diff mbox series

[net-next,v1] netfilter: nfnetlink: convert kfree_skb to consume_skb

Message ID 20240528103754.98985-1-donald.hunter@gmail.com (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series [net-next,v1] netfilter: nfnetlink: convert kfree_skb to consume_skb | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 902 this patch: 902
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 1 maintainers not CCed: coreteam@netfilter.org
netdev/build_clang success Errors and warnings before: 906 this patch: 906
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 906 this patch: 906
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 55 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-05-28--15-00 (tests: 1037)

Commit Message

Donald Hunter May 28, 2024, 10:37 a.m. UTC
Use consume_skb in the batch code path to avoid generating spurious
NOT_SPECIFIED skb drop reasons.

Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
---
 net/netfilter/nfnetlink.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Simon Horman May 31, 2024, 4:14 p.m. UTC | #1
On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
> Use consume_skb in the batch code path to avoid generating spurious
> NOT_SPECIFIED skb drop reasons.
> 
> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>

Hi Donald,

I do wonder if this is the correct approach. I'm happy to stand corrected,
but my understanding is that consume_skb() is for situations where the skb
is no longer needed for reasons other than errors. But some of these
call-sites do appear to be error paths of sorts.

...
Donald Hunter June 3, 2024, 9:19 a.m. UTC | #2
Simon Horman <horms@kernel.org> writes:

> On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
>> Use consume_skb in the batch code path to avoid generating spurious
>> NOT_SPECIFIED skb drop reasons.
>> 
>> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
>
> Hi Donald,
>
> I do wonder if this is the correct approach. I'm happy to stand corrected,
> but my understanding is that consume_skb() is for situations where the skb
> is no longer needed for reasons other than errors. But some of these
> call-sites do appear to be error paths of sorts.
>
> ...

Hi Simon,

They all look to be application layer errors which are either
communicated back to the client or cause a replay. My understanding is
that consume_skb() should be used here since kfree_skb() now implies a
(transport?) drop.
Simon Horman June 3, 2024, 12:09 p.m. UTC | #3
On Mon, Jun 03, 2024 at 10:19:27AM +0100, Donald Hunter wrote:
> Simon Horman <horms@kernel.org> writes:
> 
> > On Tue, May 28, 2024 at 11:37:54AM +0100, Donald Hunter wrote:
> >> Use consume_skb in the batch code path to avoid generating spurious
> >> NOT_SPECIFIED skb drop reasons.
> >> 
> >> Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
> >
> > Hi Donald,
> >
> > I do wonder if this is the correct approach. I'm happy to stand corrected,
> > but my understanding is that consume_skb() is for situations where the skb
> > is no longer needed for reasons other than errors. But some of these
> > call-sites do appear to be error paths of sorts.
> >
> > ...
> 
> Hi Simon,
> 
> They all look to be application layer errors which are either
> communicated back to the client or cause a replay. My understanding is
> that consume_skb() should be used here since kfree_skb() now implies a
> (transport?) drop.

Hi Donald,

Thanks, that makes sense to me.
diff mbox series

Patch

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 4abf660c7baf..c164abcc326b 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -402,27 +402,27 @@  static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		{
 			nfnl_unlock(subsys_id);
 			netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-			return kfree_skb(skb);
+			return consume_skb(skb);
 		}
 	}
 
 	if (!ss->valid_genid || !ss->commit || !ss->abort) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	if (!try_module_get(ss->owner)) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	if (!ss->valid_genid(net, genid)) {
 		module_put(ss->owner);
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -ERESTART, NULL);
-		return kfree_skb(skb);
+		return consume_skb(skb);
 	}
 
 	nfnl_unlock(subsys_id);
@@ -565,7 +565,7 @@  static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 	if (status & NFNL_BATCH_REPLAY) {
 		ss->abort(net, oskb, NFNL_ABORT_AUTOLOAD);
 		nfnl_err_reset(&err_list);
-		kfree_skb(skb);
+		consume_skb(skb);
 		module_put(ss->owner);
 		goto replay;
 	} else if (status == NFNL_BATCH_DONE) {
@@ -590,7 +590,7 @@  static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		err = ss->abort(net, oskb, abort_action);
 		if (err == -EAGAIN) {
 			nfnl_err_reset(&err_list);
-			kfree_skb(skb);
+			consume_skb(skb);
 			module_put(ss->owner);
 			status |= NFNL_BATCH_FAILURE;
 			goto replay_abort;
@@ -598,7 +598,7 @@  static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 	}
 
 	nfnl_err_deliver(&err_list, oskb);
-	kfree_skb(skb);
+	consume_skb(skb);
 	module_put(ss->owner);
 }