diff options
| author | Reshetova, Elena | 2017-03-16 09:03:34 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2017-03-17 12:49:43 +0100 |
| commit | b54ab92b84b6161f91b1ad9160199422b3699009 (patch) | |
| tree | f51f7300565a7d11414da624a9e65afa21e84221 /include/net/netfilter/nf_conntrack_expect.h | |
| parent | ipvs: Document sysctl pmtu_disc (diff) | |
| download | kernel-qcow2-linux-b54ab92b84b6161f91b1ad9160199422b3699009.tar.gz kernel-qcow2-linux-b54ab92b84b6161f91b1ad9160199422b3699009.tar.xz kernel-qcow2-linux-b54ab92b84b6161f91b1ad9160199422b3699009.zip | |
netfilter: refcounter conversions
refcount_t type and corresponding API (see include/linux/refcount.h)
should be used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_conntrack_expect.h')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_expect.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index 5ed33ea4718e..65cc2cb005d9 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h @@ -5,6 +5,8 @@ #ifndef _NF_CONNTRACK_EXPECT_H #define _NF_CONNTRACK_EXPECT_H +#include <linux/refcount.h> + #include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_zones.h> @@ -37,7 +39,7 @@ struct nf_conntrack_expect { struct timer_list timeout; /* Usage count. */ - atomic_t use; + refcount_t use; /* Flags */ unsigned int flags; |