netfilter: cttimeout: decouple unlink and free on netns destruction

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make it so netns pre_exit unlinks the objects from the pernet list, so
they cannot be found anymore.

netns core issues a synchronize_rcu() before calling the exit hooks so
any the time the exit hooks run unconfirmed nf_conn entries have been
free'd or they have been committed to the hashtable.

The exit hook still tags unconfirmed entries as dying, this can
now be removed in a followup change.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 3 years ago 78222bac 1397af5b

+28 -10

2 changed files

expand all

include

net

netfilter

nf_conntrack_timeout.h

net

netfilter

nfnetlink_cttimeout.c

-8

include/net/netfilter/nf_conntrack_timeout.h

··· 17 17 char data[]; 18 18 }; 19 19 20 - struct ctnl_timeout { 21 - struct list_head head; 22 - struct rcu_head rcu_head; 23 - refcount_t refcnt; 24 - char name[CTNL_TIMEOUT_NAME_MAX]; 25 - struct nf_ct_timeout timeout; 26 - }; 27 - 28 20 struct nf_conn_timeout { 29 21 struct nf_ct_timeout __rcu *timeout; 30 22 };

+28 -2

net/netfilter/nfnetlink_cttimeout.c

··· 33 33 34 34 static unsigned int nfct_timeout_id __read_mostly; 35 35 36 + struct ctnl_timeout { 37 + struct list_head head; 38 + struct rcu_head rcu_head; 39 + refcount_t refcnt; 40 + char name[CTNL_TIMEOUT_NAME_MAX]; 41 + struct nf_ct_timeout timeout; 42 + 43 + struct list_head free_head; 44 + }; 45 + 36 46 struct nfct_timeout_pernet { 37 47 struct list_head nfct_timeout_list; 48 + struct list_head nfct_timeout_freelist; 38 49 }; 39 50 40 51 MODULE_LICENSE("GPL"); ··· 585 574 struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net); 586 575 587 576 INIT_LIST_HEAD(&pernet->nfct_timeout_list); 577 + INIT_LIST_HEAD(&pernet->nfct_timeout_freelist); 588 578 589 579 return 0; 580 + } 581 + 582 + static void __net_exit cttimeout_net_pre_exit(struct net *net) 583 + { 584 + struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net); 585 + struct ctnl_timeout *cur, *tmp; 586 + 587 + list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_list, head) { 588 + list_del_rcu(&cur->head); 589 + list_add(&cur->free_head, &pernet->nfct_timeout_freelist); 590 + } 591 + 592 + /* core calls synchronize_rcu() after this */ 590 593 } 591 594 592 595 static void __net_exit cttimeout_net_exit(struct net *net) ··· 611 586 nf_ct_unconfirmed_destroy(net); 612 587 nf_ct_untimeout(net, NULL); 613 588 614 - list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_list, head) { 615 - list_del_rcu(&cur->head); 589 + list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_freelist, head) { 590 + list_del(&cur->free_head); 616 591 617 592 if (refcount_dec_and_test(&cur->refcnt)) 618 593 kfree_rcu(cur, rcu_head); ··· 621 596 622 597 static struct pernet_operations cttimeout_ops = { 623 598 .init = cttimeout_net_init, 599 + .pre_exit = cttimeout_net_pre_exit, 624 600 .exit = cttimeout_net_exit, 625 601 .id = &nfct_timeout_id, 626 602 .size = sizeof(struct nfct_timeout_pernet),