Removal of many set elements, e.g. during set flush or ruleset deletion, can sometimes fail due to memory pressure. Reduce likelyhood of this happening and enable sleeping allocations for this. Florian Westphal (2): netfilter: nf_tables: allow iter callbacks to sleep netfilter: nf_tables: all transaction allocations can now sleep include/net/netfilter/nf_tables.h | 2 + net/netfilter/nf_tables_api.c | 43 +++++-------- net/netfilter/nft_set_hash.c | 102 +++++++++++++++++++++++++++++- net/netfilter/nft_set_rbtree.c | 35 +++++++--- 4 files changed, 144 insertions(+), 38 deletions(-) -- 2.50.0
