From: Florian Westphal <fw@strlen.de>
To: Shigeru Yoshida <syoshida@redhat.com>
Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
syzbot+178efee9e2d7f87f5103@syzkaller.appspotmail.com
Subject: Re: [PATCH] netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
Date: Thu, 3 Nov 2022 14:18:29 +0100 [thread overview]
Message-ID: <20221103131829.GB29268@breakpoint.cc> (raw)
In-Reply-To: <20221103130849.1624522-1-syoshida@redhat.com>
Shigeru Yoshida <syoshida@redhat.com> wrote:
> syzbot reported a warning like below [1]:
>
> This patch fixes this issue by calling __nf_tables_abort() when
> nft_net->module_list is not empty in nf_tables_exit_net().
Fixes: eb014de4fd41 ("netfilter: nf_tables: autoload modules from the abort path")
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index 58d9cbc9ccdc..a7579d16f59f 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -10088,7 +10088,8 @@ static void __net_exit nf_tables_exit_net(struct net *net)
> struct nftables_pernet *nft_net = nft_pernet(net);
>
> mutex_lock(&nft_net->commit_mutex);
> - if (!list_empty(&nft_net->commit_list))
> + if (!list_empty(&nft_net->commit_list) ||
> + !list_empty(&nft_net->module_list))
> __nf_tables_abort(net, NFNL_ABORT_NONE);
Maybe just an unconditionall call to nf_tables_module_autoload_cleanup().
Or, alternatively, unconditionally call __nf_tables_abort().
The downside is that we will need to change __nf_tables_abort to elide
synchronize_rcu() unless needed -- else netns dismantling might become
too expensive.
OTOH, module_list should always be empty here, so this is ok.
Reviewed-by: Florian Westphal <fw@strlen.de>
prev parent reply other threads:[~2022-11-03 13:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-03 13:08 [PATCH] netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() Shigeru Yoshida
2022-11-03 13:18 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221103131829.GB29268@breakpoint.cc \
--to=fw@strlen.de \
--cc=coreteam@netfilter.org \
--cc=kadlec@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=syoshida@redhat.com \
--cc=syzbot+178efee9e2d7f87f5103@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.