From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 17 Mar 2021 20:19:57 +0000 (+0100)
Subject: netfilter: nftables: skip hook overlap logic if flowtable is stale
X-Git-Tag: v5.10.79~5872
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8a57256e0548fee9b9918c5a7bffc8770dcc5afa;p=platform%2Fkernel%2Flinux-rpi.git

netfilter: nftables: skip hook overlap logic if flowtable is stale

[ Upstream commit 86fe2c19eec4728fd9a42ba18f3b47f0d5f9fd7c ]

If the flowtable has been previously removed in this batch, skip the
hook overlap checks. This fixes spurious EEXIST errors when removing and
adding the flowtable in the same batch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 978a968..2e76935 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6573,6 +6573,9 @@ static int nft_register_flowtable_net_hooks(struct net *net,
 
 	list_for_each_entry(hook, hook_list, list) {
 		list_for_each_entry(ft, &table->flowtables, list) {
+			if (!nft_is_active_next(net, ft))
+				continue;
+
 			list_for_each_entry(hook2, &ft->hook_list, list) {
 				if (hook->ops.dev == hook2->ops.dev &&
 				    hook->ops.pf == hook2->ops.pf) {