* [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal
@ 2026-06-24 15:01 Runyu Xiao
2026-06-25 7:21 ` Eelco Chaudron
2026-06-25 16:20 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Runyu Xiao @ 2026-06-24 15:01 UTC (permalink / raw)
To: aconole, echaudro, i.maximets
Cc: davem, edumazet, kuba, pabeni, horms, netdev, dev, linux-kernel,
runyu.xiao, jianhao.xu
ct_limit_set() is documented as being called with ovs_mutex held. It
walks the ct limit hlist with hlist_for_each_entry_rcu(), but the
iterator does not currently pass the OVS lockdep condition used
elsewhere for RCU-protected OVS objects.
Pass lockdep_ovsl_is_held() to the iterator. This matches the function's
existing caller contract and lets CONFIG_PROVE_RCU_LIST distinguish the
ovs_mutex-protected update path from the RCU read-side ct_limit_get()
path.
This was found by our static analysis tool and then manually reviewed
against the current tree. In the reviewed CONFIG_PROVE_RCU_LIST triage
run, the writer-side ct limit update produced the expected "RCU-list
traversed in non-reader section!!" warning while ovs_mutex was held,
with the stack matching ct_limit_set() and ovs_ct_limit_set_zone_limit().
The change is limited to documenting the existing protection contract.
This is a lockdep annotation cleanup. It does not change the conntrack
limit list update or release behavior.
Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn>
---
net/openvswitch/conntrack.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index c6fd9c424e8f..95697d4e16e6 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -883,7 +883,8 @@ static void ct_limit_set(const struct ovs_ct_limit_info *info,
struct hlist_head *head;
head = ct_limit_hash_bucket(info, new_ct_limit->zone);
- hlist_for_each_entry_rcu(ct_limit, head, hlist_node) {
+ hlist_for_each_entry_rcu(ct_limit, head, hlist_node,
+ lockdep_ovsl_is_held()) {
if (ct_limit->zone == new_ct_limit->zone) {
hlist_replace_rcu(&ct_limit->hlist_node,
&new_ct_limit->hlist_node);
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal
2026-06-24 15:01 [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal Runyu Xiao
@ 2026-06-25 7:21 ` Eelco Chaudron
2026-06-25 16:20 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Eelco Chaudron @ 2026-06-25 7:21 UTC (permalink / raw)
To: Runyu Xiao
Cc: aconole, i.maximets, davem, edumazet, kuba, pabeni, horms, netdev,
dev, linux-kernel, jianhao.xu
On 24 Jun 2026, at 17:01, Runyu Xiao wrote:
> ct_limit_set() is documented as being called with ovs_mutex held. It
> walks the ct limit hlist with hlist_for_each_entry_rcu(), but the
> iterator does not currently pass the OVS lockdep condition used
> elsewhere for RCU-protected OVS objects.
>
> Pass lockdep_ovsl_is_held() to the iterator. This matches the function's
> existing caller contract and lets CONFIG_PROVE_RCU_LIST distinguish the
> ovs_mutex-protected update path from the RCU read-side ct_limit_get()
> path.
>
> This was found by our static analysis tool and then manually reviewed
> against the current tree. In the reviewed CONFIG_PROVE_RCU_LIST triage
> run, the writer-side ct limit update produced the expected "RCU-list
> traversed in non-reader section!!" warning while ovs_mutex was held,
> with the stack matching ct_limit_set() and ovs_ct_limit_set_zone_limit().
> The change is limited to documenting the existing protection contract.
>
> This is a lockdep annotation cleanup. It does not change the conntrack
> limit list update or release behavior.
>
> Signed-off-by: Runyu Xiao <runyu.xiao@seu.edu.cn>
> ---
Hi Runyu,
I think net-next is still closed, so you might need to resend it once
it opens. But the patch itself looks good to me.
Reviewed-by: Eelco Chaudron <echaudro@redhat.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal
2026-06-24 15:01 [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal Runyu Xiao
2026-06-25 7:21 ` Eelco Chaudron
@ 2026-06-25 16:20 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2026-06-25 16:20 UTC (permalink / raw)
To: Runyu Xiao
Cc: aconole, echaudro, i.maximets, davem, edumazet, kuba, pabeni,
horms, netdev, dev, linux-kernel, jianhao.xu
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Wed, 24 Jun 2026 23:01:49 +0800 you wrote:
> ct_limit_set() is documented as being called with ovs_mutex held. It
> walks the ct limit hlist with hlist_for_each_entry_rcu(), but the
> iterator does not currently pass the OVS lockdep condition used
> elsewhere for RCU-protected OVS objects.
>
> Pass lockdep_ovsl_is_held() to the iterator. This matches the function's
> existing caller contract and lets CONFIG_PROVE_RCU_LIST distinguish the
> ovs_mutex-protected update path from the RCU read-side ct_limit_get()
> path.
>
> [...]
Here is the summary with links:
- [net-next] openvswitch: conntrack: annotate ct limit hlist traversal
https://git.kernel.org/netdev/net/c/0e901ee5c6f9
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-25 16:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-24 15:01 [PATCH net-next] openvswitch: conntrack: annotate ct limit hlist traversal Runyu Xiao
2026-06-25 7:21 ` Eelco Chaudron
2026-06-25 16:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox