Re: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

Hi Feng, 2017-04-13 11:22 GMT+08:00 Gao Feng : [...] >> No, it's better to do this together, there are two invocations, it's not >> good to >> copy these codes twice. > > You mean " on &= ~ IPS_UNCHANGEABLE_MASK " and " off &= ~ > IPS_UNCHANGEABLE_MASK " seems

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

t;; Netfilter Developer Mailing List > <netfilter-devel@vger.kernel.org>; cerne...@chromium.org > Subject: Re: [PATCH nf] netfilter: ctnetlink: make it safer when updating > ct->status > > Hi Feng, > > 2017-04-13 10:42 GMT+08:00 Gao Feng <gfree.w...@foxmail.com>: >

Re: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

Hi Feng, 2017-04-13 10:42 GMT+08:00 Gao Feng : [...] >> +static void >> +__ctnetlink_change_status(struct nf_conn *ct, unsigned long on, >> + unsigned long off) >> +{ >> + unsigned long mask; >> + unsigned int bit; >> + >> + for (bit = 0;

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

-devel@vger.kernel.org>; > 'cerne...@chromium.org' <cerne...@chromium.org>; 'Liping Zhang' > <zlpnob...@gmail.com> > Subject: RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating > ct->status > > Hi Liping, > > > -Original Message-

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

ne...@chromium.org; Liping Zhang > <zlpnob...@gmail.com> > Subject: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status > > From: Liping Zhang <zlpnob...@gmail.com> > > User can update the ct->status via nfnetlink, but using a non-atomic operat

[PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

From: Liping Zhang User can update the ct->status via nfnetlink, but using a non-atomic operation "ct->status |= status;". This is unsafe, and may clear IPS_DYING_BIT bit set by another CPU unexpectedly. For example: CPU0CPU1