Quan Tian <tianquan23@xxxxxxxxx> wrote: > In nf_tables_commit(): > The 1st trans swaps old udata with 1st new udata; > The 2nd trans swaps 1st new udata with 2nd new udata. > > In nft_commit_release(): > The 1st trans frees old udata; > The 2nd trans frees 1st new udata. > > So multiple udata requests in a batch could work? Yes, it could work indeed but we got bitten by subtle bugs with back-to-back updates. If there is a simple way to detect and reject this then I believe its better to disallow it. Unless you come up with a use-case where such back-to-back udate updates make sense of course.
