Merge tag 'nf-24-01-31' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

	/* Return true if "b" set is the same as "a"

	 * according to the create set parameters */

	bool (*same_set)(const struct ip_set *a, const struct ip_set *b);

	/* Cancel ongoing garbage collectors before destroying the set*/

	void (*cancel_gc)(struct ip_set *set);

	/* Region-locking is used */

	bool region_lock;

};

/* A generic IP set */

struct ip_set {

	/* For call_cru in destroy */

	struct rcu_head rcu;

	/* The name of the set */

	char name[IPSET_MAXNAMELEN];

	/* Lock protecting the set data */

 *	@type: stateful object numeric type

 *	@owner: module owner

 *	@maxattr: maximum netlink attribute

 *	@family: address family for AF-specific object types

 *	@policy: netlink attribute policy

 */

struct nft_object_type {

	struct list_head		list;

	u32				type;

	unsigned int                    maxattr;

	u8				family;

	struct module			*owner;

	const struct nla_policy		*policy;

};

#define mtype_del		IPSET_TOKEN(MTYPE, _del)

#define mtype_list		IPSET_TOKEN(MTYPE, _list)

#define mtype_gc		IPSET_TOKEN(MTYPE, _gc)

#define mtype_cancel_gc		IPSET_TOKEN(MTYPE, _cancel_gc)

#define mtype			MTYPE

#define get_ext(set, map, id)	((map)->extensions + ((set)->dsize * (id)))

{

	struct mtype *map = set->data;

	if (SET_WITH_TIMEOUT(set))

		del_timer_sync(&map->gc);

	if (set->dsize && set->extensions & IPSET_EXT_DESTROY)

		mtype_ext_cleanup(set);

	ip_set_free(map->members);

	add_timer(&map->gc);

}

static void

mtype_cancel_gc(struct ip_set *set)

{

	struct mtype *map = set->data;

	if (SET_WITH_TIMEOUT(set))

		del_timer_sync(&map->gc);

}

static const struct ip_set_type_variant mtype = {

	.kadt	= mtype_kadt,

	.uadt	= mtype_uadt,

	.head	= mtype_head,

	.list	= mtype_list,

	.same_set = mtype_same_set,

	.cancel_gc = mtype_cancel_gc,

};

#endif /* __IP_SET_BITMAP_IP_GEN_H */

	kfree(set);

}

static void

ip_set_destroy_set_rcu(struct rcu_head *head)

{

	struct ip_set *set = container_of(head, struct ip_set, rcu);

	ip_set_destroy_set(set);

}

static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info,

			  const struct nlattr * const attr[])

{

	if (unlikely(protocol_min_failed(attr)))

		return -IPSET_ERR_PROTOCOL;

	/* Must wait for flush to be really finished in list:set */

	rcu_barrier();

	/* Commands are serialized and references are

	 * protected by the ip_set_ref_lock.

	 * counter, so if it's already zero, we can proceed

	 * without holding the lock.

	 */

	read_lock_bh(&ip_set_ref_lock);

	if (!attr[IPSET_ATTR_SETNAME]) {

		/* Must wait for flush to be really finished in list:set */

		rcu_barrier();

		read_lock_bh(&ip_set_ref_lock);

		for (i = 0; i < inst->ip_set_max; i++) {

			s = ip_set(inst, i);

			if (s && (s->ref || s->ref_netlink)) {

			s = ip_set(inst, i);

			if (s) {

				ip_set(inst, i) = NULL;

				/* Must cancel garbage collectors */

				s->variant->cancel_gc(s);

				ip_set_destroy_set(s);

			}

		}

		inst->is_destroyed = false;

	} else {

		u32 flags = flag_exist(info->nlh);

		u16 features = 0;

		read_lock_bh(&ip_set_ref_lock);

		s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),

				    &i);

		if (!s) {

			ret = -IPSET_ERR_BUSY;

			goto out;

		}

		features = s->type->features;

		ip_set(inst, i) = NULL;

		read_unlock_bh(&ip_set_ref_lock);

		ip_set_destroy_set(s);

		if (features & IPSET_TYPE_NAME) {

			/* Must wait for flush to be really finished  */

			rcu_barrier();

		}

		/* Must cancel garbage collectors */

		s->variant->cancel_gc(s);

		call_rcu(&s->rcu, ip_set_destroy_set_rcu);

	}

	return 0;

out:

	ip_set(inst, to_id) = from;

	write_unlock_bh(&ip_set_ref_lock);

	/* Make sure all readers of the old set pointers are completed. */

	synchronize_rcu();

	return 0;

}

{

	nf_unregister_sockopt(&so_set);

	nfnetlink_subsys_unregister(&ip_set_netlink_subsys);

	unregister_pernet_subsys(&ip_set_net_ops);

	/* Wait for call_rcu() in destroy */

	rcu_barrier();

	pr_debug("these are the famous last words\n");

}

#undef mtype_gc_do

#undef mtype_gc

#undef mtype_gc_init

#undef mtype_cancel_gc

#undef mtype_variant

#undef mtype_data_match

#define mtype_gc_do		IPSET_TOKEN(MTYPE, _gc_do)

#define mtype_gc		IPSET_TOKEN(MTYPE, _gc)

#define mtype_gc_init		IPSET_TOKEN(MTYPE, _gc_init)

#define mtype_cancel_gc		IPSET_TOKEN(MTYPE, _cancel_gc)

#define mtype_variant		IPSET_TOKEN(MTYPE, _variant)

#define mtype_data_match	IPSET_TOKEN(MTYPE, _data_match)

	struct htype *h = set->data;

	struct list_head *l, *lt;

	if (SET_WITH_TIMEOUT(set))

		cancel_delayed_work_sync(&h->gc.dwork);

	mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);

	list_for_each_safe(l, lt, &h->ad) {

		list_del(l);

	queue_delayed_work(system_power_efficient_wq, &gc->dwork, HZ);

}

static void

mtype_cancel_gc(struct ip_set *set)

{

	struct htype *h = set->data;

	if (SET_WITH_TIMEOUT(set))

		cancel_delayed_work_sync(&h->gc.dwork);

}

static int

mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,

	  struct ip_set_ext *mext, u32 flags);

	.uref	= mtype_uref,

	.resize	= mtype_resize,

	.same_set = mtype_same_set,

	.cancel_gc = mtype_cancel_gc,

	.region_lock = true,

};