| Message ID | 20220418102105.826027-1-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nf] netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion | expand |
Hi Pablo, On Mon, 18 Apr 2022 12:21:05 +0200 Pablo Neira Ayuso <pablo@netfilter.org> wrote: > This patch fixes spurious EEXIST errors. > > Extend d2df92e98a34 ("netfilter: nft_set_rbtree: handle element > re-addition after deletion") to deal with elements with same end flags > in the same transation. > > Reset the overlap flag as described by 7c84d41416d8 ("netfilter: > nft_set_rbtree: Detect partial overlaps on insertion"). > > Fixes: 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion") > Fixes: d2df92e98a34 ("netfilter: nft_set_rbtree: handle element re-addition after deletion") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Sorry for the delay, and thanks for fixing this. I believe this is correct, but I haven't tested it. Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c index d600a566da32..7325bee7d144 100644 --- a/net/netfilter/nft_set_rbtree.c +++ b/net/netfilter/nft_set_rbtree.c @@ -349,7 +349,11 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set, *ext = &rbe->ext; return -EEXIST; } else { - p = &parent->rb_left; + overlap = false; + if (nft_rbtree_interval_end(rbe)) + p = &parent->rb_left; + else + p = &parent->rb_right; } }
This patch fixes spurious EEXIST errors. Extend d2df92e98a34 ("netfilter: nft_set_rbtree: handle element re-addition after deletion") to deal with elements with same end flags in the same transation. Reset the overlap flag as described by 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion"). Fixes: 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion") Fixes: d2df92e98a34 ("netfilter: nft_set_rbtree: handle element re-addition after deletion") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- This bug is triggered since the new code to online interval automerging of addition and deletions with an existing kernel set. https://lore.kernel.org/netfilter-devel/20220412144711.93354-1-pablo@netfilter.org/ net/netfilter/nft_set_rbtree.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)