err.no Git - linux-2.6/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 20 Sep 2006 19:01:06 +0000 (12:01 -0700)
committer	David S. Miller <davem@sunset.davemloft.net>
	Fri, 22 Sep 2006 22:19:54 +0000 (15:19 -0700)
commit	5251e2d2125407bbff0c39394a4011be9ed8b5d0
tree	3dda0aeb90d80a2ddd0e7a4215bfe9eaa8209033	tree \| snapshot
parent	01f348484dd8509254d045e3ad49029716eca6a1	commit \| diff

[NETFILTER]: conntrack: fix race condition in early_drop

On SMP environments the maximum number of conntracks can be overpassed
under heavy stress situations due to an existing race condition.

        CPU A                   CPU B
     atomic_read()               ...
     early_drop()                ...
        ...                  atomic_read()
   allocate conntrack      allocate conntrack
     atomic_inc()             atomic_inc()

This patch moves the counter incrementation before the early drop stage.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/netfilter/ip_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history