* [PATCH nf,v3] netfilter: nf_tables: remove catchall element in GC sync path
@ 2023-11-06 10:13 Pablo Neira Ayuso
2023-11-06 10:16 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2023-11-06 10:13 UTC (permalink / raw)
To: netfilter-devel
The expired catchall element is not removed from GC sync path. This path
holds mutex so just call nft_setelem_catchall_remove() before queueing
the GC work.
Fixes: 4a9e12ea7e70 ("netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v3: add nft_setelem_catchall_destroy() and use it.
net/netfilter/nf_tables_api.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3c1fd8283bf4..8f6b455177f0 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6520,6 +6520,12 @@ static int nft_setelem_deactivate(const struct net *net,
return ret;
}
+static void nft_setelem_catchall_destroy(struct nft_set_elem_catchall *catchall)
+{
+ list_del_rcu(&catchall->list);
+ kfree_rcu(catchall, rcu);
+}
+
static void nft_setelem_catchall_remove(const struct net *net,
const struct nft_set *set,
struct nft_elem_priv *elem_priv)
@@ -6528,8 +6534,7 @@ static void nft_setelem_catchall_remove(const struct net *net,
list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
if (catchall->elem == elem_priv) {
- list_del_rcu(&catchall->list);
- kfree_rcu(catchall, rcu);
+ nft_setelem_catchall_destroy(catchall);
break;
}
}
@@ -9678,11 +9683,11 @@ static struct nft_trans_gc *nft_trans_gc_catchall(struct nft_trans_gc *gc,
unsigned int gc_seq,
bool sync)
{
- struct nft_set_elem_catchall *catchall;
+ struct nft_set_elem_catchall *catchall, *next;
const struct nft_set *set = gc->set;
struct nft_set_ext *ext;
- list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
+ list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
ext = nft_set_elem_ext(set, catchall->elem);
if (!nft_set_elem_expired(ext))
@@ -9692,10 +9697,12 @@ static struct nft_trans_gc *nft_trans_gc_catchall(struct nft_trans_gc *gc,
nft_set_elem_dead(ext);
dead_elem:
- if (sync)
+ if (sync) {
+ nft_setelem_catchall_destroy(catchall);
gc = nft_trans_gc_queue_sync(gc, GFP_ATOMIC);
- else
+ } else {
gc = nft_trans_gc_queue_async(gc, gc_seq, GFP_ATOMIC);
+ }
if (!gc)
return NULL;
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf,v3] netfilter: nf_tables: remove catchall element in GC sync path
2023-11-06 10:13 [PATCH nf,v3] netfilter: nf_tables: remove catchall element in GC sync path Pablo Neira Ayuso
@ 2023-11-06 10:16 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2023-11-06 10:16 UTC (permalink / raw)
To: netfilter-devel
On Mon, Nov 06, 2023 at 11:13:45AM +0100, Pablo Neira Ayuso wrote:
> The expired catchall element is not removed from GC sync path. This path
> holds mutex so just call nft_setelem_catchall_remove() before queueing
> the GC work.
Scratch this too, this is not correct.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-06 10:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-06 10:13 [PATCH nf,v3] netfilter: nf_tables: remove catchall element in GC sync path Pablo Neira Ayuso
2023-11-06 10:16 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.