Commit 2e6c2c6c authored Dec 19, 2023 by Pablo Neira Ayuso Committed by sanglipeng May 10, 2024

netfilter: nf_tables: skip set commit for deleted/destroyed sets

stable inclusion
from stable-v5.10.206
commit 73117ea03363d4493bd4e9f82f29b34b92d88a91
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9O5W8

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73117ea03363d4493bd4e9f82f29b34b92d88a91



--------------------------------

commit 7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a upstream.

NFT_MSG_DELSET deactivates all elements in the set, skip
set->ops->commit() to avoid the unnecessary clone (for the pipapo case)
as well as the sync GC cycle, which could deactivate again expired
elements in such set.

Fixes: 5f68718b ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: sanglipeng <sanglipeng1@jd.com>

parent 6865aff6

net/netfilter/nf_tables_api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -8431,7 +8431,7 @@ static void nft_set_commit_update(struct list_head *set_update_list)
		list_for_each_entry_safe(set, next, set_update_list, pending_update) {
		list_del_init(&set->pending_update);

		if (!set->ops->commit)
		if (!set->ops->commit \|\| set->dead)
		continue;

		set->ops->commit(set);