netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

Skip GC run if iterator rewinds to the beginning with EAGAIN, otherwise GC
might collect the same element more than once.

Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index eca20dc601384efc34341c0fa830cd07316d21f5..2013de934cef096ac8fa512c1cd4bc18c7c52c10 100644 (file)
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -338,12 +338,9 @@ static void nft_rhash_gc(struct work_struct *work)
 
        while ((he = rhashtable_walk_next(&hti))) {
                if (IS_ERR(he)) {
-                       if (PTR_ERR(he) != -EAGAIN) {
-                               nft_trans_gc_destroy(gc);
-                               gc = NULL;
-                               goto try_later;
-                       }
-                       continue;
+                       nft_trans_gc_destroy(gc);
+                       gc = NULL;
+                       goto try_later;
                }
 
                /* Ruleset has been updated, try later. */