Skip to content

Commit

Permalink
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
Browse files Browse the repository at this point in the history 
commit b079155 upstream.

Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC
might collect the same element more than once.

Fixes: f6c383b ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@ummakynes @gregkh
ummakynes authored and gregkh committed Oct 6, 2023
1 parent 973288e commit be4fbbb
Showing 1 changed file with 3 additions and 6 deletions.
9 changes: 3 additions & 6 deletions net/netfilter/nft_set_hash.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,12 +338,9 @@ static void nft_rhash_gc(struct work_struct *work)

while ((he = rhashtable_walk_next(&hti))) {
if (IS_ERR(he)) {
if (PTR_ERR(he) != -EAGAIN) {
nft_trans_gc_destroy(gc);
gc = NULL;
goto try_later;
}
continue;
nft_trans_gc_destroy(gc);
gc = NULL;
goto try_later;
}

/* Ruleset has been updated, try later. */
Expand Down

0 comments on commit be4fbbb

Please sign in to comment.