Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 03caf75d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Greg Kroah-Hartman
Browse files

netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction 



commit 2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 upstream.

New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.

Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 021d734c

net/netfilter/nft_set_rbtree.c

+6 −2
Original line number Diff line number Diff line
@@ -314,6 +314,7 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set, 
	struct nft_rbtree_elem *rbe, *rbe_le = NULL, *rbe_ge = NULL;

	struct rb_node *node, *next, *parent, **p, *first = NULL;

	struct nft_rbtree *priv = nft_set_priv(set);

	u8 cur_genmask = nft_genmask_cur(net);

	u8 genmask = nft_genmask_next(net);

	int d, err;
@@ -359,8 +360,11 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set, 
		if (!nft_set_elem_active(&rbe->ext, genmask))

			continue;



		/* perform garbage collection to avoid bogus overlap reports. */

		if (nft_set_elem_expired(&rbe->ext)) {

		/* perform garbage collection to avoid bogus overlap reports

		 * but skip new elements in this transaction.

		 */

		if (nft_set_elem_expired(&rbe->ext) &&

		    nft_set_elem_active(&rbe->ext, cur_genmask)) {

			err = nft_rbtree_gc_elem(set, priv, rbe, genmask);

			if (err < 0)

				return err;