Commit d7e27bfe authored by Lu Wei's avatar Lu Wei
Browse files

Revert "netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain" 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6



-------------------------------

This reverts commit af739b3b.

Backport the dependency patch and then re-backport this patch.

Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
parent 9cfbd10a

include/net/netfilter/nf_tables.h

+0 −2
Original line number Diff line number Diff line
@@ -778,7 +778,6 @@ struct nft_expr_type { 


enum nft_trans_phase {

	NFT_TRANS_PREPARE,

	NFT_TRANS_PREPARE_ERROR,

	NFT_TRANS_ABORT,

	NFT_TRANS_COMMIT,

	NFT_TRANS_RELEASE
@@ -972,7 +971,6 @@ struct nft_chain { 


int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain);

int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);

void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);



enum nft_chain_types {

	NFT_CHAIN_T_DEFAULT = 0,

net/netfilter/nf_tables_api.c

+7 −38
Original line number Diff line number Diff line
@@ -168,8 +168,7 @@ static void nft_trans_destroy(struct nft_trans *trans) 
	kfree(trans);

}



static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,

				 bool bind)

static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)

{

	struct net *net = ctx->net;

	struct nft_trans *trans;
@@ -181,28 +180,17 @@ static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set, 
		switch (trans->msg_type) {

		case NFT_MSG_NEWSET:

			if (nft_trans_set(trans) == set)

				nft_trans_set_bound(trans) = bind;

				nft_trans_set_bound(trans) = true;

			break;

		case NFT_MSG_NEWSETELEM:

			if (nft_trans_elem_set(trans) == set)

				nft_trans_elem_set_bound(trans) = bind;

				nft_trans_elem_set_bound(trans) = true;

			break;

		}

	}

}



static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)

{

	return __nft_set_trans_bind(ctx, set, true);

}



static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)

{

	return __nft_set_trans_bind(ctx, set, false);

}



static void __nft_chain_trans_bind(const struct nft_ctx *ctx,

				   struct nft_chain *chain, bool bind)

static void nft_chain_trans_bind(const struct nft_ctx *ctx, struct nft_chain *chain)

{

	struct net *net = ctx->net;

	struct nft_trans *trans;
@@ -214,22 +202,16 @@ static void __nft_chain_trans_bind(const struct nft_ctx *ctx, 
		switch (trans->msg_type) {

		case NFT_MSG_NEWCHAIN:

			if (nft_trans_chain(trans) == chain)

				nft_trans_chain_bound(trans) = bind;

				nft_trans_chain_bound(trans) = true;

			break;

		case NFT_MSG_NEWRULE:

			if (trans->ctx.chain == chain)

				nft_trans_rule_bound(trans) = bind;

				nft_trans_rule_bound(trans) = true;

			break;

		}

	}

}



static void nft_chain_trans_bind(const struct nft_ctx *ctx,

				 struct nft_chain *chain)

{

	__nft_chain_trans_bind(ctx, chain, true);

}



int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)

{

	if (!nft_chain_binding(chain))
@@ -248,11 +230,6 @@ int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain) 
	return 0;

}



void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)

{

	__nft_chain_trans_bind(ctx, chain, false);

}



static int nft_netdev_register_hooks(struct net *net,

				     struct list_head *hook_list)

{
@@ -3428,7 +3405,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, 


	return 0;

err2:

	nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE_ERROR);

	nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE);

	nf_tables_rule_destroy(&ctx, rule);

err1:

	for (i = 0; i < n; i++) {
@@ -4560,13 +4537,6 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, 
			      enum nft_trans_phase phase)

{

	switch (phase) {

	case NFT_TRANS_PREPARE_ERROR:

		nft_set_trans_unbind(ctx, set);

		if (nft_set_is_anonymous(set))

			nft_deactivate_next(ctx->net, set);



		set->use--;

		break;

	case NFT_TRANS_PREPARE:

		if (nft_set_is_anonymous(set))

			nft_deactivate_next(ctx->net, set);
@@ -6493,7 +6463,6 @@ void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx, 
				    enum nft_trans_phase phase)

{

	switch (phase) {

	case NFT_TRANS_PREPARE_ERROR:

	case NFT_TRANS_PREPARE:

	case NFT_TRANS_ABORT:

	case NFT_TRANS_RELEASE:

net/netfilter/nft_immediate.c

+0 −3
Original line number Diff line number Diff line
@@ -150,9 +150,6 @@ static void nft_immediate_deactivate(const struct nft_ctx *ctx, 
				nft_rule_expr_deactivate(&chain_ctx, rule, phase);



			switch (phase) {

			case NFT_TRANS_PREPARE_ERROR:

				nf_tables_unbind_chain(ctx, chain);

				fallthrough;

			case NFT_TRANS_PREPARE:

				nft_deactivate_next(ctx->net, chain);

				break;