netfilter: nft_flow_offload: wait for garbage collector to run after cleanup

If netdevice goes down, then flowtable entries are scheduled to be
removed. Wait for garbage collector to have a chance to run so it can
delete them from the hashtable.

The flush call might sleep, so hold the nfnl mutex from
nft_flow_table_iterate() instead of rcu read side lock. The use of the
nfnl mutex is also implicitly fixing races between updates via nfnetlink
and netdevice event.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 ba7cd5d9
...@@ -5006,13 +5006,13 @@ void nft_flow_table_iterate(struct net *net, ...@@ -5006,13 +5006,13 @@ void nft_flow_table_iterate(struct net *net,
struct nft_flowtable *flowtable; struct nft_flowtable *flowtable;
const struct nft_table *table; const struct nft_table *table;
rcu_read_lock(); nfnl_lock(NFNL_SUBSYS_NFTABLES);
list_for_each_entry_rcu(table, &net->nft.tables, list) { list_for_each_entry(table, &net->nft.tables, list) {
list_for_each_entry_rcu(flowtable, &table->flowtables, list) { list_for_each_entry(flowtable, &table->flowtables, list) {
iter(&flowtable->data, data); iter(&flowtable->data, data);
} }
} }
rcu_read_unlock(); nfnl_unlock(NFNL_SUBSYS_NFTABLES);
} }
EXPORT_SYMBOL_GPL(nft_flow_table_iterate); EXPORT_SYMBOL_GPL(nft_flow_table_iterate);
......
...@@ -208,6 +208,7 @@ static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable, ...@@ -208,6 +208,7 @@ static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable,
void *data) void *data)
{ {
nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data);
flush_delayed_work(&flowtable->gc_work);
} }
static int flow_offload_netdev_event(struct notifier_block *this, static int flow_offload_netdev_event(struct notifier_block *this,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部