commit 203ebcfb8f4a58a6132e1d9c19f8c49114c2603a
author Linux Build Service Account <lnxbuild@localhost> Sat Sep 17 04:43:41 2016 -0600
committer Linux Build Service Account <lnxbuild@localhost> Sat Sep 17 04:43:41 2016 -0600
tree 1c1736d91cf2908e742d48852466b2f99d3e88bd
parent d3eecdea17a9d9f8d5f75476f86a2b3f3cad99c2
parent e4aebe9d4c98463d485ef224d8f9a32d25c36830

Promotion of data.lnx.2.0-00058.

CRs      Change ID                                   Subject
--------------------------------------------------------------------------------------------------------------
1057710   I6d40ae6dbe3aa9ed840c2daae8555701baa91ef2   ipacm: Fix race condition between nat delete and update

Change-Id: I20e0ad1d5bea3101d626ef4423d8f16d56722a24
CRs-Fixed: 1057710

ipanat/inc/ipa_nat_drvi.h

diff --git a/ipanat/inc/ipa_nat_drvi.h b/ipanat/inc/ipa_nat_drvi.h
index 002c025..6f9b1bd 100644
--- a/ipanat/inc/ipa_nat_drvi.h
+++ b/ipanat/inc/ipa_nat_drvi.h
@@ -39,6 +39,7 @@
 #include <netinet/in.h>
 #include <sys/inotify.h>
 #include <errno.h>
+#include <pthread.h>
 
 #include "ipa_nat_logi.h"
 

ipanat/src/ipa_nat_drvi.c

diff --git a/ipanat/src/ipa_nat_drvi.c b/ipanat/src/ipa_nat_drvi.c
index cfda3e3..faa8c8c 100644
--- a/ipanat/src/ipa_nat_drvi.c
+++ b/ipanat/src/ipa_nat_drvi.c
@@ -36,6 +36,7 @@
 #endif
 
 struct ipa_nat_cache ipv4_nat_cache;
+pthread_mutex_t nat_mutex    = PTHREAD_MUTEX_INITIALIZER;
 
 /* ------------------------------------------
 		UTILITY FUNCTIONS START
@@ -904,7 +905,13 @@
 
 	if (!ipv4_nat_cache.ip4_tbl[index].valid) {
 		IPAERR("invalid table handle passed\n");
-		return -EINVAL;
+		ret = -EINVAL;
+		goto fail;
+	}
+
+	if (pthread_mutex_lock(&nat_mutex) != 0) {
+		ret = -1;
+		goto lock_mutex_fail;
 	}
 
 	/* unmap the device memory from user space */
@@ -918,7 +925,10 @@
 	/* close the file descriptor of nat device */
 	if (close(ipv4_nat_cache.ip4_tbl[index].nat_fd)) {
 		IPAERR("unable to close the file descriptor\n");
-		return -EINVAL;
+		ret = -EINVAL;
+		if (pthread_mutex_unlock(&nat_mutex) != 0)
+			goto unlock_mutex_fail;
+		goto fail;
 	}
 
 	del_cmd.table_index = index;
@@ -928,9 +938,12 @@
 		perror("ipa_nati_del_ipv4_table(): ioctl error value");
 		IPAERR("unable to post nat del command init Error: %d\n", ret);
 		IPADBG("ipa fd %d\n", ipv4_nat_cache.ipa_fd);
-		return -EINVAL;
+		ret = -EINVAL;
+		if (pthread_mutex_unlock(&nat_mutex) != 0)
+			goto unlock_mutex_fail;
+		goto fail;
 	}
-	IPADBG("posted IPA_IOC_V4_DEL_NAT to kernel successfully\n");
+	IPAERR("posted IPA_IOC_V4_DEL_NAT to kernel successfully\n");
 
 	free(ipv4_nat_cache.ip4_tbl[index].index_expn_table_meta);
 	free(ipv4_nat_cache.ip4_tbl[index].rule_id_array);
@@ -942,7 +955,22 @@
 	/* Decrease the table count by 1*/
 	ipv4_nat_cache.table_cnt--;
 
+	if (pthread_mutex_unlock(&nat_mutex) != 0) {
+		ret = -1;
+		goto unlock_mutex_fail;
+	}
+
 	return 0;
+
+lock_mutex_fail:
+	IPAERR("unable to lock the nat mutex\n");
+	return ret;
+
+unlock_mutex_fail:
+	IPAERR("unable to unlock the nat mutex\n");
+
+fail:
+	return ret;
 }
 
 int ipa_nati_query_timestamp(uint32_t  tbl_hdl,
@@ -959,6 +987,11 @@
 		return -EINVAL;
 	}
 
+	if (pthread_mutex_lock(&nat_mutex) != 0) {
+		IPAERR("unable to lock the nat mutex\n");
+		return -1;
+	}
+
 	ipa_nati_parse_ipv4_rule_hdl(tbl_index, (uint16_t)rule_hdl,
 															 &expn_tbl, &tbl_entry);
 
@@ -969,8 +1002,15 @@
 			 (struct ipa_nat_rule *)ipv4_nat_cache.ip4_tbl[tbl_index].ipv4_expn_rules_addr;
 	}
 
-	*time_stamp = Read32BitFieldValue(tbl_ptr[tbl_entry].ts_proto,
-																		TIME_STAMP_FIELD);
+	if (tbl_ptr)
+		*time_stamp = Read32BitFieldValue(tbl_ptr[tbl_entry].ts_proto,
+					TIME_STAMP_FIELD);
+
+	if (pthread_mutex_unlock(&nat_mutex) != 0) {
+		IPAERR("unable to unlock the nat mutex\n");
+		return -1;
+	}
+
 	return 0;
 }