[nf-next,1/2] netfilter: nfnetlink: allow commit to fail

Message ID	20180524222548.13217-2-fw@strlen.de
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Florian Westphal <fw@strlen.de> To: <netfilter-devel@vger.kernel.org> Cc: Florian Westphal <fw@strlen.de> Subject: [PATCH nf-next 1/2] netfilter: nfnetlink: allow commit to fail Date: Fri, 25 May 2018 00:25:47 +0200 Message-Id: <20180524222548.13217-2-fw@strlen.de> In-Reply-To: <20180524222548.13217-1-fw@strlen.de> References: <20180524222548.13217-1-fw@strlen.de> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	netfilter: nf_tables: speed up commit phase \| expand [nf-next,0/2] netfilter: nf_tables: speed up commit phase [nf-next,1/2] netfilter: nfnetlink: allow commit to fail [nf-next,2/2] netfilter: nf_tables: remove synchronize_rcu in commit phase

Message ID

20180524222548.13217-2-fw@strlen.de

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nf-next 1/2] netfilter: nfnetlink: allow commit to fail
Date: Fri, 25 May 2018 00:25:47 +0200
Message-Id: <20180524222548.13217-2-fw@strlen.de>
In-Reply-To: <20180524222548.13217-1-fw@strlen.de>
References: <20180524222548.13217-1-fw@strlen.de>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

netfilter: nf_tables: speed up commit phase | expand

Commit Message

Florian Westphal May 24, 2018, 10:25 p.m. UTC

->commit() cannot fail at the moment.

Followup-patch adds kmalloc calls in the commit phase, so we'll need
to be able to handle errors.

Make it so that -EGAIN causes a full replay, and make other errors
cause the transaction to fail.

Failing is ok from a consistency point of view as long as we
perform all actions that could return an error before
we increment the generation counter and the base seq.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nfnetlink.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 03ead8a9e90c..88c9e222b670 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -441,7 +441,14 @@  static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		kfree_skb(skb);
 		goto replay;
 	} else if (status == NFNL_BATCH_DONE) {
-		ss->commit(net, oskb);
+		err = ss->commit(net, oskb);
+		if (err == -EAGAIN) {
+			status |= NFNL_BATCH_REPLAY;
+			goto done;
+		} else if (err) {
+			ss->abort(net, oskb);
+			netlink_ack(oskb, nlmsg_hdr(oskb), err, NULL);
+		}
 	} else {
 		ss->abort(net, oskb);
 	}

[nf-next,1/2] netfilter: nfnetlink: allow commit to fail

Commit Message

Patch