Unverified Commit 66c1cbd9 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!9182 netfilter: nf_tables: restore set elements when delete set fails 

Merge Pull Request from: @ci-robot 
 
PR sync from: Guo Mengqi <guomengqi3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/FQFHXFYNO646MP3TCXIK3PZMWF2IKT4C/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9L5G1 
 
Link:https://gitee.com/openeuler/kernel/pulls/9182

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 847603c2 61a4e180

net/netfilter/nf_tables_api.c

+24 −0
Original line number Diff line number Diff line
@@ -585,6 +585,12 @@ static int nft_mapelem_deactivate(const struct nft_ctx *ctx, 
				  const struct nft_set_iter *iter,

				  struct nft_set_elem *elem)

{

	struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);



	if (!nft_set_elem_active(ext, iter->genmask))

		return 0;



	nft_set_elem_change_active(ctx->net, set, ext);

	nft_setelem_data_deactivate(ctx->net, set, elem);



	return 0;
@@ -4739,6 +4745,11 @@ static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx, 
					const struct nft_set_iter *iter,

					struct nft_set_elem *elem)

{

	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);



	if (!nft_set_elem_active(ext, iter->genmask))

		return 0;



	return nft_setelem_data_validate(ctx, set, elem);

}
@@ -4807,6 +4818,13 @@ static int nft_mapelem_activate(const struct nft_ctx *ctx, 
				const struct nft_set_iter *iter,

				struct nft_set_elem *elem)

{

	struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);



	/* called from abort path, reverse check to undo changes. */

	if (nft_set_elem_active(ext, iter->genmask))

		return 0;



	nft_clear(ctx->net, ext);

	nft_setelem_data_activate(ctx->net, set, elem);



	return 0;
@@ -5059,6 +5077,9 @@ static int nf_tables_dump_setelem(const struct nft_ctx *ctx, 
	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);

	struct nft_set_dump_args *args;



	if (!nft_set_elem_active(ext, iter->genmask))

		return 0;



	if (nft_set_elem_expired(ext) || nft_set_elem_is_dead(ext))

		return 0;
@@ -9131,6 +9152,9 @@ static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx, 
{

	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);



	if (!nft_set_elem_active(ext, iter->genmask))

		return 0;



	if (nft_set_ext_exists(ext, NFT_SET_EXT_FLAGS) &&

	    *nft_set_ext_flags(ext) & NFT_SET_ELEM_INTERVAL_END)

		return 0;

net/netfilter/nft_set_bitmap.c

+1 −3
Original line number Diff line number Diff line
@@ -170,7 +170,7 @@ static void nft_bitmap_activate(const struct net *net, 
	nft_bitmap_location(set, nft_set_ext_key(&be->ext), &idx, &off);

	/* Enter 11 state. */

	priv->bitmap[idx] |= (genmask << off);

	nft_set_elem_change_active(net, set, &be->ext);

	nft_clear(net, &be->ext);

}



static bool nft_bitmap_flush(const struct net *net,
@@ -222,8 +222,6 @@ static void nft_bitmap_walk(const struct nft_ctx *ctx, 
	list_for_each_entry_rcu(be, &priv->list, head) {

		if (iter->count < iter->skip)

			goto cont;

		if (!nft_set_elem_active(&be->ext, iter->genmask))

			goto cont;



		elem.priv = be;

net/netfilter/nft_set_hash.c

+2 −6
Original line number Diff line number Diff line
@@ -191,7 +191,7 @@ static void nft_rhash_activate(const struct net *net, const struct nft_set *set, 
{

	struct nft_rhash_elem *he = elem->priv;



	nft_set_elem_change_active(net, set, &he->ext);

	nft_clear(net, &he->ext);

}



static bool nft_rhash_flush(const struct net *net,
@@ -279,8 +279,6 @@ static void nft_rhash_walk(const struct nft_ctx *ctx, struct nft_set *set, 


		if (iter->count < iter->skip)

			goto cont;

		if (!nft_set_elem_active(&he->ext, iter->genmask))

			goto cont;



		elem.priv = he;
@@ -571,7 +569,7 @@ static void nft_hash_activate(const struct net *net, const struct nft_set *set, 
{

	struct nft_hash_elem *he = elem->priv;



	nft_set_elem_change_active(net, set, &he->ext);

	nft_clear(net, &he->ext);

}



static bool nft_hash_flush(const struct net *net,
@@ -625,8 +623,6 @@ static void nft_hash_walk(const struct nft_ctx *ctx, struct nft_set *set, 
		hlist_for_each_entry_rcu(he, &priv->table[i], node) {

			if (iter->count < iter->skip)

				goto cont;

			if (!nft_set_elem_active(&he->ext, iter->genmask))

				goto cont;



			elem.priv = he;

net/netfilter/nft_set_pipapo.c

+1 −4
Original line number Diff line number Diff line
@@ -1751,7 +1751,7 @@ static void nft_pipapo_activate(const struct net *net, 
{

	struct nft_pipapo_elem *e = elem->priv;



	nft_set_elem_change_active(net, set, &e->ext);

	nft_clear(net, &e->ext);

}



/**
@@ -2053,9 +2053,6 @@ static void nft_pipapo_walk(const struct nft_ctx *ctx, struct nft_set *set, 


		e = f->mt[r].e;



		if (!nft_set_elem_active(&e->ext, iter->genmask))

			goto cont;



		elem.priv = e;



		iter->err = iter->fn(ctx, set, iter, &elem);

net/netfilter/nft_set_rbtree.c

+1 −3
Original line number Diff line number Diff line
@@ -512,7 +512,7 @@ static void nft_rbtree_activate(const struct net *net, 
{

	struct nft_rbtree_elem *rbe = elem->priv;



	nft_set_elem_change_active(net, set, &rbe->ext);

	nft_clear(net, &rbe->ext);

}



static bool nft_rbtree_flush(const struct net *net,
@@ -581,8 +581,6 @@ static void nft_rbtree_walk(const struct nft_ctx *ctx, 


		if (iter->count < iter->skip)

			goto cont;

		if (!nft_set_elem_active(&rbe->ext, iter->genmask))

			goto cont;



		elem.priv = rbe;