mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 22:02:02 +00:00
netfilter: nft_flow_offload: wait for garbage collector to run after cleanup
If netdevice goes down, then flowtable entries are scheduled to be removed. Wait for garbage collector to have a chance to run so it can delete them from the hashtable. The flush call might sleep, so hold the nfnl mutex from nft_flow_table_iterate() instead of rcu read side lock. The use of the nfnl mutex is also implicitly fixing races between updates via nfnetlink and netdevice event. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
ba7cd5d95f
commit
c7f0030b5b
2 changed files with 5 additions and 4 deletions
|
@ -5006,13 +5006,13 @@ void nft_flow_table_iterate(struct net *net,
|
|||
struct nft_flowtable *flowtable;
|
||||
const struct nft_table *table;
|
||||
|
||||
rcu_read_lock();
|
||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
||||
list_for_each_entry(table, &net->nft.tables, list) {
|
||||
list_for_each_entry(flowtable, &table->flowtables, list) {
|
||||
iter(&flowtable->data, data);
|
||||
}
|
||||
}
|
||||
rcu_read_unlock();
|
||||
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(nft_flow_table_iterate);
|
||||
|
||||
|
|
|
@ -208,6 +208,7 @@ static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable,
|
|||
void *data)
|
||||
{
|
||||
nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data);
|
||||
flush_delayed_work(&flowtable->gc_work);
|
||||
}
|
||||
|
||||
static int flow_offload_netdev_event(struct notifier_block *this,
|
||||
|
|
Loading…
Reference in a new issue