tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: ipt_CLUSTERIP: make clusterip_lock per net namespace

this lock is used for protecting clusterip_configs of per
net namespace, it should be per net namespace too.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Gao feng and committed by
Pablo Neira Ayuso f1e8077f 26a89e43

+11 -7
+11 -7
net/ipv4/netfilter/ipt_CLUSTERIP.c
··· 58 58 struct rcu_head rcu; 59 59 }; 60 60 61 - /* clusterip_lock protects the clusterip_configs list */ 62 - static DEFINE_SPINLOCK(clusterip_lock); 63 - 64 61 #ifdef CONFIG_PROC_FS 65 62 static const struct file_operations clusterip_proc_fops; 66 63 #endif ··· 66 69 67 70 struct clusterip_net { 68 71 struct list_head configs; 72 + /* lock protects the configs list */ 73 + spinlock_t lock; 74 + 69 75 #ifdef CONFIG_PROC_FS 70 76 struct proc_dir_entry *procdir; 71 77 #endif ··· 99 99 static inline void 100 100 clusterip_config_entry_put(struct clusterip_config *c) 101 101 { 102 + struct clusterip_net *cn = net_generic(&init_net, clusterip_net_id); 103 + 102 104 local_bh_disable(); 103 - if (atomic_dec_and_lock(&c->entries, &clusterip_lock)) { 105 + if (atomic_dec_and_lock(&c->entries, &cn->lock)) { 104 106 list_del_rcu(&c->list); 105 - spin_unlock(&clusterip_lock); 107 + spin_unlock(&cn->lock); 106 108 local_bh_enable(); 107 109 108 110 dev_mc_del(c->dev, c->clustermac); ··· 200 198 } 201 199 #endif 202 200 203 - spin_lock_bh(&clusterip_lock); 201 + spin_lock_bh(&cn->lock); 204 202 list_add_rcu(&c->list, &cn->configs); 205 - spin_unlock_bh(&clusterip_lock); 203 + spin_unlock_bh(&cn->lock); 206 204 207 205 return c; 208 206 } ··· 714 712 struct clusterip_net *cn = net_generic(net, clusterip_net_id); 715 713 716 714 INIT_LIST_HEAD(&cn->configs); 715 + 716 + spin_lock_init(&cn->lock); 717 717 718 718 #ifdef CONFIG_PROC_FS 719 719 cn->procdir = proc_mkdir("ipt_CLUSTERIP", net->proc_net);