Commit b079155f authored Sep 08, 2023 by Pablo Neira Ayuso

netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC
might collect the same element more than once.

Fixes: f6c383b8 ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 6d365eab

net/netfilter/nft_set_hash.c

+3 −6

Original line number	Diff line number	Diff line
		@@ -338,13 +338,10 @@ static void nft_rhash_gc(struct work_struct *work)

		while ((he = rhashtable_walk_next(&hti))) {
		if (IS_ERR(he)) {
		if (PTR_ERR(he) != -EAGAIN) {
		nft_trans_gc_destroy(gc);
		gc = NULL;
		goto try_later;
		}
		continue;
		}

		/* Ruleset has been updated, try later. */
		if (READ_ONCE(nft_net->gc_seq) != gc_seq) {