88 lines
2.8 KiB
Diff
88 lines
2.8 KiB
Diff
From 50b16d1ddb28fd72581e1a4467e4d444b6d4cf68 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <50b16d1ddb28fd72581e1a4467e4d444b6d4cf68.1601675152.git.zanussi@kernel.org>
|
|
In-Reply-To: <5b5a156f9808b1acf1205606e03da117214549ea.1601675151.git.zanussi@kernel.org>
|
|
References: <5b5a156f9808b1acf1205606e03da117214549ea.1601675151.git.zanussi@kernel.org>
|
|
From: Thomas Gleixner <tglx@linutronix.de>
|
|
Date: Sun, 28 Oct 2012 11:18:08 +0100
|
|
Subject: [PATCH 234/333] net: netfilter: Serialize xt_write_recseq sections on
|
|
RT
|
|
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patches-4.19.148-rt64.tar.xz
|
|
|
|
The netfilter code relies only on the implicit semantics of
|
|
local_bh_disable() for serializing wt_write_recseq sections. RT breaks
|
|
that and needs explicit serialization here.
|
|
|
|
Reported-by: Peter LaDow <petela@gocougs.wsu.edu>
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
---
|
|
include/linux/netfilter/x_tables.h | 7 +++++++
|
|
net/netfilter/core.c | 6 ++++++
|
|
2 files changed, 13 insertions(+)
|
|
|
|
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
|
|
index 9077b3ebea08..1710f2aff350 100644
|
|
--- a/include/linux/netfilter/x_tables.h
|
|
+++ b/include/linux/netfilter/x_tables.h
|
|
@@ -6,6 +6,7 @@
|
|
#include <linux/netdevice.h>
|
|
#include <linux/static_key.h>
|
|
#include <linux/netfilter.h>
|
|
+#include <linux/locallock.h>
|
|
#include <uapi/linux/netfilter/x_tables.h>
|
|
|
|
/* Test a struct->invflags and a boolean for inequality */
|
|
@@ -345,6 +346,8 @@ void xt_free_table_info(struct xt_table_info *info);
|
|
*/
|
|
DECLARE_PER_CPU(seqcount_t, xt_recseq);
|
|
|
|
+DECLARE_LOCAL_IRQ_LOCK(xt_write_lock);
|
|
+
|
|
/* xt_tee_enabled - true if x_tables needs to handle reentrancy
|
|
*
|
|
* Enabled if current ip(6)tables ruleset has at least one -j TEE rule.
|
|
@@ -365,6 +368,9 @@ static inline unsigned int xt_write_recseq_begin(void)
|
|
{
|
|
unsigned int addend;
|
|
|
|
+ /* RT protection */
|
|
+ local_lock(xt_write_lock);
|
|
+
|
|
/*
|
|
* Low order bit of sequence is set if we already
|
|
* called xt_write_recseq_begin().
|
|
@@ -395,6 +401,7 @@ static inline void xt_write_recseq_end(unsigned int addend)
|
|
/* this is kind of a write_seqcount_end(), but addend is 0 or 1 */
|
|
smp_wmb();
|
|
__this_cpu_add(xt_recseq.sequence, addend);
|
|
+ local_unlock(xt_write_lock);
|
|
}
|
|
|
|
/*
|
|
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
|
|
index 93aaec3a54ec..b364cf8e5776 100644
|
|
--- a/net/netfilter/core.c
|
|
+++ b/net/netfilter/core.c
|
|
@@ -20,6 +20,7 @@
|
|
#include <linux/inetdevice.h>
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/mutex.h>
|
|
+#include <linux/locallock.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/rcupdate.h>
|
|
#include <net/net_namespace.h>
|
|
@@ -27,6 +28,11 @@
|
|
|
|
#include "nf_internals.h"
|
|
|
|
+#ifdef CONFIG_PREEMPT_RT_BASE
|
|
+DEFINE_LOCAL_IRQ_LOCK(xt_write_lock);
|
|
+EXPORT_PER_CPU_SYMBOL(xt_write_lock);
|
|
+#endif
|
|
+
|
|
const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly;
|
|
EXPORT_SYMBOL_GPL(nf_ipv6_ops);
|
|
|
|
--
|
|
2.17.1
|
|
|