Re: [PATCH v3 nf-next 2/2] netfilter: nf_tables: support updating userdata for nft_table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Mon, Mar 11, 2024 at 10:14:54PM +0800, Quan Tian wrote:
> > The NFTA_TABLE_USERDATA attribute was ignored on updates. The patch adds
> > handling for it to support table comment updates.
> dump path is lockless:
>         if (table->udata) {
>                 if (nla_put(skb, NFTA_TABLE_USERDATA, table->udlen, table->udata))
>                         goto nla_put_failure;
>         }
> there are two things to update at the same time here, table->udata and
> table->udlen.
> This needs to be reworked fully if updates are required.

See first patch in the series, it makes this a single pointer,
but you are right...

> then, update struct nft_table to have:
>         struct nft_userdata __rcu *user;

.. this needs an __rcu annotation.  I'll respond
to patch 1 too.

> BTW, does swap() ensure rcu semantics?

No, this needs to use rcu_replace_pointer() and manual update
of the old one stored in the transaction update.

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux