netfilter: conntrack: restart iteration on resize

We could some conntracks when a resize occurs in parallel.

Avoid this by sampling generation seqcnt and doing a restart if needed.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2017-05-21 12:52:58 +02:00 committed by Pablo Neira Ayuso
parent 2843fb6998
commit 0d02d5646e
1 changed files with 14 additions and 6 deletions

View File

@ -1623,17 +1623,25 @@ found:
static void nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data),
void *data, u32 portid, int report)
{
unsigned int bucket = 0, sequence;
struct nf_conn *ct;
unsigned int bucket = 0;
might_sleep();
while ((ct = get_next_corpse(iter, data, &bucket)) != NULL) {
/* Time to push up daises... */
for (;;) {
sequence = read_seqcount_begin(&nf_conntrack_generation);
nf_ct_delete(ct, portid, report);
nf_ct_put(ct);
cond_resched();
while ((ct = get_next_corpse(iter, data, &bucket)) != NULL) {
/* Time to push up daises... */
nf_ct_delete(ct, portid, report);
nf_ct_put(ct);
cond_resched();
}
if (!read_seqcount_retry(&nf_conntrack_generation, sequence))
break;
bucket = 0;
}
}