tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

netfilter: nf_tables: don't write table validation state without mutex

The ->cleanup callback needs to be removed, this doesn't work anymore as
the transaction mutex is already released in the ->abort function.

Just do it after a successful validation pass, this either happens
from commit or abort phases where transaction mutex is held.

Fixes: f102d66b335a ("netfilter: nf_tables: use dedicated mutex to guard transactions")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 9a32e985 63e9bbbc

+2 -9
-1
include/linux/netfilter/nfnetlink.h
··· 45 45 int (*commit)(struct net *net, struct sk_buff *skb); 46 46 int (*abort)(struct net *net, struct sk_buff *skb, 47 47 enum nfnl_abort_action action); 48 - void (*cleanup)(struct net *net); 49 48 bool (*valid_genid)(struct net *net, u32 genid); 50 49 }; 51 50
+2 -6
net/netfilter/nf_tables_api.c
··· 8639 8639 if (nft_table_validate(net, table) < 0) 8640 8640 return -EAGAIN; 8641 8641 } 8642 + 8643 + nft_validate_state_update(net, NFT_VALIDATE_SKIP); 8642 8644 break; 8643 8645 } 8644 8646 ··· 9580 9578 return 0; 9581 9579 } 9582 9580 9583 - static void nf_tables_cleanup(struct net *net) 9584 - { 9585 - nft_validate_state_update(net, NFT_VALIDATE_SKIP); 9586 - } 9587 - 9588 9581 static int nf_tables_abort(struct net *net, struct sk_buff *skb, 9589 9582 enum nfnl_abort_action action) 9590 9583 { ··· 9613 9616 .cb = nf_tables_cb, 9614 9617 .commit = nf_tables_commit, 9615 9618 .abort = nf_tables_abort, 9616 - .cleanup = nf_tables_cleanup, 9617 9619 .valid_genid = nf_tables_valid_genid, 9618 9620 .owner = THIS_MODULE, 9619 9621 };
-2
net/netfilter/nfnetlink.c
··· 590 590 goto replay_abort; 591 591 } 592 592 } 593 - if (ss->cleanup) 594 - ss->cleanup(net); 595 593 596 594 nfnl_err_deliver(&err_list, oskb); 597 595 kfree_skb(skb);