From: Pablo Neira Ayuso Date: Tue, 17 Oct 2023 10:28:27 +0000 (+0200) Subject: netfilter: nft_set_rbtree: .deactivate fails if element has expired X-Git-Tag: v6.6.17~3727^2~5^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d111692a59c1470ae530cbb39bcf0346c950ecc7;p=platform%2Fkernel%2Flinux-rpi.git netfilter: nft_set_rbtree: .deactivate fails if element has expired This allows to remove an expired element which is not possible in other existing set backends, this is more noticeable if gc-interval is high so expired elements remain in the tree. On-demand gc also does not help in this case, because this is delete element path. Return NULL if element has expired. Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support") Signed-off-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c index 2660cea..e34662f 100644 --- a/net/netfilter/nft_set_rbtree.c +++ b/net/netfilter/nft_set_rbtree.c @@ -568,6 +568,8 @@ static void *nft_rbtree_deactivate(const struct net *net, nft_rbtree_interval_end(this)) { parent = parent->rb_right; continue; + } else if (nft_set_elem_expired(&rbe->ext)) { + break; } else if (!nft_set_elem_active(&rbe->ext, genmask)) { parent = parent->rb_left; continue;