From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nf-next 0/7] netfilter: nf_tables: avoid PROVE_RCU_LIST splats
Date: Fri, 25 Oct 2024 15:32:17 +0200 [thread overview]
Message-ID: <20241025133230.22491-1-fw@strlen.de> (raw)
Mathieu reported a lockdep splat on rule deletion with
CONFIG_RCU_LIST=y.
Unfortunately there are many more errors, and not all are false
positives.
First patches pass lockdep_commit_lock_is_held() to the rcu
list traversal macro so that those splats are avoided.
The last two patches are real code change as opposed to
'pass the transaction mutex to relax rcu check':
Those two lists are not protected by transaction mutex so
could be altered in parallel.
Aside from context these patches could be applied in any order.
This targets nf-next because these are long-standing issues so
it seems wrong to fix it this late in the release cycle.
Florian Westphal (7):
netfilter: nf_tables: avoid false-positive lockdep splat on rule
deletion
netfilter: nf_tables: avoid false-positive lockdep splats with sets
netfilter: nf_tables: avoid false-positive lockdep splats with
flowtables
netfilter: nf_tables: avoid false-positive lockdep splats in set
walker
netfilter: nf_tables: avoid false-positive lockdep splats with
basechain hook
netfilter: nf_tables: must hold rcu read lock while iterating
expression type list
netfilter: nf_tables: must hold rcu read lock while iterating object
type list
include/net/netfilter/nf_tables.h | 3 +-
net/netfilter/nf_tables_api.c | 110 ++++++++++++++++++------------
net/netfilter/nft_flow_offload.c | 4 +-
net/netfilter/nft_set_bitmap.c | 10 +--
net/netfilter/nft_set_hash.c | 3 +-
5 files changed, 79 insertions(+), 51 deletions(-)
--
2.45.2
next reply other threads:[~2024-10-25 13:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-25 13:32 Florian Westphal [this message]
2024-10-25 13:32 ` [PATCH nf-next 1/7] netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Florian Westphal
2024-10-25 15:09 ` Matthieu Baerts
2024-10-26 9:35 ` Florian Westphal
2024-10-26 11:20 ` Matthieu Baerts
2024-10-25 13:32 ` [PATCH nf-next 2/7] netfilter: nf_tables: avoid false-positive lockdep splats with sets Florian Westphal
2024-10-25 13:32 ` [PATCH nf-next 3/7] netfilter: nf_tables: avoid false-positive lockdep splats with flowtables Florian Westphal
2024-10-25 13:32 ` [PATCH nf-next 4/7] netfilter: nf_tables: avoid false-positive lockdep splats in set walker Florian Westphal
2024-10-25 13:32 ` [PATCH nf-next 5/7] netfilter: nf_tables: avoid false-positive lockdep splats with basechain hook Florian Westphal
2024-10-25 14:40 ` Phil Sutter
2024-10-25 13:32 ` [PATCH nf-next 6/7] netfilter: nf_tables: must hold rcu read lock while iterating expression type list Florian Westphal
2024-10-26 9:39 ` Florian Westphal
2024-10-25 13:32 ` [PATCH nf-next 7/7] netfilter: nf_tables: must hold rcu read lock while iterating object " Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241025133230.22491-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.