[NETFILTER]: Fix locking in ip_conntrack.

http://bugme.osdl.org/show_bug.cgi?id=1764 We're walking the expect list without the ip_conntrack_expect_tuple_lock.

[NETFILTER]: Fix locking in ip_conntrack.
http://bugme.osdl.org/show_bug.cgi?id=1764 We're walking the expect list without the ip_conntrack_expect_tuple_lock.
328ff99f · Rusty Russell · Hideaki Yoshifuji · 35f9c7ce · 328ff99f · 328ff99f
Commit 328ff99f authored Jan 28, 2004 by Rusty Russell Committed by Hideaki Yoshifuji Jan 28, 2004
Showing with 5 additions and 1 deletion

include/linux/netfilter_ipv4/ip_conntrack_core.h include/linux/netfilter_ipv4/ip_conntrack_core.h +1 -0

net/ipv4/netfilter/ip_conntrack_standalone.c net/ipv4/netfilter/ip_conntrack_standalone.c +4 -1

No files found.
--- a/include/linux/netfilter_ipv4/ip_conntrack_core.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_core.h
@@ -50,5 +50,6 @@ static inline int ip_conntrack_confirm(struct sk_buff *skb)
 extern struct list_head *ip_conntrack_hash;
 extern struct list_head ip_conntrack_expect_list;
 DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
+DECLARE_RWLOCK_EXTERN(ip_conntrack_expect_tuple_lock);
 #endif /* _IP_CONNTRACK_CORE_H */
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -159,6 +159,7 @@ list_conntracks(char *buffer, char **start, off_t offset, int length)
 	}
 	/* Now iterate through expecteds. */
+	READ_LOCK(&ip_conntrack_expect_tuple_lock);
 	list_for_each(e, &ip_conntrack_expect_list) {
 		unsigned int last_len;
 		struct ip_conntrack_expect *expect
@@ -169,10 +170,12 @@ list_conntracks(char *buffer, char **start, off_t offset, int length)
 		len += print_expect(buffer + len, expect);
 		if (len > length) {
 			len = last_len;
-			goto finished;
+			goto finished_expects;
 		}
 	}
+ finished_expects:
+	READ_UNLOCK(&ip_conntrack_expect_tuple_lock);
 finished:
 	READ_UNLOCK(&ip_conntrack_lock);