This series attempts to solve for the potential invalidation of table
and set pointers in v3's nf_tables_getsetelem_reset function.
Patch 2 introduces an initializer function for struct nft_set_dump_ctx
which takes care of the table and set lookups. It will be called for
NLM_F_DUMP requests to prepare the dump context and for non-NLM_F_DUMP
requests inside the critical section to perform the necessary lookups.
The dump context's fields are then passed to nft_get_set_elem function.
Since the 'set' field in said dump context is marked const, patch 1 is
needed for called functions to respect the qualifier.
Patch 3 then adds the actual locking counterparts to
nf_tables_getsetelem and nf_tables_dump_set.
Phil Sutter (3):
netfilter: nf_tables: Pass const set to nft_get_set_elem
netfilter: nf_tables: Introduce nft_set_dump_ctx_init()
netfilter: nf_tables: Add locking for NFT_MSG_GETSETELEM_RESET
requests
net/netfilter/nf_tables_api.c | 135 +++++++++++++++++++++++++++-------
1 file changed, 108 insertions(+), 27 deletions(-)
--
2.41.0
