netfilter: xt_connlimit: remove connlimit_rnd_inited

A potential race condition when generating connlimit_rnd is also fixed. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

netfilter: xt_connlimit: remove connlimit_rnd_inited
A potential race condition when generating connlimit_rnd is also fixed. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Changli Gao · Patrick McHardy
1 parent 3e0d5149e6
Showing 1 changed file with 7 additions and 4 deletions Side-by-side Diff
net/netfilter/xt_connlimit.c
@@ -44,7 +44,6 @@
 };
  
 static u_int32_t connlimit_rnd __read_mostly;
-static bool connlimit_rnd_inited __read_mostly;
  
 static inline unsigned int connlimit_iphash(__be32 addr)
 {
@@ -226,9 +225,13 @@
 	unsigned int i;
 	int ret;
  
-	if (unlikely(!connlimit_rnd_inited)) {
-		get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd));
-		connlimit_rnd_inited = true;
+	if (unlikely(!connlimit_rnd)) {
+		u_int32_t rand;
+
+		do {
+			get_random_bytes(&rand, sizeof(rand));
+		} while (!rand);
+		cmpxchg(&connlimit_rnd, 0, rand);
 	}
 	ret = nf_ct_l3proto_try_module_get(par->family);
 	if (ret < 0) {
...	...	@@ -44,7 +44,6 @@
44	44	};
45	45
46	46	static u_int32_t connlimit_rnd __read_mostly;
47		-static bool connlimit_rnd_inited __read_mostly;
48	47
49	48	static inline unsigned int connlimit_iphash(__be32 addr)
50	49	{
...	...	@@ -226,9 +225,13 @@
226	225	unsigned int i;
227	226	int ret;
228	227
229		- if (unlikely(!connlimit_rnd_inited)) {
230		- get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd));
231		- connlimit_rnd_inited = true;
	228	+ if (unlikely(!connlimit_rnd)) {
	229	+ u_int32_t rand;
	230	+
	231	+ do {
	232	+ get_random_bytes(&rand, sizeof(rand));
	233	+ } while (!rand);
	234	+ cmpxchg(&connlimit_rnd, 0, rand);
232	235	}
233	236	ret = nf_ct_l3proto_try_module_get(par->family);
234	237	if (ret < 0) {