netfilter: nf_tables: asynchronous release

 *

 *	@list: used internally

 *	@msg_type: message type

 *	@put_net: ctx->net needs to be put

 *	@ctx: transaction context

 *	@data: internal information related to the transaction

 */

struct nft_trans {

	struct list_head		list;

	int				msg_type;

	bool				put_net;

	struct nft_ctx			ctx;

	char				data[0];

};

static LIST_HEAD(nf_tables_expressions);

static LIST_HEAD(nf_tables_objects);

static LIST_HEAD(nf_tables_flowtables);

static LIST_HEAD(nf_tables_destroy_list);

static DEFINE_SPINLOCK(nf_tables_destroy_list_lock);

static u64 table_handle;

enum {

	net->nft.validate_state = new_validate_state;

}

static void nf_tables_trans_destroy_work(struct work_struct *w);

static DECLARE_WORK(trans_destroy_work, nf_tables_trans_destroy_work);

static void nft_ctx_init(struct nft_ctx *ctx,

			 struct net *net,

{

	struct nft_expr *expr;

	lockdep_assert_held(&ctx->net->nft.commit_mutex);

	/*

	 * Careful: some expressions might not be initialized in case this

	 * is called on error from nf_tables_newrule().

		nf_tables_flowtable_destroy(nft_trans_flowtable(trans));

		break;

	}

	if (trans->put_net)

		put_net(trans->ctx.net);

	kfree(trans);

}

static void nf_tables_commit_release(struct net *net)

static void nf_tables_trans_destroy_work(struct work_struct *w)

{

	struct nft_trans *trans, *next;

	LIST_HEAD(head);

	if (list_empty(&net->nft.commit_list))

	spin_lock(&nf_tables_destroy_list_lock);

	list_splice_init(&nf_tables_destroy_list, &head);

	spin_unlock(&nf_tables_destroy_list_lock);

	if (list_empty(&head))

		return;

	synchronize_rcu();

	list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {

	list_for_each_entry_safe(trans, next, &head, list) {

		list_del(&trans->list);

		nft_commit_release(trans);

	}

	list_del_rcu(&chain->list);

}

static void nf_tables_commit_release(struct net *net)

{

	struct nft_trans *trans;

	/* all side effects have to be made visible.

	 * For example, if a chain named 'foo' has been deleted, a

	 * new transaction must not find it anymore.

	 *

	 * Memory reclaim happens asynchronously from work queue

	 * to prevent expensive synchronize_rcu() in commit phase.

	 */

	if (list_empty(&net->nft.commit_list)) {

		mutex_unlock(&net->nft.commit_mutex);

		return;

	}

	trans = list_last_entry(&net->nft.commit_list,

				struct nft_trans, list);

	get_net(trans->ctx.net);

	WARN_ON_ONCE(trans->put_net);

	trans->put_net = true;

	spin_lock(&nf_tables_destroy_list_lock);

	list_splice_tail_init(&net->nft.commit_list, &nf_tables_destroy_list);

	spin_unlock(&nf_tables_destroy_list_lock);

	mutex_unlock(&net->nft.commit_mutex);

	schedule_work(&trans_destroy_work);

}

static int nf_tables_commit(struct net *net, struct sk_buff *skb)

{

	struct nft_trans *trans, *next;

		}

	}

	nf_tables_commit_release(net);

	nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);

	mutex_unlock(&net->nft.commit_mutex);

	nf_tables_commit_release(net);

	return 0;

}

{

	int err;

	spin_lock_init(&nf_tables_destroy_list_lock);

	err = register_pernet_subsys(&nf_tables_net_ops);

	if (err < 0)

		return err;

	unregister_netdevice_notifier(&nf_tables_flowtable_notifier);

	nft_chain_filter_fini();

	unregister_pernet_subsys(&nf_tables_net_ops);

	cancel_work_sync(&trans_destroy_work);

	rcu_barrier();

	nf_tables_core_module_exit();

}