Commits
Vasily Averin authored and Konstantin Khorenko committed e54d6e25df6
ms/netfilter: nf_tables: avoid global info storage ML commit 2a43ecf96ba6a6eed70dbcd99d0888fc0ad3b82b Author: Florian Westphal <fw@strlen.de> Date: Wed Jul 11 13:45:13 2018 +0200 netfilter: nf_tables: avoid global info storage This works because all accesses are currently serialized by nfnl nf_tables subsys mutex. If we want to have per-netns locking, we need to make this scratch area pernetns or allocate it on demand. This does the latter, its ~28kbyte but we can fallback to vmalloc so it should be fine. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> VvS: backported to vz7.114.x kernels to fix high-order-allocation warning https://jira.sw.ru/browse/PSBM-98682 Signed-off-by: Vasily Averin <vvs@virtuozzo.com>