netfilter: nf_tables: don't write table validation state without mutex

author Florian Westphal <fw@strlen.de>

Thu, 13 Apr 2023 15:13:19 +0000 (17:13 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 11 May 2023 14:03:26 +0000 (23:03 +0900)
author Florian Westphal <fw@strlen.de>
Thu, 13 Apr 2023 15:13:19 +0000 (17:13 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 11 May 2023 14:03:26 +0000 (23:03 +0900)
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h

index 241e005..e9a9ab3 100644 (file)
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -45,7 +45,6 @@ struct nfnetlink_subsystem {
         int (*commit)(struct net *net, struct sk_buff *skb);
         int (*abort)(struct net *net, struct sk_buff *skb,
                      enum nfnl_abort_action action);
-       void (*cleanup)(struct net *net);
         bool (*valid_genid)(struct net *net, u32 genid);
  };
  
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 12d815b..d13af00 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8517,6 +8517,8 @@ static int nf_tables_validate(struct net *net)
                         if (nft_table_validate(net, table) < 0)
                                 return -EAGAIN;
                 }
+
+               nft_validate_state_update(net, NFT_VALIDATE_SKIP);
                 break;
         }
  
@@ -9437,11 +9439,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
         return 0;
  }
  
-static void nf_tables_cleanup(struct net *net)
-{
-       nft_validate_state_update(net, NFT_VALIDATE_SKIP);
-}
-
  static int nf_tables_abort(struct net *net, struct sk_buff *skb,
                            enum nfnl_abort_action action)
  {
@@ -9475,7 +9472,6 @@ static const struct nfnetlink_subsystem nf_tables_subsys = {
         .cb             = nf_tables_cb,
         .commit         = nf_tables_commit,
         .abort          = nf_tables_abort,
-       .cleanup        = nf_tables_cleanup,
         .valid_genid    = nf_tables_valid_genid,
         .owner          = THIS_MODULE,
  };
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c

index 81c7737..ae71464 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -590,8 +590,6 @@ done:
                         goto replay_abort;
                 }
         }
-       if (ss->cleanup)
-               ss->cleanup(net);
  
         nfnl_err_deliver(&err_list, oskb);
         kfree_skb(skb);
author	Florian Westphal <fw@strlen.de>
	Thu, 13 Apr 2023 15:13:19 +0000 (17:13 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 11 May 2023 14:03:26 +0000 (23:03 +0900)
include/linux/netfilter/nfnetlink.h		patch \| blob \| history
net/netfilter/nf_tables_api.c		patch \| blob \| history
net/netfilter/nfnetlink.c		patch \| blob \| history