Hi Feng,
2017-04-13 11:22 GMT+08:00 Gao Feng :
[...]
>> No, it's better to do this together, there are two invocations, it's not
>> good to
>> copy these codes twice.
>
> You mean " on &= ~ IPS_UNCHANGEABLE_MASK " and " off &= ~
> IPS_UNCHANGEABLE_MASK " seems
t;; Netfilter Developer Mailing List
> <netfilter-devel@vger.kernel.org>; cerne...@chromium.org
> Subject: Re: [PATCH nf] netfilter: ctnetlink: make it safer when updating
> ct->status
>
> Hi Feng,
>
> 2017-04-13 10:42 GMT+08:00 Gao Feng <gfree.w...@foxmail.com>:
>
Hi Feng,
2017-04-13 10:42 GMT+08:00 Gao Feng :
[...]
>> +static void
>> +__ctnetlink_change_status(struct nf_conn *ct, unsigned long on,
>> + unsigned long off)
>> +{
>> + unsigned long mask;
>> + unsigned int bit;
>> +
>> + for (bit = 0;
-devel@vger.kernel.org>;
> 'cerne...@chromium.org' <cerne...@chromium.org>; 'Liping Zhang'
> <zlpnob...@gmail.com>
> Subject: RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating
> ct->status
>
> Hi Liping,
>
> > -Original Message-
ne...@chromium.org; Liping Zhang
> <zlpnob...@gmail.com>
> Subject: [PATCH nf] netfilter: ctnetlink: make it safer when updating
ct->status
>
> From: Liping Zhang <zlpnob...@gmail.com>
>
> User can update the ct->status via nfnetlink, but using a non-atomic
operat
From: Liping Zhang
User can update the ct->status via nfnetlink, but using a non-atomic
operation "ct->status |= status;". This is unsafe, and may clear
IPS_DYING_BIT bit set by another CPU unexpectedly. For example:
CPU0CPU1