[PATCH nf] netfilter: nf_tables: GC transaction race with abort path

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nf] netfilter: nf_tables: GC transaction race with abort path
@ 2023-08-17 23:13 Pablo Neira Ayuso
  2023-08-18  7:48 ` kernel test robot
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2023-08-17 23:13 UTC (permalink / raw)
  To: netfilter-devel

Abort path is missing a synchronization point with GC transactions. Add
GC sequence number hence any GC transaction losing race will be
discarded.

Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_tables_api.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 358f19b3712a..c2817d7ee653 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -10335,8 +10335,12 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb,
 			   enum nfnl_abort_action action)
 {
 	struct nftables_pernet *nft_net = nft_pernet(net);
-	int ret = __nf_tables_abort(net, action);
+	unsigned int gc_seq;
+	int ret;
 
+	gc_seq = nft_gc_seq_begin(nft_net);
+	ret = __nf_tables_abort(net, action);
+	nft_gc_seq_end(nft_net, gc_seq);
 	mutex_unlock(&nft_net->commit_mutex);
 
 	return ret;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH nf] netfilter: nf_tables: GC transaction race with abort path
  2023-08-17 23:13 [PATCH nf] netfilter: nf_tables: GC transaction race with abort path Pablo Neira Ayuso
@ 2023-08-18  7:48 ` kernel test robot
  2023-08-18  9:09   ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: kernel test robot @ 2023-08-18  7:48 UTC (permalink / raw)
  To: Pablo Neira Ayuso, netfilter-devel; +Cc: llvm, oe-kbuild-all

Hi Pablo,

kernel test robot noticed the following build errors:

[auto build test ERROR on nf/master]

url:    https://github.com/intel-lab-lkp/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-GC-transaction-race-with-abort-path/20230818-071545
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
patch link:    https://lore.kernel.org/r/20230817231352.8412-1-pablo%40netfilter.org
patch subject: [PATCH nf] netfilter: nf_tables: GC transaction race with abort path
config: hexagon-randconfig-r045-20230818 (https://download.01.org/0day-ci/archive/20230818/202308181545.lZbeE7Lm-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a)
reproduce: (https://download.01.org/0day-ci/archive/20230818/202308181545.lZbeE7Lm-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202308181545.lZbeE7Lm-lkp@intel.com/

All errors (new ones prefixed by >>):

>> net/netfilter/nf_tables_api.c:9132:11: error: call to undeclared function 'nft_gc_seq_begin'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    9132 |         gc_seq = nft_gc_seq_begin(nft_net);
         |                  ^
>> net/netfilter/nf_tables_api.c:9134:2: error: call to undeclared function 'nft_gc_seq_end'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    9134 |         nft_gc_seq_end(nft_net, gc_seq);
         |         ^
   2 errors generated.


vim +/nft_gc_seq_begin +9132 net/netfilter/nf_tables_api.c

  9124	
  9125	static int nf_tables_abort(struct net *net, struct sk_buff *skb,
  9126				   enum nfnl_abort_action action)
  9127	{
  9128		struct nftables_pernet *nft_net = nft_pernet(net);
  9129		unsigned int gc_seq;
  9130		int ret;
  9131	
> 9132		gc_seq = nft_gc_seq_begin(nft_net);
  9133		ret = __nf_tables_abort(net, action);
> 9134		nft_gc_seq_end(nft_net, gc_seq);
  9135		mutex_unlock(&nft_net->commit_mutex);
  9136	
  9137		return ret;
  9138	}
  9139	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf] netfilter: nf_tables: GC transaction race with abort path
  2023-08-18  7:48 ` kernel test robot
@ 2023-08-18  9:09   ` Pablo Neira Ayuso
  2023-08-21  2:20     ` Liu, Yujie
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2023-08-18  9:09 UTC (permalink / raw)
  To: kernel test robot; +Cc: netfilter-devel, llvm, oe-kbuild-all

On Fri, Aug 18, 2023 at 03:48:48PM +0800, kernel test robot wrote:
> Hi Pablo,
> 
> kernel test robot noticed the following build errors:
> 
> [auto build test ERROR on nf/master]
> 
> url:    https://github.com/intel-lab-lkp/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-GC-transaction-race-with-abort-path/20230818-071545
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master

Wrong tree, we moved to:

https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf] netfilter: nf_tables: GC transaction race with abort path
  2023-08-18  9:09   ` Pablo Neira Ayuso
@ 2023-08-21  2:20     ` Liu, Yujie
  0 siblings, 0 replies; 4+ messages in thread
From: Liu, Yujie @ 2023-08-21  2:20 UTC (permalink / raw)
  To: pablo@netfilter.org
  Cc: oe-kbuild-all@lists.linux.dev, llvm@lists.linux.dev, lkp,
	netfilter-devel@vger.kernel.org

On Fri, 2023-08-18 at 11:09 +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 18, 2023 at 03:48:48PM +0800, kernel test robot wrote:
> > Hi Pablo,
> > 
> > kernel test robot noticed the following build errors:
> > 
> > [auto build test ERROR on nf/master]
> > 
> > url:   
> > https://github.com/intel-lab-lkp/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_tables-GC-transaction-race-with-abort-path/20230818-071545
> > base:  
> > https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
> 
> Wrong tree, we moved to:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git main

Thanks for the info and sorry for the wrong report. We've configured
the bot to test netfilter patches against the new tree.

--
Best Regards,
Yujie

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-08-21  2:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-17 23:13 [PATCH nf] netfilter: nf_tables: GC transaction race with abort path Pablo Neira Ayuso
2023-08-18  7:48 ` kernel test robot
2023-08-18  9:09   ` Pablo Neira Ayuso
2023-08-21  2:20     ` Liu, Yujie

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).