netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

commit b079155faae94e9b3ab9337e82100a914ebb4e8d upstream. Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC might collect the same element more than once. Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-11-21 13:13:26 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-11-28 16:50:23 +0000
commit: b95d7af657a8de2b5935269b1920125636538140 (patch)
tree: dec14f6740111123193df0a66c6bd2b62856dd7b /net
parent: 61a7b3de20e23ba0209497c07653629523b8653e (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 00da952cba3f..0581d5499c5a 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -324,12 +324,9 @@ static void nft_rhash_gc(struct work_struct *work)
 
 	while ((he = rhashtable_walk_next(&hti))) {
 		if (IS_ERR(he)) {
-			if (PTR_ERR(he) != -EAGAIN) {
-				nft_trans_gc_destroy(gc);
-				gc = NULL;
-				goto try_later;
-			}
-			continue;
+			nft_trans_gc_destroy(gc);
+			gc = NULL;
+			goto try_later;
 		}
 
 		/* Ruleset has been updated, try later. */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-11-21 13:13:26 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-11-28 16:50:23 +0000
commit	b95d7af657a8de2b5935269b1920125636538140 (patch)
tree	dec14f6740111123193df0a66c6bd2b62856dd7b /net
parent	61a7b3de20e23ba0209497c07653629523b8653e (diff)