Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > @@ -10435,6 +10435,8 @@ static bool nf_tables_valid_genid(struct net *net, u32 genid) > if (!genid_ok) > mutex_unlock(&nft_net->commit_mutex); > > + nft_net->tstamp = get_jiffies_64(); > + I think this should be done while mutex is still held. Not a big deal because time won't advance by a huge margin in case another caller comes along right after the (!genid_ok) unlock. > static inline u32 nft_rhash_key(const void *data, u32 len, u32 seed) > @@ -87,6 +88,7 @@ bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, > .genmask = nft_genmask_cur(net), > .set = set, > .key = key, > + .tstamp = get_jiffies_64(), Hmm. This makes things significantly more complicated, because of the 'lockless' vs. 'transactional update' problem. It would help if we had a uniform way to tell which-is-what, e.g. by passing the nft_ctx for the transactional case or similar. But that this would be even more code churn, so I think its ok.
