From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel <netfilter-devel@vger.kernel.org>,
syzkaller-bugs@googlegroups.com,
syzbot+b26935466701e56cfdc2@syzkaller.appspotmail.com
Subject: Re: [PATCH nf] netfilter: nf_tables: do not defer rule destruction via call_rcu
Date: Mon, 9 Dec 2024 23:04:01 +0100 [thread overview]
Message-ID: <20241209220401.GA4709@breakpoint.cc> (raw)
In-Reply-To: <Z1dgtm5IhoJW5vGL@calendula>
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > One way would be to allocate nft_trans_rule objects + one nft_trans_chain
> > object, deactivate the rules + the chain and then defer the freeing to the
> > nft destroy workqueue. We'd still need to keep the synchronize_rcu path as
> > a fallback to handle -ENOMEM corner cases though.
>
> I think it can be done _without_ nft_trans objects.
>
> Since the commit mutex is held in this netdev event path: Remove this
> basechain, deactivate rules and add basechain to global list protected
> with spinlock, it invokes worker. Then, worker zaps this list
> basechains, it calls synchronize_rcu() and it destroys rules and then
> basechain. No memory allocations needed in this case?
I don't think its possible due to netlink dumps.
Its safe for normal commit path because list_del_rcu() gets called on
these objects (making them unreachable for new dumps), then,
synchronize_rcu is called (so all concurrent dumpers are done) and then
we free.
It would work if you add a new list_head to the basechain, then you
could just link the basechain object to some other list and then
call nf_tables_rule_release() AFTER a synchronize_rcu because rules
can't be picked up if the owning chain is no longer reachable.
However, I do wonder how complex it would be.
This is tricky to get right and I'm not sure this patch adds a
noticeable issue, see nft_rcv_nl_event() which has similar pattern,
i.e. synchronize_rcu() is called.
I'm not saying we should not consider async route, but maybe better
to followup in -next?
next prev parent reply other threads:[~2024-12-09 22:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-27 21:22 [syzbot] [kernel?] BUG: sleeping function called from invalid context in static_key_slow_dec syzbot
2024-11-29 10:47 ` Florian Westphal
2024-12-07 11:14 ` [PATCH nf] netfilter: nf_tables: do not defer rule destruction via call_rcu Florian Westphal
2024-12-09 21:27 ` Pablo Neira Ayuso
2024-12-09 22:04 ` Florian Westphal [this message]
2024-12-11 16:16 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241209220401.GA4709@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=syzbot+b26935466701e56cfdc2@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.