netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks - BMC/Intel-BMC/linux.git - Intel OpenBMC Linux kernel source tree (mirror)

diff options

author	Florian Westphal <fw@strlen.de>	2019-10-15 16:19:14 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-17 12:46:51 +0300
commit	49ca022bccc577d323526215092040fe3b13d68b (patch)
tree	c8f09c6d9710875110ac3d12dcd9f5fcf83a2f24 /net/netfilter/nf_conntrack_extend.c
parent	5ccbf891f073e9f4b74f30bdfa1976bbdb666214 (diff)
download	linux-49ca022bccc577d323526215092040fe3b13d68b.tar.xz

netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks

When dumping the unconfirmed lists, the cpu that is processing the ct entry can reallocate ct->ext at any time. Right now accessing the extensions from another CPU is ok provided we're holding rcu read lock: extension reallocation does use rcu. Once RCU isn't used anymore this becomes unsafe, so skip extensions for the unconfirmed list. Dumping the extension area for confirmed or dying conntracks is fine: no reallocations are allowed and list iteration holds appropriate locks that prevent ct (and this ct->ext) from getting free'd. v2: fix compiler warnings due to misue of 'const' and missing return statement (kbuild robot). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nf_conntrack_extend.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: