From patchwork Mon Apr 17 13:18:58 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Liping Zhang <zlpnobody@163.com>
X-Patchwork-Id: 751313
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3w684q5H2zz9s0g
	for <incoming@patchwork.ozlabs.org>;
	Mon, 17 Apr 2017 23:19:55 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=163.com header.i=@163.com header.b="qEr5AxOF";
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753777AbdDQNTz (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 17 Apr 2017 09:19:55 -0400
Received: from m12-17.163.com ([220.181.12.17]:56619 "EHLO m12-17.163.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753354AbdDQNTw (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Mon, 17 Apr 2017 09:19:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
	s=s110527; h=From:Subject:Date:Message-Id; bh=s9riv8eeV8QQHBObHM
	XSxse1bMlGVbuMRI9YBVK3u6s=; b=qEr5AxOFJLOPX5FL8fo/0K99Scurs8nMdR
	38+BAk45b7IbqF5+IkBQRCm6MkQEzg3Ari9498wGMNUubB6AD2lw3OCugNAbmnLA
	Z2Uv3m5lHAFDbJW3PdQzfGxzCTx9iJyaGJq3xNYIhIhJrabrHYjlBl+bD53Z8cTO
	8fsd+TsaY=
Received: from MiWiFi-R2D-srv.localdomain (unknown [180.164.231.180])
	by smtp13 (Coremail) with SMTP id EcCowACXs8PewPRY6P6cAg--.35942S6;
	Mon, 17 Apr 2017 21:19:46 +0800 (CST)
From: Liping Zhang <zlpnobody@163.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, Liping Zhang <zlpnobody@gmail.com>
Subject: [PATCH nf 4/4] netfilter: ctnetlink: acquire ct->lock before
	operating nf_ct_seqadj
Date: Mon, 17 Apr 2017 21:18:58 +0800
Message-Id: <1492435138-28283-5-git-send-email-zlpnobody@163.com>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1492435138-28283-1-git-send-email-zlpnobody@163.com>
References: <1492435138-28283-1-git-send-email-zlpnobody@163.com>
X-CM-TRANSID: EcCowACXs8PewPRY6P6cAg--.35942S6
X-Coremail-Antispam: 1Uf129KBjvJXoW7AFy3tFWDKF47ArW3uryxuFg_yoW8Kr4rpF
	Z8ur93GFnrJrya9r1vka1DZ3ZIvws7Krs8Cr93J34kAF1rtr4YvF4fKFnIvryavr1kG347
	JF47KF4Ykrn3Cw7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jWlksUUUUU=
X-Originating-IP: [180.164.231.180]
X-CM-SenderInfo: x2os00perg5qqrwthudrp/1tbiNhG8l1WBV11ESwAAsd
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

From: Liping Zhang <zlpnobody@gmail.com>

We should acquire the ct->lock before accessing or modifying the
nf_ct_seqadj, as another CPU may modify the nf_ct_seqadj at the same
time during its packet proccessing.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
---
 net/netfilter/nf_conntrack_netlink.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 86deed6..78f8c9a 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -417,8 +417,7 @@ dump_ct_seq_adj(struct sk_buff *skb, const struct nf_ct_seqadj *seq, int type)
 	return -1;
 }
 
-static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb,
-				     const struct nf_conn *ct)
+static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
 {
 	struct nf_conn_seqadj *seqadj = nfct_seqadj(ct);
 	struct nf_ct_seqadj *seq;
@@ -426,15 +425,20 @@ static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb,
 	if (!(ct->status & IPS_SEQ_ADJUST) || !seqadj)
 		return 0;
 
+	spin_lock_bh(&ct->lock);
 	seq = &seqadj->seq[IP_CT_DIR_ORIGINAL];
 	if (dump_ct_seq_adj(skb, seq, CTA_SEQ_ADJ_ORIG) == -1)
-		return -1;
+		goto err;
 
 	seq = &seqadj->seq[IP_CT_DIR_REPLY];
 	if (dump_ct_seq_adj(skb, seq, CTA_SEQ_ADJ_REPLY) == -1)
-		return -1;
+		goto err;
 
+	spin_unlock_bh(&ct->lock);
 	return 0;
+err:
+	spin_unlock_bh(&ct->lock);
+	return -1;
 }
 
 static int ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct)
@@ -1637,11 +1641,12 @@ ctnetlink_change_seq_adj(struct nf_conn *ct,
 	if (!seqadj)
 		return 0;
 
+	spin_lock_bh(&ct->lock);
 	if (cda[CTA_SEQ_ADJ_ORIG]) {
 		ret = change_seq_adj(&seqadj->seq[IP_CT_DIR_ORIGINAL],
 				     cda[CTA_SEQ_ADJ_ORIG]);
 		if (ret < 0)
-			return ret;
+			goto err;
 
 		set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
 	}
@@ -1650,12 +1655,16 @@ ctnetlink_change_seq_adj(struct nf_conn *ct,
 		ret = change_seq_adj(&seqadj->seq[IP_CT_DIR_REPLY],
 				     cda[CTA_SEQ_ADJ_REPLY]);
 		if (ret < 0)
-			return ret;
+			goto err;
 
 		set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
 	}
 
+	spin_unlock_bh(&ct->lock);
 	return 0;
+err:
+	spin_unlock_bh(&ct->lock);
+	return ret;
 }
 
 static int