netfilter: nf_tables: use dedicated mutex to guard transactions

Continue to use nftnl subsys mutex to protect (un)registration of hook types, expressions and so on, but force batch operations to do their own locking. This allows distinct net namespaces to perform transactions in parallel. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-07-11 13:45:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-07-18 11:26:48 +0200
commit: f102d66b335a417d4848da9441f585695a838934 (patch)
tree: 46cdc1c7f000425f18a87d151b7ab610bd1676f6 /net/netfilter/nfnetlink.c
parent: 2a43ecf96ba6a6eed70dbcd99d0888fc0ad3b82b (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index dd1d7bc23b03..916913454624 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -350,6 +350,8 @@ replay:
 		return kfree_skb(skb);
 	}
 
+	nfnl_unlock(subsys_id);
+
 	while (skb->len >= nlmsg_total_size(0)) {
 		int msglen, type;
 
@@ -471,13 +473,8 @@ ack:
 	}
 done:
 	if (status & NFNL_BATCH_REPLAY) {
-		const struct nfnetlink_subsystem *ss2;
-
-		ss2 = nfnl_dereference_protected(subsys_id);
-		if (ss2 == ss)
-			ss->abort(net, oskb);
+		ss->abort(net, oskb);
 		nfnl_err_reset(&err_list);
-		nfnl_unlock(subsys_id);
 		kfree_skb(skb);
 		module_put(ss->owner);
 		goto replay;
@@ -497,7 +494,6 @@ done:
 		ss->cleanup(net);
 
 	nfnl_err_deliver(&err_list, oskb);
-	nfnl_unlock(subsys_id);
 	kfree_skb(skb);
 	module_put(ss->owner);
 }
author	Florian Westphal <fw@strlen.de>	2018-07-11 13:45:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-07-18 11:26:48 +0200
commit	f102d66b335a417d4848da9441f585695a838934 (patch)
tree	46cdc1c7f000425f18a87d151b7ab610bd1676f6 /net/netfilter/nfnetlink.c
parent	2a43ecf96ba6a6eed70dbcd99d0888fc0ad3b82b (diff)