openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/net
History
Pablo Neira Ayuso 591054469b netfilter: nf_tables: revisit chain/object refcounting from elements 
Andreas reports that the following incremental update using our commit
protocol doesn't work.

 # nft -f incremental-update.nft
 delete element ip filter client_to_any { 10.180.86.22 : goto CIn_1 }
 delete chain ip filter CIn_1
 ... Error: Could not process rule: Device or resource busy

The existing code is not well-integrated into the commit phase protocol,
since element deletions do not result in refcount decrement from the
preparation phase. This results in bogus EBUSY errors like the one
above.

Two new functions come with this patch:

* nft_set_elem_activate() function is used from the abort path, to
  restore the set element refcounting on objects that occurred from
  the preparation phase.

* nft_set_elem_deactivate() that is called from nft_del_setelem() to
  decrement set element refcounting on objects from the preparation
  phase in the commit protocol.

The nft_data_uninit() has been renamed to nft_data_release() since this
function does not uninitialize any data store in the data register,
instead just releases the references to objects. Moreover, a new
function nft_data_hold() has been introduced to be used from
nft_set_elem_activate().

Reported-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2017-05-15 12:51:41 +02:00
..
6lowpan 6lowpan: Don't set IFF_NO_QUEUE 2017-04-12 22:02:40 +02:00
9p xen: fixes and featrues for 4.12 2017-05-04 11:37:09 -07:00
802
8021q vlan: Keep NETIF_F_HW_CSUM similar to other software devices 2017-05-08 14:39:19 -04:00
appletalk lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
atm neighbour: fix nlmsg_pid in notifications 2017-03-22 10:48:49 -07:00
ax25 net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
batman-adv This feature/cleanup patchset includes the following patches: 2017-04-06 14:37:50 -07:00
bluetooth Bluetooth: Add selftest for ECDH key generation 2017-04-30 16:52:43 +03:00
bpf bpf: Align packet data properly in program testing framework. 2017-05-02 11:46:28 -04:00
bridge netfilter: xtables: zero padding in data_to_user 2017-05-15 12:51:38 +02:00
caif sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
can can: fix CAN BCM build with CONFIG_PROC_FS disabled 2017-04-27 09:34:13 +02:00
ceph fs: ceph: CURRENT_TIME with ktime_get_real_ts() 2017-05-08 17:15:15 -07:00
core netem: fix skb_orphan_partial() 2017-05-11 21:32:48 -04:00
dcb net: rtnetlink: plumb extended ack to doit function 2017-04-17 15:35:38 -04:00
dccp ipv6/dccp: do not inherit ipv6_mc_list from parent 2017-05-11 12:17:02 -04:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-05-09 15:42:31 -07:00
dns_resolver Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
dsa net: dsa: Remove redundant NULL dst check 2017-04-21 10:41:24 -04:00
ethernet Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-02-16 21:25:49 -05:00
hsr netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
ieee802154 netlink: pass extended ACK struct where available 2017-04-13 13:58:22 -04:00
ife net: Introduce ife encapsulation module 2017-02-03 15:16:45 -05:00
ipv4 tcp: avoid fragmenting peculiar skbs in SACK 2017-05-11 21:35:20 -04:00
ipv6 ipv6/dccp: do not inherit ipv6_mc_list from parent 2017-05-11 12:17:02 -04:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-02 15:34:53 -04:00
irda net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
iucv net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
kcm kcm: remove a useless copy_from_user() 2017-04-17 13:28:48 -04:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-21 20:23:53 -07:00
l2tp l2tp: remove useless device duplication test in l2tp_eth_create() 2017-04-27 16:32:13 -04:00
l3mdev
lapb
llc net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
mac80211 mac80211: fix IBSS presp allocation size 2017-05-08 11:25:04 +02:00
mac802154 drivers: add explicit interrupt.h includes 2017-03-30 11:05:34 -07:00
mpls treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
ncsi
netfilter netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
netlabel netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
netlink netlink: pass extended ACK struct where available 2017-04-13 13:58:22 -04:00
netrom net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
nfc NFC 4.12 pull request 2017-04-21 15:29:40 -04:00
openvswitch netfilter: introduce nf_conntrack_helper_put helper function 2017-05-15 12:42:29 +02:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-26 22:39:08 -04:00
phonet net: rtnetlink: plumb extended ack to doit function 2017-04-17 15:35:38 -04:00
psample net: Introduce psample, a new genetlink channel for packet sampling 2017-01-24 13:44:28 -05:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-21 20:23:53 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
rfkill rfkill: remove rfkill-regulator 2017-01-24 11:07:35 +01:00
rose net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
rxrpc rxrpc: Trace client call connection 2017-04-06 11:10:41 +01:00
sched net: sched: optimize class dumps 2017-05-11 21:37:40 -04:00
sctp sctp: fix src address selection if using secondary addresses for ipv6 2017-05-12 10:50:32 -04:00
smc IB/core: Define 'ib' and 'roce' rdma_ah_attr types 2017-05-01 14:32:43 -04:00
strparser strparser: destroy workqueue on module exit 2017-03-03 20:43:26 -08:00
sunrpc The restriction of NFSv4 to TCP went overboard and also broke the 2017-04-01 10:43:37 -07:00
switchdev netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
tipc tipc: make macro tipc_wait_for_cond() smp safe 2017-05-11 22:19:30 -04:00
unix af_unix: Use designated initializers 2017-04-06 12:43:04 -07:00
vmw_vsock VSOCK: Add virtio vsock vsockmon hooks 2017-04-24 12:35:56 -04:00
wimax
wireless nl80211: correctly validate MU-MIMO groups 2017-05-08 11:24:34 +02:00
x25 net: Work around lockdep limitation in sockets that use sockets 2017-03-09 18:23:27 -08:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
Kconfig bpf: make jited programs visible in traces 2017-02-17 13:40:05 -05:00
Makefile bpf: introduce BPF_PROG_TEST_RUN command 2017-04-01 12:45:57 -07:00
compat.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-02-22 10:15:09 -08:00
socket.c l2tp: device MTU setup, tunnel socket needs a lock 2017-04-17 13:01:48 -04:00
sysctl_net.c sysctl: Remove dead register_sysctl_root 2017-04-16 23:42:49 -05:00