netfilter: nf_tables: fail batch if fatal signal is pending

abort batch processing and return so task can exit faster.
Otherwise even SIGKILL has no immediate effect.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 88c9e222b67094fb641318e2bfa99a459fb2cf63..5a1bd23af1a379fe3525b518b8ffc31035247982 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -25,6 +25,7 @@
 #include <linux/uaccess.h>
 #include <net/sock.h>
 #include <linux/init.h>
+#include <linux/sched/signal.h>
 
 #include <net/netlink.h>
 #include <linux/netfilter/nfnetlink.h>
@@ -330,6 +331,13 @@ replay:
        while (skb->len >= nlmsg_total_size(0)) {
                int msglen, type;
 
+               if (fatal_signal_pending(current)) {
+                       nfnl_err_reset(&err_list);
+                       err = -EINTR;
+                       status = NFNL_BATCH_FAILURE;
+                       goto done;
+               }
+
                memset(&extack, 0, sizeof(extack));
                nlh = nlmsg_hdr(skb);
                err = 0;