diff options
| author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2024-02-05 12:31:16 +0100 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2024-02-05 12:34:31 +0100 |
| commit | 099916e8f2c0a9c84f79469a8db49f775d4af16e (patch) | |
| tree | 09b81ada89d1fdb34089c8b6f2a4cb566b05a2f0 | |
| parent | b2f78c1935480208e9629a73e7967e5842282e7a (diff) | |
netfilter: ipset: remove set destroy at ip_set module removal
The ip_set module can only be removed when all set module type modules
are already removed. A set type module can only be removed when all sets
belonging to the given type are already removed. So it is not possible
that there's any set defined at ip_set module removal.
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
| -rw-r--r-- | kernel/net/netfilter/ipset/ip_set_core.c | 27 |
1 files changed, 3 insertions, 24 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index a99c1bd..c31dbc3 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -30,7 +30,6 @@ static DEFINE_RWLOCK(ip_set_ref_lock); /* protects the set refs */ struct ip_set_net { struct ip_set * __rcu *ip_set_list; /* all individual sets */ ip_set_id_t ip_set_max; /* max number of sets */ - bool is_deleted; /* deleted by ip_set_net_exit */ bool is_destroyed; /* all sets are destroyed */ }; @@ -926,11 +925,9 @@ ip_set_nfnl_put(struct net *net, ip_set_id_t index) struct ip_set_net *inst = ip_set_pernet(net); nfnl_lock(NFNL_SUBSYS_IPSET); - if (!inst->is_deleted) { /* already deleted from ip_set_net_exit() */ - set = ip_set(inst, index); - if (set) - __ip_set_put(set); - } + set = ip_set(inst, index); + if (set) + __ip_set_put(set); nfnl_unlock(NFNL_SUBSYS_IPSET); } EXPORT_SYMBOL_GPL(ip_set_nfnl_put); @@ -2484,7 +2481,6 @@ ip_set_net_init(struct net *net) #else goto err_alloc; #endif - inst->is_deleted = false; inst->is_destroyed = false; rcu_assign_pointer(inst->ip_set_list, list); return 0; @@ -2501,20 +2497,6 @@ ip_set_net_exit(struct net *net) { struct ip_set_net *inst = ip_set_pernet(net); - struct ip_set *set = NULL; - ip_set_id_t i; - - inst->is_deleted = true; /* flag for ip_set_nfnl_put */ - - nfnl_lock(NFNL_SUBSYS_IPSET); - for (i = 0; i < inst->ip_set_max; i++) { - set = ip_set(inst, i); - if (set) { - ip_set(inst, i) = NULL; - ip_set_destroy_set(set); - } - } - nfnl_unlock(NFNL_SUBSYS_IPSET); kvfree(rcu_dereference_protected(inst->ip_set_list, 1)); #ifndef HAVE_NET_OPS_ID kvfree(inst); @@ -2581,9 +2563,6 @@ ip_set_fini(void) nfnetlink_subsys_unregister(&ip_set_netlink_subsys); UNREGISTER_PERNET_SUBSYS(&ip_set_net_ops); - /* Wait for call_rcu() in destroy */ - rcu_barrier(); - pr_debug("these are the famous last words\n"); } |