netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

commit b079155faae94e9b3ab9337e82100a914ebb4e8d upstream. Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC might collect the same element more than once. Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-09-22 19:30:28 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-10-06 15:56:35 +0300
commit: be4fbbbcd2f20c2cd0421f530f45c5545c3a4886 (patch)
tree: d85263ca9e733c9a08b6874aa00c71fc7260cd88 /net
parent: 973288e9d9886750684876eec70e0bc55b10607c (diff)
download: linux-be4fbbbcd2f20c2cd0421f530f45c5545c3a4886.tar.xz
1 files changed, 3 insertions, 6 deletions
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index eca20dc60138..2013de934cef 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -338,12 +338,9 @@ static void nft_rhash_gc(struct work_struct *work)
 
 	while ((he = rhashtable_walk_next(&hti))) {
 		if (IS_ERR(he)) {
-			if (PTR_ERR(he) != -EAGAIN) {
-				nft_trans_gc_destroy(gc);
-				gc = NULL;
-				goto try_later;
-			}
-			continue;
+			nft_trans_gc_destroy(gc);
+			gc = NULL;
+			goto try_later;
 		}
 
 		/* Ruleset has been updated, try later. */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-09-22 19:30:28 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-10-06 15:56:35 +0300
commit	be4fbbbcd2f20c2cd0421f530f45c5545c3a4886 (patch)
tree	d85263ca9e733c9a08b6874aa00c71fc7260cd88 /net
parent	973288e9d9886750684876eec70e0bc55b10607c (diff)
download	linux-be4fbbbcd2f20c2cd0421f530f45c5545c3a4886.tar.xz