netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

commit b079155faae94e9b3ab9337e82100a914ebb4e8d upstream.

Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC
might collect the same element more than once.

Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name netfilter-nft_set_hash-try-later-when-gc-hits-eagain.patch

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 68a16ee37b3d017ac90d24b16a14dca86e89ceb8..f0a9ad1c4ea44230198dee53f61ce430461743d7 100644 (file)
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -324,12 +324,9 @@ static void nft_rhash_gc(struct work_struct *work)
 
        while ((he = rhashtable_walk_next(&hti))) {
                if (IS_ERR(he)) {
-                       if (PTR_ERR(he) != -EAGAIN) {
-                               nft_trans_gc_destroy(gc);
-                               gc = NULL;
-                               goto try_later;
-                       }
-                       continue;
+                       nft_trans_gc_destroy(gc);
+                       gc = NULL;
+                       goto try_later;
                }
 
                /* Ruleset has been updated, try later. */