From 982d9a9ce389c396bc83ce29d799937f379ddcb7 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 12 Feb 2007 11:14:11 -0800 Subject: [NETFILTER]: nf_conntrack: properly use RCU for nf_conntrack_destroyed callback Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_nat_core.c | 7 ++++--- net/netfilter/nf_conntrack_core.c | 9 ++++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 5156d5d6c3b..2c01378d359 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c @@ -617,8 +617,8 @@ static int __init nf_nat_init(void) } /* FIXME: Man, this is a hack. */ - NF_CT_ASSERT(nf_conntrack_destroyed == NULL); - nf_conntrack_destroyed = &nf_nat_cleanup_conntrack; + NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL); + rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack); /* Initialize fake conntrack so that NAT will skip it */ nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK; @@ -642,7 +642,8 @@ static int clean_nat(struct nf_conn *i, void *data) static void __exit nf_nat_cleanup(void) { nf_ct_iterate_cleanup(&clean_nat, NULL); - nf_conntrack_destroyed = NULL; + rcu_assign_pointer(nf_conntrack_destroyed, NULL); + synchronize_rcu(); vfree(bysource); nf_ct_l3proto_put(l3proto); } diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index d59640e2377..0cc150560fb 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -318,6 +318,7 @@ destroy_conntrack(struct nf_conntrack *nfct) struct nf_conn_help *help = nfct_help(ct); struct nf_conntrack_l3proto *l3proto; struct nf_conntrack_l4proto *l4proto; + typeof(nf_conntrack_destroyed) destroyed; DEBUGP("destroy_conntrack(%p)\n", ct); NF_CT_ASSERT(atomic_read(&nfct->use) == 0); @@ -341,10 +342,12 @@ destroy_conntrack(struct nf_conntrack *nfct) ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); if (l4proto && l4proto->destroy) l4proto->destroy(ct); - rcu_read_unlock(); - if (nf_conntrack_destroyed) - nf_conntrack_destroyed(ct); + destroyed = rcu_dereference(nf_conntrack_destroyed); + if (destroyed) + destroyed(ct); + + rcu_read_unlock(); write_lock_bh(&nf_conntrack_lock); /* Expectations will have been removed in clean_from_lists, -- cgit v1.2.3-70-g09d2