netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH (c0362b57) · Commits · git / linux-nf

net/netfilter/nf_conncount.c

+17 −7

Original line number	Diff line number	Diff line
		@@ -278,7 +278,7 @@ void nf_conncount_list_init(struct nf_conncount_list *list)
		EXPORT_SYMBOL_GPL(nf_conncount_list_init);

		/* Return true if the list is empty. Must be called with BH disabled. */
		bool nf_conncount_gc_list(struct net *net,
		static bool __nf_conncount_gc_list(struct net *net,
		struct nf_conncount_list *list)
		{
		const struct nf_conntrack_tuple_hash *found;
		@@ -291,10 +291,6 @@ bool nf_conncount_gc_list(struct net *net,
		if ((u32)jiffies == READ_ONCE(list->last_gc))
		return false;

		/* don't bother if other cpu is already doing GC */
		if (!spin_trylock(&list->list_lock))
		return false;

		list_for_each_entry_safe(conn, conn_n, &list->head, node) {
		found = find_or_evict(net, list, conn);
		if (IS_ERR(found)) {
		@@ -323,7 +319,21 @@ bool nf_conncount_gc_list(struct net *net,
		if (!list->count)
		ret = true;
		list->last_gc = (u32)jiffies;
		spin_unlock(&list->list_lock);

		return ret;
		}

		bool nf_conncount_gc_list(struct net *net,
		struct nf_conncount_list *list)
		{
		bool ret;

		/* don't bother if other cpu is already doing GC */
		if (!spin_trylock_bh(&list->list_lock))
		return false;

		ret = __nf_conncount_gc_list(net, list);
		spin_unlock_bh(&list->list_lock);

		return ret;
		}

+1 −6

Original line number	Diff line number	Diff line
		@@ -223,13 +223,8 @@ static void nft_connlimit_destroy_clone(const struct nft_ctx *ctx,
		static bool nft_connlimit_gc(struct net net, const struct nft_expr expr)
		{
		struct nft_connlimit *priv = nft_expr_priv(expr);
		bool ret;

		local_bh_disable();
		ret = nf_conncount_gc_list(net, priv->list);
		local_bh_enable();

		return ret;
		return nf_conncount_gc_list(net, priv->list);
		}

		static struct nft_expr_type nft_connlimit_type;