Commit 7a91926c authored Feb 17, 2025 by Sebastian Andrzej Siewior Committed by Greg Kroah-Hartman Mar 28, 2025

netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.



[ Upstream commit 5cfe5612 ]

nft_ct_pcpu_template is a per-CPU variable and relies on disabled BH for its
locking. The refcounter is read and if its value is set to one then the
refcounter is incremented and variable is used - otherwise it is already
in use and left untouched.

Without per-CPU locking in local_bh_disable() on PREEMPT_RT the
read-then-increment operation is not atomic and therefore racy.

This can be avoided by using unconditionally __refcount_inc() which will
increment counter and return the old value as an atomic operation.
In case the returned counter is not one, the variable is in use and we
need to decrement counter. Otherwise we can use it.

Use __refcount_inc() instead of read and a conditional increment.

Fixes: edee4f1e ("netfilter: nft_ct: add zone id set support")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 5f7f8d9d

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit a4fc1bef
· Nov 05, 2025

mentioned in commit a4fc1bef

mentioned in commit a4fc1bef05011a82d092806b03e9c113b2c55eaa

Toggle commit list

Please to comment