diff options
| author | Liping Zhang | 2017-05-21 16:38:11 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2017-05-23 22:54:51 +0200 |
| commit | 124dffea9e8e372509e055aebd118e85518fd644 (patch) | |
| tree | eb35feb6b0c04851d32095b9aa082c0f898c9210 /net/netfilter/nf_conntrack_netlink.c | |
| parent | netfilter: nft_set_rbtree: handle element re-addition after deletion (diff) | |
| download | kernel-qcow2-linux-124dffea9e8e372509e055aebd118e85518fd644.tar.gz kernel-qcow2-linux-124dffea9e8e372509e055aebd118e85518fd644.tar.xz kernel-qcow2-linux-124dffea9e8e372509e055aebd118e85518fd644.zip | |
netfilter: nat: use atomic bit op to clear the _SRC_NAT_DONE_BIT
We need to clear the IPS_SRC_NAT_DONE_BIT to indicate that the ct has
been removed from nat_bysource table. But unfortunately, we use the
non-atomic bit operation: "ct->status &= ~IPS_NAT_DONE_MASK". So
there's a race condition that we may clear the _DYING_BIT set by
another CPU unexpectedly.
Since we don't care about the IPS_DST_NAT_DONE_BIT, so just using
clear_bit to clear the IPS_SRC_NAT_DONE_BIT is enough.
Also note, this is the last user which use the non-atomic bit operation
to update the confirmed ct->status.
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_netlink.c')
0 files changed, 0 insertions, 0 deletions