| .. | .. |
|---|
| 6 | 6 | #include <linux/netdevice.h> |
|---|
| 7 | 7 | #include <linux/static_key.h> |
|---|
| 8 | 8 | #include <linux/netfilter.h> |
|---|
| 9 | +#include <linux/locallock.h> |
|---|
| 9 | 10 | #include <uapi/linux/netfilter/x_tables.h> |
|---|
| 10 | 11 | |
|---|
| 11 | 12 | /* Test a struct->invflags and a boolean for inequality */ |
|---|
| .. | .. |
|---|
| 345 | 346 | */ |
|---|
| 346 | 347 | DECLARE_PER_CPU(seqcount_t, xt_recseq); |
|---|
| 347 | 348 | |
|---|
| 349 | +DECLARE_LOCAL_IRQ_LOCK(xt_write_lock); |
|---|
| 350 | + |
|---|
| 348 | 351 | /* xt_tee_enabled - true if x_tables needs to handle reentrancy |
|---|
| 349 | 352 | * |
|---|
| 350 | 353 | * Enabled if current ip(6)tables ruleset has at least one -j TEE rule. |
|---|
| .. | .. |
|---|
| 364 | 367 | static inline unsigned int xt_write_recseq_begin(void) |
|---|
| 365 | 368 | { |
|---|
| 366 | 369 | unsigned int addend; |
|---|
| 370 | + |
|---|
| 371 | + /* RT protection */ |
|---|
| 372 | + local_lock(xt_write_lock); |
|---|
| 367 | 373 | |
|---|
| 368 | 374 | /* |
|---|
| 369 | 375 | * Low order bit of sequence is set if we already |
|---|
| .. | .. |
|---|
| 395 | 401 | /* this is kind of a write_seqcount_end(), but addend is 0 or 1 */ |
|---|
| 396 | 402 | smp_wmb(); |
|---|
| 397 | 403 | __this_cpu_add(xt_recseq.sequence, addend); |
|---|
| 404 | + local_unlock(xt_write_lock); |
|---|
| 398 | 405 | } |
|---|
| 399 | 406 | |
|---|
| 400 | 407 | /* |
|---|
