diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-09-03 02:06:41 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-10-17 16:10:44 +0300 |
| commit | 616aa2873969feb4e701baa72acf7306b2601e3e (patch) | |
| tree | a272ab1643eafb93c579ca025a7d685204e3a2eb /net | |
| parent | 94e8c988468dafde1d2bfe0532a60a3117f6394b (diff) | |
| download | linux-616aa2873969feb4e701baa72acf7306b2601e3e.tar.xz | |
netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
[ Upstream commit e0c47281723f301894c14e6f5cd5884fdfb813f9 ]
Element timeout that is below CONFIG_HZ never expires because the
timeout extension is not allocated given that nf_msecs_to_jiffies64()
returns 0. Set timeout to the minimum value to honor timeout.
Fixes: 8e1102d5a159 ("netfilter: nf_tables: support timeouts larger than 23 days")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index df10a2047bb0..c00a9495f345 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4153,7 +4153,7 @@ int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result) return -ERANGE; ms *= NSEC_PER_MSEC; - *result = nsecs_to_jiffies64(ms); + *result = nsecs_to_jiffies64(ms) ? : !!ms; return 0; } |