netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4)

3f0465a9ef02 ("netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables") reworks flowtable support to allow for dynamic allocation of hooks, which implicitly fixes the following bogus EBUSY in transaction: delete flowtable add flowtable # same flowtable with same devices, it hits EBUSY This patch does not exist in any tree, but it fixes this issue for -stable Linux kernel 5.4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-11-21 13:13:33 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-11-28 16:50:24 +0000
commit: b053223b7cf418fdf8f12b3d393fe774e7a6e1a8 (patch)
tree: dc2cf21cfa330d82b3bb4b6029d6943acb133011 /net
parent: c35df8b8c572cecd43d56f3c0d94981aeb796ea0 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f379131903e5..78be121f38ac 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6132,6 +6132,9 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk,
 			continue;
 
 		list_for_each_entry(ft, &table->flowtables, list) {
+			if (!nft_is_active_next(net, ft))
+				continue;
+
 			for (k = 0; k < ft->ops_len; k++) {
 				if (!ft->ops[k].dev)
 					continue;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-11-21 13:13:33 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-11-28 16:50:24 +0000
commit	b053223b7cf418fdf8f12b3d393fe774e7a6e1a8 (patch)
tree	dc2cf21cfa330d82b3bb4b6029d6943acb133011 /net
parent	c35df8b8c572cecd43d56f3c0d94981aeb796ea0 (diff)