From: Patrick McHardy Date: Mon, 14 Apr 2008 09:15:51 +0000 (+0200) Subject: [NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks X-Git-Tag: v2.6.26-rc1~1138^2~89^2~12 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55871d04793d9c069ee277b1e98794b88d92ed80;p=linux-2.6 [NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks New extensions may only be added to unconfirmed conntracks to avoid races when reallocating the storage. Also change NF_CT_ASSERT to use WARN_ON to get backtraces. Signed-off-by: Patrick McHardy --- diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bb9fc852e9..4a0496aa32 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -65,14 +65,7 @@ union nf_conntrack_help { #include #ifdef CONFIG_NETFILTER_DEBUG -#define NF_CT_ASSERT(x) \ -do { \ - if (!(x)) \ - /* Wooah! I'm tripping my conntrack in a frenzy of \ - netplay... */ \ - printk("NF_CT_ASSERT: %s:%i(%s)\n", \ - __FILE__, __LINE__, __FUNCTION__); \ -} while(0) +#define NF_CT_ASSERT(x) WARN_ON(!(x)) #else #define NF_CT_ASSERT(x) #endif diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c index 2bd9963b5b..bcc19fa4ed 100644 --- a/net/netfilter/nf_conntrack_extend.c +++ b/net/netfilter/nf_conntrack_extend.c @@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) int i, newlen, newoff; struct nf_ct_ext_type *t; + /* Conntrack must not be confirmed to avoid races on reallocation. */ + NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); + if (!ct->ext) return nf_ct_ext_create(&ct->ext, id, gfp);