Sven Auhagen reports memory allocation errors during set flush. This is because of GFP_ATOMIC allocations because rhashtable walker uses rcu and cannot sleep. Build a linear list in rhashtable walker, drop rcu read lock and then call the iter callback in a second loop. This allows use of GFP_KERNEL allocations. The second loop has no noticeable impact on set flush durations, even for large (800k entries) sets. Florian Westphal (2): netfilter: nf_tables: allow iter callbacks to sleep netfilter: nf_tables: all transaction allocations can now sleep include/net/netfilter/nf_tables.h | 2 + net/netfilter/nf_tables_api.c | 47 ++++++-------- net/netfilter/nft_set_hash.c | 102 +++++++++++++++++++++++++++++- net/netfilter/nft_set_rbtree.c | 35 +++++++--- 4 files changed, 147 insertions(+), 39 deletions(-) -- 2.49.1
