[NETFILTER]: nf_nat: properly use RCU for ip_nat_decode_session
authorPatrick McHardy <kaber@trash.net>
Tue, 18 Dec 2007 06:42:51 +0000 (22:42 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:59:06 +0000 (14:59 -0800)
We need to use rcu_assign_pointer/rcu_dereference to avoid races.
Also remove an obsolete CONFIG_IP_NAT_NEEDED ifdef.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter.h
net/ipv4/netfilter/nf_nat_standalone.c

index 0947424d01d6cace1a2cf763601cf339bf214f15..1a8487325a4f28ee7235ee318522c734c18094dd 100644 (file)
@@ -256,11 +256,16 @@ extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
 static inline void
 nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family)
 {
-#if defined(CONFIG_IP_NF_NAT_NEEDED) || defined(CONFIG_NF_NAT_NEEDED)
+#ifdef CONFIG_NF_NAT_NEEDED
        void (*decodefn)(struct sk_buff *, struct flowi *);
 
-       if (family == AF_INET && (decodefn = ip_nat_decode_session) != NULL)
-               decodefn(skb, fl);
+       if (family == AF_INET) {
+               rcu_read_lock();
+               decodefn = rcu_dereference(ip_nat_decode_session);
+               if (decodefn)
+                       decodefn(skb, fl);
+               rcu_read_unlock();
+       }
 #endif
 }
 
index a2b02f01cc5c6bf312ff2422e9dd0e9f5c3e335e..99b2c788d5a8dfbdef55d7f8b6efcc9ffee970c2 100644 (file)
@@ -332,7 +332,7 @@ static int __init nf_nat_standalone_init(void)
 
 #ifdef CONFIG_XFRM
        BUG_ON(ip_nat_decode_session != NULL);
-       ip_nat_decode_session = nat_decode_session;
+       rcu_assign_pointer(ip_nat_decode_session, nat_decode_session);
 #endif
        ret = nf_nat_rule_init();
        if (ret < 0) {
@@ -350,7 +350,7 @@ static int __init nf_nat_standalone_init(void)
        nf_nat_rule_cleanup();
  cleanup_decode_session:
 #ifdef CONFIG_XFRM
-       ip_nat_decode_session = NULL;
+       rcu_assign_pointer(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        return ret;
@@ -361,7 +361,7 @@ static void __exit nf_nat_standalone_fini(void)
        nf_unregister_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
        nf_nat_rule_cleanup();
 #ifdef CONFIG_XFRM
-       ip_nat_decode_session = NULL;
+       rcu_assign_pointer(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        /* Conntrack caches are unregistered in nf_conntrack_cleanup */