git.kernel.dk Git - linux-block.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 7 Jan 2022 04:03:22 +0000 (05:03 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 9 Jan 2022 22:30:13 +0000 (23:30 +0100)
commit	719774377622bc4025d2a74f551b5dc2158c6c30
tree	8fbe7d875fbdaf8fcd909f15b230728c8c8b5baa	tree \| snapshot
parent	613a0c67d12f33dcbeec2836f5fe60d05b4c18c0	commit \| diff

netfilter: conntrack: convert to refcount_t api

Convert nf_conn reference counting from atomic_t to refcount_t based api.
refcount_t api provides more runtime sanity checks and will warn on
certain constructs, e.g. refcount_inc() on a zero reference count, which
usually indicates use-after-free.

For this reason template allocation is changed to init the refcount to
1, the subsequenct add operations are removed.

Likewise, init_conntrack() is changed to set the initial refcount to 1
instead refcount_inc().

This is safe because the new entry is not (yet) visible to other cpus.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter/nf_conntrack_common.h		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_expect.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| blame \| history
net/netfilter/nf_flow_table_core.c		diff \| blob \| blame \| history
net/netfilter/nf_synproxy_core.c		diff \| blob \| blame \| history
net/netfilter/nft_ct.c		diff \| blob \| blame \| history
net/netfilter/xt_CT.c		diff \| blob \| blame \| history
net/openvswitch/conntrack.c		diff \| blob \| blame \| history
net/sched/act_ct.c		diff \| blob \| blame \| history