[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks
New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.
Also change NF_CT_ASSERT to use WARN_ON to get backtraces.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
commit b2a3c0b71517472b86ecb38cbf30fbdd1b27eb95
tree 9c394ddf15e28d19d903dc82205854dd36480aea
parent 6cad3b7ff5971feef96758c159ee689ab14118ee
author Patrick McHardy <kaber@xxxxxxxxx> Mon, 14 Apr 2008 12:10:54 +0200
committer Patrick McHardy <kaber@xxxxxxxxx> Mon, 14 Apr 2008 12:10:54 +0200
include/net/netfilter/nf_conntrack.h | 9 +--------
net/netfilter/nf_conntrack_extend.c | 3 +++
2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index bb9fc85..4a0496a 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -65,14 +65,7 @@ union nf_conntrack_help {
#include <linux/timer.h>
#ifdef CONFIG_NETFILTER_DEBUG
-#define NF_CT_ASSERT(x) \
-do { \
- if (!(x)) \
- /* Wooah! I'm tripping my conntrack in a frenzy of \
- netplay... */ \
- printk("NF_CT_ASSERT: %s:%i(%s)\n", \
- __FILE__, __LINE__, __FUNCTION__); \
-} while(0)
+#define NF_CT_ASSERT(x) WARN_ON(!(x))
#else
#define NF_CT_ASSERT(x)
#endif
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 2bd9963..bcc19fa 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
int i, newlen, newoff;
struct nf_ct_ext_type *t;
+ /* Conntrack must not be confirmed to avoid races on reallocation. */
+ NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
+
if (!ct->ext)
return nf_ct_ext_create(&ct->ext, id, gfp);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
