diff options
| author | Florian Westphal <fw@strlen.de> | 2025-03-18 23:15:22 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-03-22 12:50:50 -0700 |
| commit | a561c6a034c9cbc9b85f8a587863898ab1455d89 (patch) | |
| tree | 525eaf60600f0604f9035905f356add1722fca79 /drivers | |
| parent | f6de68e154ef301aabdc4c1fc475d6917417212f (diff) | |
| download | linux-a561c6a034c9cbc9b85f8a587863898ab1455d89.tar.gz linux-a561c6a034c9cbc9b85f8a587863898ab1455d89.tar.bz2 linux-a561c6a034c9cbc9b85f8a587863898ab1455d89.zip | |
netfilter: nf_tables: allow clone callbacks to sleep
commit fa23e0d4b756d25829e124d6b670a4c6bbd4bf7e upstream.
Sven Auhagen reports transaction failures with following error:
./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory
percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left
This points to failing pcpu allocation with GFP_ATOMIC flag.
However, transactions happen from user context and are allowed to sleep.
One case where we can call into percpu allocator with GFP_ATOMIC is
nft_counter expression.
Normally this happens from control plane, so this could use GFP_KERNEL
instead. But one use case, element insertion from packet path,
needs to use GFP_ATOMIC allocations (nft_dynset expression).
At this time, .clone callbacks always use GFP_ATOMIC for this reason.
Add gfp_t argument to the .clone function and pass GFP_KERNEL or
GFP_ATOMIC flag depending on context, this allows all clone memory
allocations to sleep for the normal (transaction) case.
Cc: Sven Auhagen <sven.auhagen@voleatech.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions