Commit 8b8a2417 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nft_set_pipapo: prepare destroy function for on-demand clone 



Once priv->clone can be NULL in case no insertions/removals occurred
in the last transaction we need to drop set elements from priv->match
if priv->clone is NULL.

While at it, condense this function by reusing the pipapo_free_match
helper instead of open-coded version.

The rcu_barrier() is removed, its not needed: old call_rcu instances
for pipapo_reclaim_match do not access struct nft_set.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Reviewed-by: default avatarStefano Brivio <sbrivio@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 80efd299

net/netfilter/nft_set_pipapo.c

+6 −21
Original line number Diff line number Diff line
@@ -2326,33 +2326,18 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx, 
{

	struct nft_pipapo *priv = nft_set_priv(set);

	struct nft_pipapo_match *m;

	int cpu;



	m = rcu_dereference_protected(priv->match, true);

	if (m) {

		rcu_barrier();



		for_each_possible_cpu(cpu)

			pipapo_free_scratch(m, cpu);

		free_percpu(m->scratch);

		pipapo_free_fields(m);

		kfree(m);

		priv->match = NULL;

	}



	if (priv->clone) {

		m = priv->clone;



		nft_set_pipapo_match_destroy(ctx, set, m);



		for_each_possible_cpu(cpu)

			pipapo_free_scratch(priv->clone, cpu);

		free_percpu(priv->clone->scratch);



		pipapo_free_fields(priv->clone);

		kfree(priv->clone);

		nft_set_pipapo_match_destroy(ctx, set, priv->clone);

		pipapo_free_match(priv->clone);

		priv->clone = NULL;

	} else {

		nft_set_pipapo_match_destroy(ctx, set, m);

	}



	pipapo_free_match(m);

}



/**