diff mbox series

[nf-next,1/9] netfilter: nf_tables: warn if set being destroyed is still active

Message ID 20240307084018.2219-2-fw@strlen.de
State Deferred
Headers show
Series netfilter: nf_tables: rewrite gc again | expand

Commit Message

Florian Westphal March 7, 2024, 8:40 a.m. UTC 
Control plane should mark a to-be-destroyed set as dead before
the ->destroy function gets called.

This needs to be done while control plane still holds the
transaction mutex.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nf_tables_api.c | 3 +++
 net/netfilter/nft_set_hash.c  | 2 ++
 2 files changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 224e5fb6a916..be8254d31988 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5276,6 +5276,9 @@  static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)
 	for (i = 0; i < set->num_exprs; i++)
 		nft_expr_destroy(ctx, set->exprs[i]);
 
+	if (WARN_ON_ONCE(!set->dead))
+		set->dead = 1;
+
 	set->ops->destroy(ctx, set);
 	nft_set_catchall_destroy(ctx, set);
 	nft_set_put(set);
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 6968a3b34236..06337a089c34 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -451,6 +451,8 @@  static void nft_rhash_destroy(const struct nft_ctx *ctx,
 		.set	= set,
 	};
 
+	WARN_ON_ONCE(!set->dead);
+
 	cancel_delayed_work_sync(&priv->gc_work);
 	rhashtable_free_and_destroy(&priv->ht, nft_rhash_elem_destroy,
 				    (void *)&rhash_ctx);