[NETFILTER]: nf_nat: properly use RCU for ip_nat_decode_session

Linux Kernel Mailing List Tue, 29 Jan 2008 05:21:10 -0800

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=051578ccbcdad3b24b621dfb652194e36759e8d5
Commit:     051578ccbcdad3b24b621dfb652194e36759e8d5
Parent:     1e796fda00f06bac584f0e4ad8750ab9430d79d3
Author:     Patrick McHardy <[EMAIL PROTECTED]>
AuthorDate: Mon Dec 17 22:42:51 2007 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Mon Jan 28 14:59:06 2008 -0800


    [NETFILTER]: nf_nat: properly use RCU for ip_nat_decode_session
    
    We need to use rcu_assign_pointer/rcu_dereference to avoid races.
    Also remove an obsolete CONFIG_IP_NAT_NEEDED ifdef.
    
    Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 include/linux/netfilter.h              |   11 ++++++++---
 net/ipv4/netfilter/nf_nat_standalone.c |    6 +++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 0947424..1a84873 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -256,11 +256,16 @@ extern void (*ip_nat_decode_session)(struct sk_buff *, 
struct flowi *);
 static inline void
 nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family)
 {
-#if defined(CONFIG_IP_NF_NAT_NEEDED) || defined(CONFIG_NF_NAT_NEEDED)
+#ifdef CONFIG_NF_NAT_NEEDED
        void (*decodefn)(struct sk_buff *, struct flowi *);
 
-       if (family == AF_INET && (decodefn = ip_nat_decode_session) != NULL)
-               decodefn(skb, fl);
+       if (family == AF_INET) {
+               rcu_read_lock();
+               decodefn = rcu_dereference(ip_nat_decode_session);
+               if (decodefn)
+                       decodefn(skb, fl);
+               rcu_read_unlock();
+       }
 #endif
 }
 
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c 
b/net/ipv4/netfilter/nf_nat_standalone.c
index a2b02f0..99b2c78 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -332,7 +332,7 @@ static int __init nf_nat_standalone_init(void)
 
 #ifdef CONFIG_XFRM
        BUG_ON(ip_nat_decode_session != NULL);
-       ip_nat_decode_session = nat_decode_session;
+       rcu_assign_pointer(ip_nat_decode_session, nat_decode_session);
 #endif
        ret = nf_nat_rule_init();
        if (ret < 0) {
@@ -350,7 +350,7 @@ static int __init nf_nat_standalone_init(void)
        nf_nat_rule_cleanup();
  cleanup_decode_session:
 #ifdef CONFIG_XFRM
-       ip_nat_decode_session = NULL;
+       rcu_assign_pointer(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        return ret;
@@ -361,7 +361,7 @@ static void __exit nf_nat_standalone_fini(void)
        nf_unregister_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
        nf_nat_rule_cleanup();
 #ifdef CONFIG_XFRM
-       ip_nat_decode_session = NULL;
+       rcu_assign_pointer(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        /* Conntrack caches are unregistered in nf_conntrack_cleanup */
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[NETFILTER]: nf_nat: properly use RCU for ip_nat_decode_session

Reply via email to