From patchwork Sun Dec  5 16:26:37 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Changli Gao <xiaosuo@gmail.com>
X-Patchwork-Id: 74310
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id C9035B70CC
	for <patchwork-incoming@ozlabs.org>;
	Mon,  6 Dec 2010 10:33:03 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753060Ab0LEXc4 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 5 Dec 2010 18:32:56 -0500
Received: from mail-gy0-f174.google.com ([209.85.160.174]:50538 "EHLO
	mail-gy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751779Ab0LEXcz (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sun, 5 Dec 2010 18:32:55 -0500
Received: by gyb11 with SMTP id 11so5702569gyb.19
	for <multiple recipients>; Sun, 05 Dec 2010 15:32:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:from:to:cc:subject:date
	:message-id:x-mailer;
	bh=lSc6lCqj7Aij1rP+qJX5yKw3KjtHPqfz3gSqh+yiimA=;
	b=w+7dNJKBzYH3gTL0V2OaGx2PHOYHxMmMGiItjkrZjeLpVBD1aGp/uJCPvjUT7NYPwX
	ZZQqJZOSuVoB4Bdiljr/2AcrE+iZxPqaYMJQQ+h7NON5qm86RURuV5Ht1Xz9Sd/EIHav
	LUD6af2EDZz1mALew0HVL7ld8M44L3WaPHYaQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:to:cc:subject:date:message-id:x-mailer;
	b=m88IZzVez2no3DIMasqkHgpK+7/1rKI6L//w5EmQGUCeZ8+ElHWA5CfCyriw6BQt1k
	E+TPetIy3r/EQuU0XSiXw8mlmwpXJJGoHszv0lBrvpGq3+thnrjS7LGHXsnDKrGHZZIN
	CqIwKqvyt6ATllSloFPoU8zUmm6qfKRs+uBmA=
Received: by 10.151.10.12 with SMTP id n12mr8117242ybi.220.1291591974560;
	Sun, 05 Dec 2010 15:32:54 -0800 (PST)
Received: from localhost.localdomain ([221.239.34.230])
	by mx.google.com with ESMTPS id u10sm1195966yba.1.2010.12.05.15.32.48
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 05 Dec 2010 15:32:53 -0800 (PST)
From: Changli Gao <xiaosuo@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
	Changli Gao <xiaosuo@gmail.com>
Subject: [PATCH] netfilter: fix the race when initializing
	nf_ct_expect_hash_rnd
Date: Mon,  6 Dec 2010 00:26:37 +0800
Message-Id: <1291566397-24318-1-git-send-email-xiaosuo@gmail.com>
X-Mailer: git-send-email 1.7.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Since nf_ct_expect_dst_hash() may be called without nf_conntrack_lock
locked, nf_ct_expect_hash_rnd should be initialized in the atomic way.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
---
 net/netfilter/nf_conntrack_expect.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 46e8966..e2bb3ef 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -34,7 +34,6 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
 
 static unsigned int nf_ct_expect_hash_rnd __read_mostly;
 unsigned int nf_ct_expect_max __read_mostly;
-static int nf_ct_expect_hash_rnd_initted __read_mostly;
 
 static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
 
@@ -77,10 +76,13 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
 {
 	unsigned int hash;
 
-	if (unlikely(!nf_ct_expect_hash_rnd_initted)) {
-		get_random_bytes(&nf_ct_expect_hash_rnd,
-				 sizeof(nf_ct_expect_hash_rnd));
-		nf_ct_expect_hash_rnd_initted = 1;
+	if (unlikely(!nf_ct_expect_hash_rnd)) {
+		unsigned int rand;
+
+		do {
+			get_random_bytes(&rand, sizeof(rand));
+		} while (!rand);
+		cmpxchg(&nf_ct_expect_hash_rnd, 0, rand);
 	}
 
 	hash = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),