[lvc-project] [PATCH 5.10 114/270] netfilter: nf_tables: do not defer rule destruction via call_rcu
Alexey Khoroshilov
khoroshilov at ispras.ru
Sat Jun 7 01:43:32 MSK 2025
On 02.06.2025 16:46, Greg Kroah-Hartman wrote:
> 5.10-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Florian Westphal <fw at strlen.de>
>
> commit b04df3da1b5c6f6dc7cdccc37941740c078c4043 upstream.
>
..skip..
> Also add a few lockdep asserts to make this more explicit.
>
..skip..
> +/* can only be used if rule is no longer visible to dumps */
> static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule)
> {
> + lockdep_commit_lock_is_held(ctx->net);
> +
> nft_rule_expr_deactivate(ctx, rule, NFT_TRANS_RELEASE);
> }
> @@ -4858,6 +4860,8 @@ void nf_tables_deactivate_set(const stru
> struct nft_set_binding *binding,
> enum nft_trans_phase phase)
> {
> + lockdep_commit_lock_is_held(ctx->net);
I guess you meant WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));
here?
Found by Linux Verification Center (linuxtesting.org) with SVACE.
--
Alexey
More information about the lvc-project
mailing list