[SRU][F][PATCH 1/1] UBUNTU: SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
Ian Whitfield
ian.whitfield at canonical.com
Fri Dec 6 21:29:52 UTC 2024
BugLink: https://bugs.launchpad.net/bugs/2089699
Our backport of upstream commit e79b47a8615d introduced a bug in the
reference counting of chains in nf_tables that resulted in some valid
chain deletion transactions to fail with the error "Error: Could not
process rule: Device or resource busy". This bug is not present in
the upstream stable backport to linux-6.6.y, commit 164936b2fc88.
To resolve the bug, this commit modifies our backport to match commit
164936b2fc88883341fe7a2d9c42b69020e5cafd in linux-6.6.y more closely.
Fixes: 7229d85af281 ("netfilter: nf_tables: restore set elements when delete set fails")
Signed-off-by: Ian Whitfield <ian.whitfield at canonical.com>
---
net/netfilter/nf_tables_api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ada5e54e0fde..f0d7dc7842e8 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -426,7 +426,7 @@ static int nft_mapelem_deactivate(const struct nft_ctx *ctx,
const struct nft_set_iter *iter,
struct nft_set_elem *elem)
{
- struct nft_set_ext *ext = nft_set_elem_ext(set, elem);
+ struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
if (!nft_set_elem_active(ext, iter->genmask))
return 0;
@@ -4148,7 +4148,7 @@ static int nft_mapelem_activate(const struct nft_ctx *ctx,
const struct nft_set_iter *iter,
struct nft_set_elem *elem)
{
- struct nft_set_ext *ext = nft_set_elem_ext(set, elem);
+ struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
/* called from abort path, reverse check to undo changes. */
if (nft_set_elem_active(ext, iter->genmask))
--
2.43.0
More information about the kernel-team
mailing list