Commit 0b35f603 authored by Taehee Yoo's avatar Taehee Yoo Committed by Pablo Neira Ayuso

netfilter: Remove duplicated rcu_read_lock.

This patch removes duplicate rcu_read_lock().

1. IPVS part:

According to Julian Anastasov's mention, contexts of ipvs are described
at: http://marc.info/?l=netfilter-devel&m=149562884514072&w=2, in summary:

 - packet RX/TX: does not need locks because packets come from hooks.
 - sync msg RX: backup server uses RCU locks while registering new
   connections.
 - ip_vs_ctl.c: configuration get/set, RCU locks needed.
 - xt_ipvs.c: It is a netfilter match, running from hook context.

As result, rcu_read_lock and rcu_read_unlock can be removed from:

 - ip_vs_core.c: all
 - ip_vs_ctl.c:
   - only from ip_vs_has_real_service
 - ip_vs_ftp.c: all
 - ip_vs_proto_sctp.c: all
 - ip_vs_proto_tcp.c: all
 - ip_vs_proto_udp.c: all
 - ip_vs_xmit.c: all (contains only packet processing)

2. Netfilter part:

There are three types of functions that are guaranteed the rcu_read_lock().
First, as result, functions are only called by nf_hook():

 - nf_conntrack_broadcast_help(), pptp_expectfn(), set_expected_rtp_rtcp().
 - tcpmss_reverse_mtu(), tproxy_laddr4(), tproxy_laddr6().
 - match_lookup_rt6(), check_hlist(), hashlimit_mt_common().
 - xt_osf_match_packet().

Second, functions that caller already held the rcu_read_lock().
 - destroy_conntrack(), ctnetlink_conntrack_event().
 - ctnl_timeout_find_get(), nfqnl_nf_hook_drop().

Third, functions that are mixed with type1 and type2.

These functions are called by nf_hook() also these are called by
ordinary functions that already held the rcu_read_lock():

 - __ctnetlink_glue_build(), ctnetlink_expect_event().
 - ctnetlink_proto_size().

Applied files are below:

- nf_conntrack_broadcast.c, nf_conntrack_core.c, nf_conntrack_netlink.c.
- nf_conntrack_pptp.c, nf_conntrack_sip.c, nfnetlink_cttimeout.c.
- nfnetlink_queue.c, xt_TCPMSS.c, xt_TPROXY.c, xt_addrtype.c.
- xt_connlimit.c, xt_hashlimit.c, xt_osf.c

Detailed calltrace can be found at:
http://marc.info/?l=netfilter-devel&m=149667610710350&w=2Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 9f08ea84
...@@ -125,14 +125,12 @@ ip_vs_in_stats(struct ip_vs_conn *cp, struct sk_buff *skb) ...@@ -125,14 +125,12 @@ ip_vs_in_stats(struct ip_vs_conn *cp, struct sk_buff *skb)
s->cnt.inbytes += skb->len; s->cnt.inbytes += skb->len;
u64_stats_update_end(&s->syncp); u64_stats_update_end(&s->syncp);
rcu_read_lock();
svc = rcu_dereference(dest->svc); svc = rcu_dereference(dest->svc);
s = this_cpu_ptr(svc->stats.cpustats); s = this_cpu_ptr(svc->stats.cpustats);
u64_stats_update_begin(&s->syncp); u64_stats_update_begin(&s->syncp);
s->cnt.inpkts++; s->cnt.inpkts++;
s->cnt.inbytes += skb->len; s->cnt.inbytes += skb->len;
u64_stats_update_end(&s->syncp); u64_stats_update_end(&s->syncp);
rcu_read_unlock();
s = this_cpu_ptr(ipvs->tot_stats.cpustats); s = this_cpu_ptr(ipvs->tot_stats.cpustats);
u64_stats_update_begin(&s->syncp); u64_stats_update_begin(&s->syncp);
...@@ -159,14 +157,12 @@ ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb) ...@@ -159,14 +157,12 @@ ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb)
s->cnt.outbytes += skb->len; s->cnt.outbytes += skb->len;
u64_stats_update_end(&s->syncp); u64_stats_update_end(&s->syncp);
rcu_read_lock();
svc = rcu_dereference(dest->svc); svc = rcu_dereference(dest->svc);
s = this_cpu_ptr(svc->stats.cpustats); s = this_cpu_ptr(svc->stats.cpustats);
u64_stats_update_begin(&s->syncp); u64_stats_update_begin(&s->syncp);
s->cnt.outpkts++; s->cnt.outpkts++;
s->cnt.outbytes += skb->len; s->cnt.outbytes += skb->len;
u64_stats_update_end(&s->syncp); u64_stats_update_end(&s->syncp);
rcu_read_unlock();
s = this_cpu_ptr(ipvs->tot_stats.cpustats); s = this_cpu_ptr(ipvs->tot_stats.cpustats);
u64_stats_update_begin(&s->syncp); u64_stats_update_begin(&s->syncp);
...@@ -1222,7 +1218,6 @@ static struct ip_vs_conn *__ip_vs_rs_conn_out(unsigned int hooknum, ...@@ -1222,7 +1218,6 @@ static struct ip_vs_conn *__ip_vs_rs_conn_out(unsigned int hooknum,
if (!pptr) if (!pptr)
return NULL; return NULL;
rcu_read_lock();
dest = ip_vs_find_real_service(ipvs, af, iph->protocol, dest = ip_vs_find_real_service(ipvs, af, iph->protocol,
&iph->saddr, pptr[0]); &iph->saddr, pptr[0]);
if (dest) { if (dest) {
...@@ -1237,7 +1232,6 @@ static struct ip_vs_conn *__ip_vs_rs_conn_out(unsigned int hooknum, ...@@ -1237,7 +1232,6 @@ static struct ip_vs_conn *__ip_vs_rs_conn_out(unsigned int hooknum,
pptr[0], pptr[1]); pptr[0], pptr[1]);
} }
} }
rcu_read_unlock();
return cp; return cp;
} }
...@@ -1689,11 +1683,9 @@ ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related, ...@@ -1689,11 +1683,9 @@ ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related,
if (dest) { if (dest) {
struct ip_vs_dest_dst *dest_dst; struct ip_vs_dest_dst *dest_dst;
rcu_read_lock();
dest_dst = rcu_dereference(dest->dest_dst); dest_dst = rcu_dereference(dest->dest_dst);
if (dest_dst) if (dest_dst)
mtu = dst_mtu(dest_dst->dst_cache); mtu = dst_mtu(dest_dst->dst_cache);
rcu_read_unlock();
} }
if (mtu > 68 + sizeof(struct iphdr)) if (mtu > 68 + sizeof(struct iphdr))
mtu -= sizeof(struct iphdr); mtu -= sizeof(struct iphdr);
......
...@@ -550,18 +550,15 @@ bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol, ...@@ -550,18 +550,15 @@ bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol,
/* Check for "full" addressed entries */ /* Check for "full" addressed entries */
hash = ip_vs_rs_hashkey(af, daddr, dport); hash = ip_vs_rs_hashkey(af, daddr, dport);
rcu_read_lock();
hlist_for_each_entry_rcu(dest, &ipvs->rs_table[hash], d_list) { hlist_for_each_entry_rcu(dest, &ipvs->rs_table[hash], d_list) {
if (dest->port == dport && if (dest->port == dport &&
dest->af == af && dest->af == af &&
ip_vs_addr_equal(af, &dest->addr, daddr) && ip_vs_addr_equal(af, &dest->addr, daddr) &&
(dest->protocol == protocol || dest->vfwmark)) { (dest->protocol == protocol || dest->vfwmark)) {
/* HIT */ /* HIT */
rcu_read_unlock();
return true; return true;
} }
} }
rcu_read_unlock();
return false; return false;
} }
......
...@@ -269,13 +269,11 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, ...@@ -269,13 +269,11 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
* hopefully it will succeed on the retransmitted * hopefully it will succeed on the retransmitted
* packet. * packet.
*/ */
rcu_read_lock();
mangled = nf_nat_mangle_tcp_packet(skb, ct, ctinfo, mangled = nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
iph->ihl * 4, iph->ihl * 4,
start - data, start - data,
end - start, end - start,
buf, buf_len); buf, buf_len);
rcu_read_unlock();
if (mangled) { if (mangled) {
ip_vs_nfct_expect_related(skb, ct, n_cp, ip_vs_nfct_expect_related(skb, ct, n_cp,
IPPROTO_TCP, 0, 0); IPPROTO_TCP, 0, 0);
......
...@@ -38,7 +38,6 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -38,7 +38,6 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
return 0; return 0;
} }
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph))) if (likely(!ip_vs_iph_inverse(iph)))
svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol, svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
&iph->daddr, ports[1]); &iph->daddr, ports[1]);
...@@ -53,7 +52,6 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -53,7 +52,6 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
* It seems that we are very loaded. * It seems that we are very loaded.
* We have to drop this packet :( * We have to drop this packet :(
*/ */
rcu_read_unlock();
*verdict = NF_DROP; *verdict = NF_DROP;
return 0; return 0;
} }
...@@ -67,11 +65,9 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -67,11 +65,9 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
*verdict = ip_vs_leave(svc, skb, pd, iph); *verdict = ip_vs_leave(svc, skb, pd, iph);
else else
*verdict = NF_DROP; *verdict = NF_DROP;
rcu_read_unlock();
return 0; return 0;
} }
} }
rcu_read_unlock();
/* NF_ACCEPT */ /* NF_ACCEPT */
return 1; return 1;
} }
...@@ -526,12 +522,10 @@ static int sctp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -526,12 +522,10 @@ static int sctp_app_conn_bind(struct ip_vs_conn *cp)
/* Lookup application incarnations and bind the right one */ /* Lookup application incarnations and bind the right one */
hash = sctp_app_hashkey(cp->vport); hash = sctp_app_hashkey(cp->vport);
rcu_read_lock();
list_for_each_entry_rcu(inc, &ipvs->sctp_apps[hash], p_list) { list_for_each_entry_rcu(inc, &ipvs->sctp_apps[hash], p_list) {
if (inc->port == cp->vport) { if (inc->port == cp->vport) {
if (unlikely(!ip_vs_app_inc_get(inc))) if (unlikely(!ip_vs_app_inc_get(inc)))
break; break;
rcu_read_unlock();
IP_VS_DBG_BUF(9, "%s: Binding conn %s:%u->" IP_VS_DBG_BUF(9, "%s: Binding conn %s:%u->"
"%s:%u to app %s on port %u\n", "%s:%u to app %s on port %u\n",
...@@ -544,11 +538,10 @@ static int sctp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -544,11 +538,10 @@ static int sctp_app_conn_bind(struct ip_vs_conn *cp)
cp->app = inc; cp->app = inc;
if (inc->init_conn) if (inc->init_conn)
result = inc->init_conn(inc, cp); result = inc->init_conn(inc, cp);
goto out; break;
} }
} }
rcu_read_unlock();
out:
return result; return result;
} }
......
...@@ -63,7 +63,6 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -63,7 +63,6 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
} }
/* No !th->ack check to allow scheduling on SYN+ACK for Active FTP */ /* No !th->ack check to allow scheduling on SYN+ACK for Active FTP */
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph))) if (likely(!ip_vs_iph_inverse(iph)))
svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol, svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
...@@ -80,7 +79,6 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -80,7 +79,6 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
* It seems that we are very loaded. * It seems that we are very loaded.
* We have to drop this packet :( * We have to drop this packet :(
*/ */
rcu_read_unlock();
*verdict = NF_DROP; *verdict = NF_DROP;
return 0; return 0;
} }
...@@ -95,11 +93,9 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -95,11 +93,9 @@ tcp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
*verdict = ip_vs_leave(svc, skb, pd, iph); *verdict = ip_vs_leave(svc, skb, pd, iph);
else else
*verdict = NF_DROP; *verdict = NF_DROP;
rcu_read_unlock();
return 0; return 0;
} }
} }
rcu_read_unlock();
/* NF_ACCEPT */ /* NF_ACCEPT */
return 1; return 1;
} }
...@@ -661,12 +657,10 @@ tcp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -661,12 +657,10 @@ tcp_app_conn_bind(struct ip_vs_conn *cp)
/* Lookup application incarnations and bind the right one */ /* Lookup application incarnations and bind the right one */
hash = tcp_app_hashkey(cp->vport); hash = tcp_app_hashkey(cp->vport);
rcu_read_lock();
list_for_each_entry_rcu(inc, &ipvs->tcp_apps[hash], p_list) { list_for_each_entry_rcu(inc, &ipvs->tcp_apps[hash], p_list) {
if (inc->port == cp->vport) { if (inc->port == cp->vport) {
if (unlikely(!ip_vs_app_inc_get(inc))) if (unlikely(!ip_vs_app_inc_get(inc)))
break; break;
rcu_read_unlock();
IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->" IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
"%s:%u to app %s on port %u\n", "%s:%u to app %s on port %u\n",
...@@ -680,12 +674,10 @@ tcp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -680,12 +674,10 @@ tcp_app_conn_bind(struct ip_vs_conn *cp)
cp->app = inc; cp->app = inc;
if (inc->init_conn) if (inc->init_conn)
result = inc->init_conn(inc, cp); result = inc->init_conn(inc, cp);
goto out; break;
} }
} }
rcu_read_unlock();
out:
return result; return result;
} }
......
...@@ -53,7 +53,6 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -53,7 +53,6 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
return 0; return 0;
} }
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph))) if (likely(!ip_vs_iph_inverse(iph)))
svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol, svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
&iph->daddr, ports[1]); &iph->daddr, ports[1]);
...@@ -69,7 +68,6 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -69,7 +68,6 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
* It seems that we are very loaded. * It seems that we are very loaded.
* We have to drop this packet :( * We have to drop this packet :(
*/ */
rcu_read_unlock();
*verdict = NF_DROP; *verdict = NF_DROP;
return 0; return 0;
} }
...@@ -84,11 +82,9 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb, ...@@ -84,11 +82,9 @@ udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
*verdict = ip_vs_leave(svc, skb, pd, iph); *verdict = ip_vs_leave(svc, skb, pd, iph);
else else
*verdict = NF_DROP; *verdict = NF_DROP;
rcu_read_unlock();
return 0; return 0;
} }
} }
rcu_read_unlock();
/* NF_ACCEPT */ /* NF_ACCEPT */
return 1; return 1;
} }
...@@ -410,12 +406,10 @@ static int udp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -410,12 +406,10 @@ static int udp_app_conn_bind(struct ip_vs_conn *cp)
/* Lookup application incarnations and bind the right one */ /* Lookup application incarnations and bind the right one */
hash = udp_app_hashkey(cp->vport); hash = udp_app_hashkey(cp->vport);
rcu_read_lock();
list_for_each_entry_rcu(inc, &ipvs->udp_apps[hash], p_list) { list_for_each_entry_rcu(inc, &ipvs->udp_apps[hash], p_list) {
if (inc->port == cp->vport) { if (inc->port == cp->vport) {
if (unlikely(!ip_vs_app_inc_get(inc))) if (unlikely(!ip_vs_app_inc_get(inc)))
break; break;
rcu_read_unlock();
IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->" IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
"%s:%u to app %s on port %u\n", "%s:%u to app %s on port %u\n",
...@@ -429,12 +423,10 @@ static int udp_app_conn_bind(struct ip_vs_conn *cp) ...@@ -429,12 +423,10 @@ static int udp_app_conn_bind(struct ip_vs_conn *cp)
cp->app = inc; cp->app = inc;
if (inc->init_conn) if (inc->init_conn)
result = inc->init_conn(inc, cp); result = inc->init_conn(inc, cp);
goto out; break;
} }
} }
rcu_read_unlock();
out:
return result; return result;
} }
......
...@@ -678,7 +678,6 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -678,7 +678,6 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
if (__ip_vs_get_out_rt(cp->ipvs, cp->af, skb, NULL, iph->daddr, if (__ip_vs_get_out_rt(cp->ipvs, cp->af, skb, NULL, iph->daddr,
IP_VS_RT_MODE_NON_LOCAL, NULL, ipvsh) < 0) IP_VS_RT_MODE_NON_LOCAL, NULL, ipvsh) < 0)
goto tx_error; goto tx_error;
...@@ -689,14 +688,12 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -689,14 +688,12 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0); ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -710,7 +707,6 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -710,7 +707,6 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
if (__ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, NULL, if (__ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, NULL,
&iph->daddr, NULL, &iph->daddr, NULL,
ipvsh, 0, IP_VS_RT_MODE_NON_LOCAL) < 0) ipvsh, 0, IP_VS_RT_MODE_NON_LOCAL) < 0)
...@@ -720,14 +716,12 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -720,14 +716,12 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0); ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -746,7 +740,6 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -746,7 +740,6 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
/* check if it is a connection of no-client-port */ /* check if it is a connection of no-client-port */
if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) { if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
__be16 _pt, *p; __be16 _pt, *p;
...@@ -815,14 +808,12 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -815,14 +808,12 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local); rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return rc; return rc;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -837,7 +828,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -837,7 +828,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
/* check if it is a connection of no-client-port */ /* check if it is a connection of no-client-port */
if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT && !ipvsh->fragoffs)) { if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT && !ipvsh->fragoffs)) {
__be16 _pt, *p; __be16 _pt, *p;
...@@ -906,7 +896,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -906,7 +896,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local); rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return rc; return rc;
...@@ -914,7 +903,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -914,7 +903,6 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
tx_error: tx_error:
LeaveFunction(10); LeaveFunction(10);
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
return NF_STOLEN; return NF_STOLEN;
} }
#endif #endif
...@@ -1035,7 +1023,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1035,7 +1023,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
local = __ip_vs_get_out_rt(ipvs, cp->af, skb, cp->dest, cp->daddr.ip, local = __ip_vs_get_out_rt(ipvs, cp->af, skb, cp->dest, cp->daddr.ip,
IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_LOCAL |
IP_VS_RT_MODE_NON_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
...@@ -1043,10 +1030,8 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1043,10 +1030,8 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
IP_VS_RT_MODE_TUNNEL, &saddr, ipvsh); IP_VS_RT_MODE_TUNNEL, &saddr, ipvsh);
if (local < 0) if (local < 0)
goto tx_error; goto tx_error;
if (local) { if (local)
rcu_read_unlock();
return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1); return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1);
}
rt = skb_rtable(skb); rt = skb_rtable(skb);
tdev = rt->dst.dev; tdev = rt->dst.dev;
...@@ -1095,7 +1080,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1095,7 +1080,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
ip_local_out(net, skb->sk, skb); ip_local_out(net, skb->sk, skb);
else if (ret == NF_DROP) else if (ret == NF_DROP)
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
...@@ -1104,7 +1088,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1104,7 +1088,6 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
tx_error: tx_error:
if (!IS_ERR(skb)) if (!IS_ERR(skb))
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -1127,7 +1110,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1127,7 +1110,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest, local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
&cp->daddr.in6, &cp->daddr.in6,
&saddr, ipvsh, 1, &saddr, ipvsh, 1,
...@@ -1136,10 +1118,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1136,10 +1118,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
IP_VS_RT_MODE_TUNNEL); IP_VS_RT_MODE_TUNNEL);
if (local < 0) if (local < 0)
goto tx_error; goto tx_error;
if (local) { if (local)
rcu_read_unlock();
return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1); return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1);
}
rt = (struct rt6_info *) skb_dst(skb); rt = (struct rt6_info *) skb_dst(skb);
tdev = rt->dst.dev; tdev = rt->dst.dev;
...@@ -1185,7 +1165,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1185,7 +1165,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
ip6_local_out(cp->ipvs->net, skb->sk, skb); ip6_local_out(cp->ipvs->net, skb->sk, skb);
else if (ret == NF_DROP) else if (ret == NF_DROP)
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
...@@ -1194,7 +1173,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1194,7 +1173,6 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
tx_error: tx_error:
if (!IS_ERR(skb)) if (!IS_ERR(skb))
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -1213,17 +1191,14 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1213,17 +1191,14 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, cp->daddr.ip, local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, cp->daddr.ip,
IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_LOCAL |
IP_VS_RT_MODE_NON_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
IP_VS_RT_MODE_KNOWN_NH, NULL, ipvsh); IP_VS_RT_MODE_KNOWN_NH, NULL, ipvsh);
if (local < 0) if (local < 0)
goto tx_error; goto tx_error;
if (local) { if (local)
rcu_read_unlock();
return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1); return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1);
}
ip_send_check(ip_hdr(skb)); ip_send_check(ip_hdr(skb));
...@@ -1231,14 +1206,12 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1231,14 +1206,12 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0); ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -1252,7 +1225,6 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1252,7 +1225,6 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10); EnterFunction(10);
rcu_read_lock();
local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest, local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
&cp->daddr.in6, &cp->daddr.in6,
NULL, ipvsh, 0, NULL, ipvsh, 0,
...@@ -1261,23 +1233,19 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1261,23 +1233,19 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
IP_VS_RT_MODE_KNOWN_NH); IP_VS_RT_MODE_KNOWN_NH);
if (local < 0) if (local < 0)
goto tx_error; goto tx_error;
if (local) { if (local)
rcu_read_unlock();
return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1); return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1);
}
/* Another hack: avoid icmp_send in ip_fragment */ /* Another hack: avoid icmp_send in ip_fragment */
skb->ignore_df = 1; skb->ignore_df = 1;
ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0); ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
LeaveFunction(10); LeaveFunction(10);
return NF_STOLEN; return NF_STOLEN;
} }
...@@ -1322,7 +1290,6 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1322,7 +1290,6 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
rt_mode = (hooknum != NF_INET_FORWARD) ? rt_mode = (hooknum != NF_INET_FORWARD) ?
IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL | IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL; IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
rcu_read_lock();
local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, cp->daddr.ip, rt_mode, local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, cp->daddr.ip, rt_mode,
NULL, iph); NULL, iph);
if (local < 0) if (local < 0)
...@@ -1368,12 +1335,10 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1368,12 +1335,10 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local); rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local);
rcu_read_unlock();
goto out; goto out;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
rc = NF_STOLEN; rc = NF_STOLEN;
out: out:
LeaveFunction(10); LeaveFunction(10);
...@@ -1414,7 +1379,6 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1414,7 +1379,6 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
rt_mode = (hooknum != NF_INET_FORWARD) ? rt_mode = (hooknum != NF_INET_FORWARD) ?
IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL | IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL; IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
rcu_read_lock();
local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest, local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
&cp->daddr.in6, NULL, ipvsh, 0, rt_mode); &cp->daddr.in6, NULL, ipvsh, 0, rt_mode);
if (local < 0) if (local < 0)
...@@ -1460,12 +1424,10 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, ...@@ -1460,12 +1424,10 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
skb->ignore_df = 1; skb->ignore_df = 1;
rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local); rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local);
rcu_read_unlock();
goto out; goto out;
tx_error: tx_error:
kfree_skb(skb); kfree_skb(skb);
rcu_read_unlock();
rc = NF_STOLEN; rc = NF_STOLEN;
out: out:
LeaveFunction(10); LeaveFunction(10);
......
...@@ -40,7 +40,6 @@ int nf_conntrack_broadcast_help(struct sk_buff *skb, ...@@ -40,7 +40,6 @@ int nf_conntrack_broadcast_help(struct sk_buff *skb,
if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
goto out; goto out;
rcu_read_lock();
in_dev = __in_dev_get_rcu(rt->dst.dev); in_dev = __in_dev_get_rcu(rt->dst.dev);
if (in_dev != NULL) { if (in_dev != NULL) {
for_primary_ifa(in_dev) { for_primary_ifa(in_dev) {
...@@ -50,7 +49,6 @@ int nf_conntrack_broadcast_help(struct sk_buff *skb, ...@@ -50,7 +49,6 @@ int nf_conntrack_broadcast_help(struct sk_buff *skb,
} }
} endfor_ifa(in_dev); } endfor_ifa(in_dev);
} }
rcu_read_unlock();
if (mask == 0) if (mask == 0)
goto out; goto out;
......
...@@ -407,13 +407,10 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -407,13 +407,10 @@ destroy_conntrack(struct nf_conntrack *nfct)
nf_ct_tmpl_free(ct); nf_ct_tmpl_free(ct);
return; return;
} }
rcu_read_lock();
l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct)); l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
if (l4proto->destroy) if (l4proto->destroy)
l4proto->destroy(ct); l4proto->destroy(ct);
rcu_read_unlock();
local_bh_disable(); local_bh_disable();
/* Expectations will have been removed in clean_from_lists, /* Expectations will have been removed in clean_from_lists,
* except TFTP can create an expectation on the first packet, * except TFTP can create an expectation on the first packet,
......
...@@ -539,13 +539,11 @@ static inline size_t ctnetlink_proto_size(const struct nf_conn *ct) ...@@ -539,13 +539,11 @@ static inline size_t ctnetlink_proto_size(const struct nf_conn *ct)
struct nf_conntrack_l4proto *l4proto; struct nf_conntrack_l4proto *l4proto;
size_t len = 0; size_t len = 0;
rcu_read_lock();
l3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct)); l3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct));
len += l3proto->nla_size; len += l3proto->nla_size;
l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct)); l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
len += l4proto->nla_size; len += l4proto->nla_size;
rcu_read_unlock();
return len; return len;
} }
...@@ -664,7 +662,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) ...@@ -664,7 +662,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item)
nfmsg->version = NFNETLINK_V0; nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = 0; nfmsg->res_id = 0;
rcu_read_lock();
zone = nf_ct_zone(ct); zone = nf_ct_zone(ct);
nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED); nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
...@@ -736,8 +733,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) ...@@ -736,8 +733,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item)
&& ctnetlink_dump_mark(skb, ct) < 0) && ctnetlink_dump_mark(skb, ct) < 0)
goto nla_put_failure; goto nla_put_failure;
#endif #endif
rcu_read_unlock();
nlmsg_end(skb, nlh); nlmsg_end(skb, nlh);
err = nfnetlink_send(skb, net, item->portid, group, item->report, err = nfnetlink_send(skb, net, item->portid, group, item->report,
GFP_ATOMIC); GFP_ATOMIC);
...@@ -747,7 +742,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item) ...@@ -747,7 +742,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item)
return 0; return 0;
nla_put_failure: nla_put_failure:
rcu_read_unlock();
nlmsg_cancel(skb, nlh); nlmsg_cancel(skb, nlh);
nlmsg_failure: nlmsg_failure:
kfree_skb(skb); kfree_skb(skb);
...@@ -2213,7 +2207,6 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct) ...@@ -2213,7 +2207,6 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
const struct nf_conntrack_zone *zone; const struct nf_conntrack_zone *zone;
struct nlattr *nest_parms; struct nlattr *nest_parms;
rcu_read_lock();
zone = nf_ct_zone(ct); zone = nf_ct_zone(ct);
nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED); nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
...@@ -2272,11 +2265,9 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct) ...@@ -2272,11 +2265,9 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
#endif #endif
if (ctnetlink_dump_labels(skb, ct) < 0) if (ctnetlink_dump_labels(skb, ct) < 0)
goto nla_put_failure; goto nla_put_failure;
rcu_read_unlock();
return 0; return 0;
nla_put_failure: nla_put_failure:
rcu_read_unlock();
return -ENOSPC; return -ENOSPC;
} }
...@@ -2661,17 +2652,14 @@ ctnetlink_expect_event(unsigned int events, struct nf_exp_event *item) ...@@ -2661,17 +2652,14 @@ ctnetlink_expect_event(unsigned int events, struct nf_exp_event *item)
nfmsg->version = NFNETLINK_V0; nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = 0; nfmsg->res_id = 0;
rcu_read_lock();
if (ctnetlink_exp_dump_expect(skb, exp) < 0) if (ctnetlink_exp_dump_expect(skb, exp) < 0)
goto nla_put_failure; goto nla_put_failure;
rcu_read_unlock();
nlmsg_end(skb, nlh); nlmsg_end(skb, nlh);
nfnetlink_send(skb, net, item->portid, group, item->report, GFP_ATOMIC); nfnetlink_send(skb, net, item->portid, group, item->report, GFP_ATOMIC);
return 0; return 0;
nla_put_failure: nla_put_failure:
rcu_read_unlock();
nlmsg_cancel(skb, nlh); nlmsg_cancel(skb, nlh);
nlmsg_failure: nlmsg_failure:
kfree_skb(skb); kfree_skb(skb);
......
...@@ -113,7 +113,6 @@ static void pptp_expectfn(struct nf_conn *ct, ...@@ -113,7 +113,6 @@ static void pptp_expectfn(struct nf_conn *ct,
/* Can you see how rusty this code is, compared with the pre-2.6.11 /* Can you see how rusty this code is, compared with the pre-2.6.11
* one? That's what happened to my shiny newnat of 2002 ;( -HW */ * one? That's what happened to my shiny newnat of 2002 ;( -HW */
rcu_read_lock();
nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn); nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn);
if (nf_nat_pptp_expectfn && ct->master->status & IPS_NAT_MASK) if (nf_nat_pptp_expectfn && ct->master->status & IPS_NAT_MASK)
nf_nat_pptp_expectfn(ct, exp); nf_nat_pptp_expectfn(ct, exp);
...@@ -136,7 +135,6 @@ static void pptp_expectfn(struct nf_conn *ct, ...@@ -136,7 +135,6 @@ static void pptp_expectfn(struct nf_conn *ct,
pr_debug("not found\n"); pr_debug("not found\n");
} }
} }
rcu_read_unlock();
} }
static int destroy_sibling_or_exp(struct net *net, struct nf_conn *ct, static int destroy_sibling_or_exp(struct net *net, struct nf_conn *ct,
......
...@@ -884,7 +884,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, ...@@ -884,7 +884,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
tuple.dst.u3 = *daddr; tuple.dst.u3 = *daddr;
tuple.dst.u.udp.port = port; tuple.dst.u.udp.port = port;
rcu_read_lock();
do { do {
exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
...@@ -918,10 +917,8 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, ...@@ -918,10 +917,8 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
goto err1; goto err1;
} }
if (skip_expect) { if (skip_expect)
rcu_read_unlock();
return NF_ACCEPT; return NF_ACCEPT;
}
rtp_exp = nf_ct_expect_alloc(ct); rtp_exp = nf_ct_expect_alloc(ct);
if (rtp_exp == NULL) if (rtp_exp == NULL)
...@@ -952,7 +949,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, ...@@ -952,7 +949,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
err2: err2:
nf_ct_expect_put(rtp_exp); nf_ct_expect_put(rtp_exp);
err1: err1:
rcu_read_unlock();
return ret; return ret;
} }
......
...@@ -505,7 +505,6 @@ ctnl_timeout_find_get(struct net *net, const char *name) ...@@ -505,7 +505,6 @@ ctnl_timeout_find_get(struct net *net, const char *name)
{ {
struct ctnl_timeout *timeout, *matching = NULL; struct ctnl_timeout *timeout, *matching = NULL;
rcu_read_lock();
list_for_each_entry_rcu(timeout, &net->nfct_timeout_list, head) { list_for_each_entry_rcu(timeout, &net->nfct_timeout_list, head) {
if (strncmp(timeout->name, name, CTNL_TIMEOUT_NAME_MAX) != 0) if (strncmp(timeout->name, name, CTNL_TIMEOUT_NAME_MAX) != 0)
continue; continue;
...@@ -521,7 +520,6 @@ ctnl_timeout_find_get(struct net *net, const char *name) ...@@ -521,7 +520,6 @@ ctnl_timeout_find_get(struct net *net, const char *name)
break; break;
} }
err: err:
rcu_read_unlock();
return matching; return matching;
} }
......
...@@ -928,7 +928,6 @@ static unsigned int nfqnl_nf_hook_drop(struct net *net) ...@@ -928,7 +928,6 @@ static unsigned int nfqnl_nf_hook_drop(struct net *net)
unsigned int instances = 0; unsigned int instances = 0;
int i; int i;
rcu_read_lock();
for (i = 0; i < INSTANCE_BUCKETS; i++) { for (i = 0; i < INSTANCE_BUCKETS; i++) {
struct nfqnl_instance *inst; struct nfqnl_instance *inst;
struct hlist_head *head = &q->instance_table[i]; struct hlist_head *head = &q->instance_table[i];
...@@ -938,7 +937,6 @@ static unsigned int nfqnl_nf_hook_drop(struct net *net) ...@@ -938,7 +937,6 @@ static unsigned int nfqnl_nf_hook_drop(struct net *net)
instances++; instances++;
} }
} }
rcu_read_unlock();
return instances; return instances;
} }
......
...@@ -62,11 +62,9 @@ static u_int32_t tcpmss_reverse_mtu(struct net *net, ...@@ -62,11 +62,9 @@ static u_int32_t tcpmss_reverse_mtu(struct net *net,
memset(fl6, 0, sizeof(*fl6)); memset(fl6, 0, sizeof(*fl6));
fl6->daddr = ipv6_hdr(skb)->saddr; fl6->daddr = ipv6_hdr(skb)->saddr;
} }
rcu_read_lock();
ai = nf_get_afinfo(family); ai = nf_get_afinfo(family);
if (ai != NULL) if (ai != NULL)
ai->route(net, (struct dst_entry **)&rt, &fl, false); ai->route(net, (struct dst_entry **)&rt, &fl, false);
rcu_read_unlock();
if (rt != NULL) { if (rt != NULL) {
mtu = dst_mtu(&rt->dst); mtu = dst_mtu(&rt->dst);
......
...@@ -70,13 +70,11 @@ tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr) ...@@ -70,13 +70,11 @@ tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr)
return user_laddr; return user_laddr;
laddr = 0; laddr = 0;
rcu_read_lock();
indev = __in_dev_get_rcu(skb->dev); indev = __in_dev_get_rcu(skb->dev);
for_primary_ifa(indev) { for_primary_ifa(indev) {
laddr = ifa->ifa_local; laddr = ifa->ifa_local;
break; break;
} endfor_ifa(indev); } endfor_ifa(indev);
rcu_read_unlock();
return laddr ? laddr : daddr; return laddr ? laddr : daddr;
} }
...@@ -391,7 +389,6 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr, ...@@ -391,7 +389,6 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr,
return user_laddr; return user_laddr;
laddr = NULL; laddr = NULL;
rcu_read_lock();
indev = __in6_dev_get(skb->dev); indev = __in6_dev_get(skb->dev);
if (indev) { if (indev) {
read_lock_bh(&indev->lock); read_lock_bh(&indev->lock);
...@@ -404,7 +401,6 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr, ...@@ -404,7 +401,6 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr,
} }
read_unlock_bh(&indev->lock); read_unlock_bh(&indev->lock);
} }
rcu_read_unlock();
return laddr ? laddr : daddr; return laddr ? laddr : daddr;
} }
......
...@@ -47,8 +47,6 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev, ...@@ -47,8 +47,6 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
if (dev) if (dev)
flow.flowi6_oif = dev->ifindex; flow.flowi6_oif = dev->ifindex;
rcu_read_lock();
afinfo = nf_get_afinfo(NFPROTO_IPV6); afinfo = nf_get_afinfo(NFPROTO_IPV6);
if (afinfo != NULL) { if (afinfo != NULL) {
const struct nf_ipv6_ops *v6ops; const struct nf_ipv6_ops *v6ops;
...@@ -63,7 +61,6 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev, ...@@ -63,7 +61,6 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
} else { } else {
route_err = 1; route_err = 1;
} }
rcu_read_unlock();
if (route_err) if (route_err)
return XT_ADDRTYPE_UNREACHABLE; return XT_ADDRTYPE_UNREACHABLE;
......
...@@ -144,7 +144,6 @@ static unsigned int check_hlist(struct net *net, ...@@ -144,7 +144,6 @@ static unsigned int check_hlist(struct net *net,
unsigned int length = 0; unsigned int length = 0;
*addit = true; *addit = true;
rcu_read_lock();
/* check the saved connections */ /* check the saved connections */
hlist_for_each_entry_safe(conn, n, head, node) { hlist_for_each_entry_safe(conn, n, head, node) {
...@@ -179,8 +178,6 @@ static unsigned int check_hlist(struct net *net, ...@@ -179,8 +178,6 @@ static unsigned int check_hlist(struct net *net,
length++; length++;
} }
rcu_read_unlock();
return length; return length;
} }
......
...@@ -659,12 +659,12 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par, ...@@ -659,12 +659,12 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par,
if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0) if (hashlimit_init_dst(hinfo, &dst, skb, par->thoff) < 0)
goto hotdrop; goto hotdrop;
rcu_read_lock_bh(); local_bh_disable();
dh = dsthash_find(hinfo, &dst); dh = dsthash_find(hinfo, &dst);
if (dh == NULL) { if (dh == NULL) {
dh = dsthash_alloc_init(hinfo, &dst, &race); dh = dsthash_alloc_init(hinfo, &dst, &race);
if (dh == NULL) { if (dh == NULL) {
rcu_read_unlock_bh(); local_bh_enable();
goto hotdrop; goto hotdrop;
} else if (race) { } else if (race) {
/* Already got an entry, update expiration timeout */ /* Already got an entry, update expiration timeout */
...@@ -689,12 +689,12 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par, ...@@ -689,12 +689,12 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par,
/* below the limit */ /* below the limit */
dh->rateinfo.credit -= cost; dh->rateinfo.credit -= cost;
spin_unlock(&dh->lock); spin_unlock(&dh->lock);
rcu_read_unlock_bh(); local_bh_enable();
return !(cfg->mode & XT_HASHLIMIT_INVERT); return !(cfg->mode & XT_HASHLIMIT_INVERT);
} }
spin_unlock(&dh->lock); spin_unlock(&dh->lock);
rcu_read_unlock_bh(); local_bh_enable();
/* default match is underlimit - so over the limit, we need to invert */ /* default match is underlimit - so over the limit, we need to invert */
return cfg->mode & XT_HASHLIMIT_INVERT; return cfg->mode & XT_HASHLIMIT_INVERT;
......
...@@ -226,7 +226,6 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p) ...@@ -226,7 +226,6 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
sizeof(struct tcphdr), optsize, opts); sizeof(struct tcphdr), optsize, opts);
} }
rcu_read_lock();
list_for_each_entry_rcu(kf, &xt_osf_fingers[df], finger_entry) { list_for_each_entry_rcu(kf, &xt_osf_fingers[df], finger_entry) {
int foptsize, optnum; int foptsize, optnum;
...@@ -340,7 +339,6 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p) ...@@ -340,7 +339,6 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
info->loglevel == XT_OSF_LOGLEVEL_FIRST) info->loglevel == XT_OSF_LOGLEVEL_FIRST)
break; break;
} }
rcu_read_unlock();
if (!fcount && (info->flags & XT_OSF_LOG)) if (!fcount && (info->flags & XT_OSF_LOG))
nf_log_packet(net, xt_family(p), xt_hooknum(p), skb, xt_in(p), nf_log_packet(net, xt_family(p), xt_hooknum(p), skb, xt_in(p),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment