netfilter: nf_conntrack: add allocation flag to nf_conntrack_alloc
ctnetlink does not need to allocate the conntrack entries with GFP_ATOMIC as its code is executed in user context. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b11c16beb9
commit
b891c5a831
|
@ -258,7 +258,8 @@ nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data);
|
||||||
extern void nf_conntrack_free(struct nf_conn *ct);
|
extern void nf_conntrack_free(struct nf_conn *ct);
|
||||||
extern struct nf_conn *
|
extern struct nf_conn *
|
||||||
nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
||||||
const struct nf_conntrack_tuple *repl);
|
const struct nf_conntrack_tuple *repl,
|
||||||
|
gfp_t gfp);
|
||||||
|
|
||||||
/* It's confirmed if it is, or has been in the hash table. */
|
/* It's confirmed if it is, or has been in the hash table. */
|
||||||
static inline int nf_ct_is_confirmed(struct nf_conn *ct)
|
static inline int nf_ct_is_confirmed(struct nf_conn *ct)
|
||||||
|
|
|
@ -464,7 +464,8 @@ static noinline int early_drop(unsigned int hash)
|
||||||
}
|
}
|
||||||
|
|
||||||
struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
||||||
const struct nf_conntrack_tuple *repl)
|
const struct nf_conntrack_tuple *repl,
|
||||||
|
gfp_t gfp)
|
||||||
{
|
{
|
||||||
struct nf_conn *ct = NULL;
|
struct nf_conn *ct = NULL;
|
||||||
|
|
||||||
|
@ -489,7 +490,7 @@ struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ct = kmem_cache_zalloc(nf_conntrack_cachep, GFP_ATOMIC);
|
ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp);
|
||||||
if (ct == NULL) {
|
if (ct == NULL) {
|
||||||
pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
|
pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
|
||||||
atomic_dec(&nf_conntrack_count);
|
atomic_dec(&nf_conntrack_count);
|
||||||
|
@ -542,7 +543,7 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ct = nf_conntrack_alloc(tuple, &repl_tuple);
|
ct = nf_conntrack_alloc(tuple, &repl_tuple, GFP_ATOMIC);
|
||||||
if (ct == NULL || IS_ERR(ct)) {
|
if (ct == NULL || IS_ERR(ct)) {
|
||||||
pr_debug("Can't allocate conntrack.\n");
|
pr_debug("Can't allocate conntrack.\n");
|
||||||
return (struct nf_conntrack_tuple_hash *)ct;
|
return (struct nf_conntrack_tuple_hash *)ct;
|
||||||
|
|
|
@ -1128,7 +1128,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
|
||||||
struct nf_conn_help *help;
|
struct nf_conn_help *help;
|
||||||
struct nf_conntrack_helper *helper;
|
struct nf_conntrack_helper *helper;
|
||||||
|
|
||||||
ct = nf_conntrack_alloc(otuple, rtuple);
|
ct = nf_conntrack_alloc(otuple, rtuple, GFP_KERNEL);
|
||||||
if (ct == NULL || IS_ERR(ct))
|
if (ct == NULL || IS_ERR(ct))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
|
Reference in New Issue