rt-patches/0228-net-netfilter-Serialize-xt_write_recseq-sections-on-.patch

   1 From 0b4454ae36ae320561b050cbd152fe3071ad0dc0 Mon Sep 17 00:00:00 2001
   2 From: Thomas Gleixner <tglx@linutronix.de>
   3 Date: Sun, 28 Oct 2012 11:18:08 +0100
   4 Subject: [PATCH 228/366] net: netfilter: Serialize xt_write_recseq sections on
   5  RT
   6
   7 The netfilter code relies only on the implicit semantics of
   8 local_bh_disable() for serializing wt_write_recseq sections. RT breaks
   9 that and needs explicit serialization here.
  10
  11 Reported-by: Peter LaDow <petela@gocougs.wsu.edu>
  12 Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  13 ---
  14  include/linux/netfilter/x_tables.h | 7 +++++++
  15  net/netfilter/core.c               | 6 ++++++
  16  2 files changed, 13 insertions(+)
  17
  18 diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
  19 index 04078e8..a61c960 100644
  20 --- a/include/linux/netfilter/x_tables.h
  21 +++ b/include/linux/netfilter/x_tables.h
  22 @@ -4,6 +4,7 @@
  23
  24  #include <linux/netdevice.h>
  25  #include <linux/static_key.h>
  26 +#include <linux/locallock.h>
  27  #include <uapi/linux/netfilter/x_tables.h>
  28
  29  /**
  30 @@ -289,6 +290,8 @@ void xt_free_table_info(struct xt_table_info *info);
  31   */
  32  DECLARE_PER_CPU(seqcount_t, xt_recseq);
  33
  34 +DECLARE_LOCAL_IRQ_LOCK(xt_write_lock);
  35 +
  36  /* xt_tee_enabled - true if x_tables needs to handle reentrancy
  37   *
  38   * Enabled if current ip(6)tables ruleset has at least one -j TEE rule.
  39 @@ -309,6 +312,9 @@ static inline unsigned int xt_write_recseq_begin(void)
  40  {
  41         unsigned int addend;
  42
  43 +       /* RT protection */
  44 +       local_lock(xt_write_lock);
  45 +
  46         /*
  47          * Low order bit of sequence is set if we already
  48          * called xt_write_recseq_begin().
  49 @@ -339,6 +345,7 @@ static inline void xt_write_recseq_end(unsigned int addend)
  50         /* this is kind of a write_seqcount_end(), but addend is 0 or 1 */
  51         smp_wmb();
  52         __this_cpu_add(xt_recseq.sequence, addend);
  53 +       local_unlock(xt_write_lock);
  54  }
  55
  56  /*
  57 diff --git a/net/netfilter/core.c b/net/netfilter/core.c
  58 index f39276d..10880c8 100644
  59 --- a/net/netfilter/core.c
  60 +++ b/net/netfilter/core.c
  61 @@ -22,11 +22,17 @@
  62  #include <linux/proc_fs.h>
  63  #include <linux/mutex.h>
  64  #include <linux/slab.h>
  65 +#include <linux/locallock.h>
  66  #include <net/net_namespace.h>
  67  #include <net/sock.h>
  68
  69  #include "nf_internals.h"
  70
  71 +#ifdef CONFIG_PREEMPT_RT_BASE
  72 +DEFINE_LOCAL_IRQ_LOCK(xt_write_lock);
  73 +EXPORT_PER_CPU_SYMBOL(xt_write_lock);
  74 +#endif
  75 +
  76  static DEFINE_MUTEX(afinfo_mutex);
  77
  78  const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;
  79 --
  80 1.9.1
  81