From: Florian Westphal <fw@strlen.de>
To: Fernando Fernandez Mancera <fmancera@suse.de>
Cc: Paolo Abeni <pabeni@redhat.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, kuba@kernel.org, edumazet@google.com,
horms@kernel.org
Subject: Re: [PATCH net-next,v2 00/16] Netfilter updates for net-next
Date: Thu, 27 Nov 2025 22:51:03 +0100 [thread overview]
Message-ID: <aSjHx34ENi4THN56@strlen.de> (raw)
In-Reply-To: <fb6e4953-a706-49e5-9026-3cc190414984@suse.de>
Fernando Fernandez Mancera <fmancera@suse.de> wrote:
> Patch 12 - I think that should be fine, nf_conncount_tree_skb() which
> calls count_tree() should called with RCU read lock. This patch didn't
> modify that behavior.
It would be better to add a READ_ONCE() however, since there can be
a concurrent update.
Not caused by your patch, so future fixup is fine.
> Patch 13 - as we are holding the commit mutex I thought that it wasn't
> needed. Anyway, if that is needed, there are other places where we have
> similar issues that would require a fix too. I can follow up on nf tree.
It would be better to add WRITE_ONCE() for both, given we could also be
interrupted on same cpu here.
Yes, the various .update callbacks have similar problematic patterns,
they all should be fixed up if possible.
next prev parent reply other threads:[~2025-11-27 21:51 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-26 20:55 [PATCH net-next,v2 00/16] Netfilter updates for net-next Pablo Neira Ayuso
2025-11-26 20:55 ` [PATCH net-next 01/16] netfilter: flowtable: move path discovery infrastructure to its own file Pablo Neira Ayuso
2025-11-26 20:55 ` [PATCH net-next 02/16] netfilter: flowtable: consolidate xmit path Pablo Neira Ayuso
2025-11-26 20:55 ` [PATCH net-next 03/16] netfilter: flowtable: inline vlan encapsulation in " Pablo Neira Ayuso
2025-11-26 20:55 ` [PATCH net-next 04/16] netfilter: flowtable: inline pppoe " Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 05/16] netfilter: flowtable: remove hw_ifidx Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 06/16] netfilter: flowtable: use tuple address to calculate next hop Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 07/16] netfilter: flowtable: Add IPIP rx sw acceleration Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 08/16] netfilter: flowtable: Add IPIP tx " Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 09/16] selftests: netfilter: nft_flowtable.sh: Add IPIP flowtable selftest Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 10/16] netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 11/16] netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 12/16] netfilter: nft_connlimit: update the count if add was skipped Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 13/16] netfilter: nft_connlimit: add support to object update operation Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 14/16] selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 15/16] netfilter: ip6t_srh: fix UAPI kernel-doc comments format Pablo Neira Ayuso
2025-11-26 20:56 ` [PATCH net-next 16/16] netfilter: nf_tables: improve UAPI kernel-doc comments Pablo Neira Ayuso
2025-11-27 15:08 ` [PATCH net-next,v2 00/16] Netfilter updates for net-next Paolo Abeni
2025-11-27 21:31 ` Fernando Fernandez Mancera
2025-11-27 21:51 ` Florian Westphal [this message]
2025-11-27 21:43 ` Lorenzo Bianconi
2025-11-28 0:35 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSjHx34ENi4THN56@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fmancera@suse.de \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).