netfilter: nf_tables: use dedicated mutex to guard transactions

Continue to use nftnl subsys mutex to protect (un)registration of hook types, expressions and so on, but force batch operations to do their own locking. This allows distinct net namespaces to perform transactions in parallel. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-07-11 13:45:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-07-18 11:26:48 +0200
commit: f102d66b335a417d4848da9441f585695a838934 (patch)
tree: 46cdc1c7f000425f18a87d151b7ab610bd1676f6 /net/netfilter/nft_dynset.c
parent: 2a43ecf96ba6a6eed70dbcd99d0888fc0ad3b82b (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 27d7e4598ab6..81184c244d1a 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -118,6 +118,8 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 	u64 timeout;
 	int err;
 
+	lockdep_assert_held(&ctx->net->nft.commit_mutex);
+
 	if (tb[NFTA_DYNSET_SET_NAME] == NULL ||
 	    tb[NFTA_DYNSET_OP] == NULL ||
 	    tb[NFTA_DYNSET_SREG_KEY] == NULL)
author	Florian Westphal <fw@strlen.de>	2018-07-11 13:45:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-07-18 11:26:48 +0200
commit	f102d66b335a417d4848da9441f585695a838934 (patch)
tree	46cdc1c7f000425f18a87d151b7ab610bd1676f6 /net/netfilter/nft_dynset.c
parent	2a43ecf96ba6a6eed70dbcd99d0888fc0ad3b82b (diff)