hash_rnd
2010-12-05 16:26 [PATCH] netfilter: fix the race when initializing nf_ct_expect_hash_rnd Changli Gao
@ 2010-12-15 22:16 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2010-12-15 22:16 UTC (permalink / raw)
To: Changli Gao; +Cc: netfilter-devel, David S. Miller, netdev
Am 05.12.2010 17:26, schrieb Changli Gao:
> Since nf_ct_expect_dst_hash() may be called without nf_conntrack_lock
> locked, nf_ct_expect_hash_rnd should be initialized in the atomic way.
>
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
> ---
> net/netfilter/nf_conntrack_expect.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
> diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
> index 46e8966..e2bb3ef 100644
> --- a/net/netfilter/nf_conntrack_expect.c
> +++ b/net/netfilter/nf_conntrack_expect.c
> @@ -34,7 +34,6 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
>
> static unsigned int nf_ct_expect_hash_rnd __read_mostly;
> unsigned int nf_ct_expect_max __read_mostly;
> -static int nf_ct_expect_hash_rnd_initted __read_mostly;
>
> static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
>
> @@ -77,10 +76,13 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
> {
> unsigned int hash;
>
> - if (unlikely(!nf_ct_expect_hash_rnd_initted)) {
> - get_random_bytes(&nf_ct_expect_hash_rnd,
> - sizeof(nf_ct_expect_hash_rnd));
> - nf_ct_expect_hash_rnd_initted = 1;
> + if (unlikely(!nf_ct_expect_hash_rnd)) {
> + unsigned int rand;
> +
> + do {
> + get_random_bytes(&rand, sizeof(rand));
> + } while (!rand);
> + cmpxchg(&nf_ct_expect_hash_rnd, 0, rand);
> }
I'd rather just re-use the conntrack hash random value.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-12-15 22:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-12-05 16:26 [PATCH] netfilter: fix the race when initializing nf_ct_expect_hash_rnd Changli Gao
2010-12-15 22:16 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).