(I've added netfilter and linux-rt-users to try to pull in more help). On Fri, Oct 26, 2012 at 9:48 AM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > Upstream kernel is fine, there is no race, as long as : > > local_bh_disable() disables BH and preemption. Looking at the unpatched code in net/ipv4/netfilter/ip_tables.c, it doesn't appear that any of the code checks the return value for xt_write_receq_begin to determine if it is safe to write. And neither does the newly patched code. How did the mainline code prevent corruption of the tables it is updating? Why isn't there something like: while ( (addend = xt_write_recseq_begin()) == 0 ); To make sure that only one person has write access to the tables? Better yet, why not use a seqlock_t instead? > Apparently RT changes this, so RT needs to change the code. The RT patch only touches local_bh_disable/enable, not the code in ip_tables.c. Does the local_bh_disable/enable in the mainline code protect against multiple writers? > cmpxchg() has strong guarantees (and is also slower than upstream code), > and seems a reasonable way to fix RT/iptables I see this now. And I agree that your patch would prevent corruption of the sequence counter. Thanks, Pete -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
