projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f649be6) | patch
netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests
authorPhil Sutter <phil@nwl.cc>
Thu, 9 Nov 2023 15:01:16 +0000 (16:01 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 22 Dec 2023 11:08:38 +0000 (12:08 +0100)
commit3d483faa66639ad96d8373046c47f2b2d76fdf76
treea12daa3a6e7cebd9e9b5a587fec29e6f03b15a10tree
parentf649be6d9c84960e358f350914a0673411467b11commit | diff
netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET requests

Set expressions' dump callbacks are not concurrency-safe per-se with
reset bit set. If two CPUs reset the same element at the same time,
values may underrun at least with element-attached counters and quotas.

Prevent this by introducing dedicated callbacks for nfnetlink and the
asynchronous dump handling to serialize access.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)