Pandora Sourcecodes - pandora-kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 23 May 2014 10:39:26 +0000 (12:39 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 2 Jun 2014 08:54:35 +0000 (10:54 +0200)
commit	4fefee570d8e35d950e6b7294618e2035e669308
tree	6fb7445e5ec3f6caf139515c4d2f48ca56078c88	tree \| snapshot
parent	7632667d26a99d3b33ec8dd522c4086653ff9388	commit \| diff

netfilter: nf_tables: allow to delete several objects from a batch

Three changes to allow the deletion of several objects with dependencies
in one transaction, they are:

1) Introduce speculative counter increment/decrement that is undone in
   the abort path if required, thus we avoid hitting -EBUSY when deleting
   the chain. The counter updates are reverted in the abort path.

2) Increment/decrement table/chain use counter for each set/rule. We need
   this to fully rely on the use counters instead of the list content,
   eg. !list_empty(&chain->rules) which evaluate true in the middle of the
   transaction.

3) Decrement table use counter when an anonymous set is bound to the
   rule in the commit path. This avoids hitting -EBUSY when deleting
   the table that contains anonymous sets. The anonymous sets are released
   in the nf_tables_rule_destroy path. This should not be a problem since
   the rule already bumped the use counter of the chain, so the bound
   anonymous set reflects dependencies through the rule object, which
   already increases the chain use counter.

So the general assumption after this patch is that the use counters are
bumped by direct object dependencies.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>