Commit 643bb5db authored by Alexander Mikhalitsyn's avatar Alexander Mikhalitsyn Committed by David S. Miller

ipvs: add READ_ONCE barrier for ipvs->sysctl_amemthresh

Cc: Julian Anastasov <ja@ssi.bg>
Cc: Simon Horman <horms@verge.net.au>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Suggested-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarAlexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent abb45a24
...@@ -94,6 +94,7 @@ static void update_defense_level(struct netns_ipvs *ipvs) ...@@ -94,6 +94,7 @@ static void update_defense_level(struct netns_ipvs *ipvs)
{ {
struct sysinfo i; struct sysinfo i;
int availmem; int availmem;
int amemthresh;
int nomem; int nomem;
int to_change = -1; int to_change = -1;
...@@ -105,7 +106,8 @@ static void update_defense_level(struct netns_ipvs *ipvs) ...@@ -105,7 +106,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
/* si_swapinfo(&i); */ /* si_swapinfo(&i); */
/* availmem = availmem - (i.totalswap - i.freeswap); */ /* availmem = availmem - (i.totalswap - i.freeswap); */
nomem = (availmem < ipvs->sysctl_amemthresh); amemthresh = max(READ_ONCE(ipvs->sysctl_amemthresh), 0);
nomem = (availmem < amemthresh);
local_bh_disable(); local_bh_disable();
...@@ -145,9 +147,8 @@ static void update_defense_level(struct netns_ipvs *ipvs) ...@@ -145,9 +147,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
break; break;
case 1: case 1:
if (nomem) { if (nomem) {
ipvs->drop_rate = ipvs->drop_counter ipvs->drop_counter = amemthresh / (amemthresh - availmem);
= ipvs->sysctl_amemthresh / ipvs->drop_rate = ipvs->drop_counter;
(ipvs->sysctl_amemthresh-availmem);
ipvs->sysctl_drop_packet = 2; ipvs->sysctl_drop_packet = 2;
} else { } else {
ipvs->drop_rate = 0; ipvs->drop_rate = 0;
...@@ -155,9 +156,8 @@ static void update_defense_level(struct netns_ipvs *ipvs) ...@@ -155,9 +156,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
break; break;
case 2: case 2:
if (nomem) { if (nomem) {
ipvs->drop_rate = ipvs->drop_counter ipvs->drop_counter = amemthresh / (amemthresh - availmem);
= ipvs->sysctl_amemthresh / ipvs->drop_rate = ipvs->drop_counter;
(ipvs->sysctl_amemthresh-availmem);
} else { } else {
ipvs->drop_rate = 0; ipvs->drop_rate = 0;
ipvs->sysctl_drop_packet = 1; ipvs->sysctl_drop_packet = 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment