diff options
author | Florian Westphal | 2018-07-11 13:45:14 +0200 |
---|---|---|
committer | Pablo Neira Ayuso | 2018-07-18 11:26:48 +0200 |
commit | f102d66b335a417d4848da9441f585695a838934 (patch) | |
tree | 46cdc1c7f000425f18a87d151b7ab610bd1676f6 /net/netfilter/nft_chain_filter.c | |
parent | netfilter: nf_tables: avoid global info storage (diff) | |
download | kernel-qcow2-linux-f102d66b335a417d4848da9441f585695a838934.tar.gz kernel-qcow2-linux-f102d66b335a417d4848da9441f585695a838934.tar.xz kernel-qcow2-linux-f102d66b335a417d4848da9441f585695a838934.zip |
netfilter: nf_tables: use dedicated mutex to guard transactions
Continue to use nftnl subsys mutex to protect (un)registration of hook types,
expressions and so on, but force batch operations to do their own
locking.
This allows distinct net namespaces to perform transactions in parallel.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_chain_filter.c')
-rw-r--r-- | net/netfilter/nft_chain_filter.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index d21834bed805..ea5b7c4944f6 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -322,7 +322,7 @@ static int nf_tables_netdev_event(struct notifier_block *this, if (!ctx.net) return NOTIFY_DONE; - nfnl_lock(NFNL_SUBSYS_NFTABLES); + mutex_lock(&ctx.net->nft.commit_mutex); list_for_each_entry(table, &ctx.net->nft.tables, list) { if (table->family != NFPROTO_NETDEV) continue; @@ -337,7 +337,7 @@ static int nf_tables_netdev_event(struct notifier_block *this, nft_netdev_event(event, dev, &ctx); } } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); + mutex_unlock(&ctx.net->nft.commit_mutex); put_net(ctx.net); return NOTIFY_DONE; |