review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 7 Jan 2022 04:03:22 +0000 (05:03 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 27 Apr 2022 12:39:01 +0000 (14:39 +0200)
commit	bcba40bd36d705aba9c5fd4622e35118c2a46ed2
tree	f54f84348386880c8a07bfbfd75e9816dac135e9	tree \| snapshot
parent	4bbd693d9f0ac81e3b3ea97ab2201424061df96c	commit \| diff

netfilter: conntrack: convert to refcount_t api

commit 719774377622bc4025d2a74f551b5dc2158c6c30 upstream.

Convert nf_conn reference counting from atomic_t to refcount_t based api.
refcount_t api provides more runtime sanity checks and will warn on
certain constructs, e.g. refcount_inc() on a zero reference count, which
usually indicates use-after-free.

For this reason template allocation is changed to init the refcount to
1, the subsequenct add operations are removed.

Likewise, init_conntrack() is changed to set the initial refcount to 1
instead refcount_inc().

This is safe because the new entry is not (yet) visible to other cpus.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/netfilter/nf_conntrack_common.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_expect.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history
net/netfilter/nf_flow_table_core.c		diff \| blob \| history
net/netfilter/nf_synproxy_core.c		diff \| blob \| history
net/netfilter/nft_ct.c		diff \| blob \| history
net/netfilter/xt_CT.c		diff \| blob \| history
net/openvswitch/conntrack.c		diff \| blob \| history
net/sched/act_ct.c		diff \| blob \| history