From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <eric.dumazet@gmail.com>,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.16 18/28] netfilter: egress: silence egress hook lockdep splats
Date: Thu, 17 Mar 2022 13:46:09 +0100 [thread overview]
Message-ID: <20220317124527.285482124@linuxfoundation.org> (raw)
In-Reply-To: <20220317124526.768423926@linuxfoundation.org>
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 17a8f31bba7bac8cce4bd12bab50697da96e7710 ]
Netfilter assumes its called with rcu_read_lock held, but in egress
hook case it may be called with BH readlock.
This triggers lockdep splat.
In order to avoid to change all rcu_dereference() to
rcu_dereference_check(..., rcu_read_lock_bh_held()), wrap nf_hook_slow
with read lock/unlock pair.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netfilter_netdev.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/linux/netfilter_netdev.h b/include/linux/netfilter_netdev.h
index b4dd96e4dc8d..e6487a691136 100644
--- a/include/linux/netfilter_netdev.h
+++ b/include/linux/netfilter_netdev.h
@@ -101,7 +101,11 @@ static inline struct sk_buff *nf_hook_egress(struct sk_buff *skb, int *rc,
nf_hook_state_init(&state, NF_NETDEV_EGRESS,
NFPROTO_NETDEV, dev, NULL, NULL,
dev_net(dev), NULL);
+
+ /* nf assumes rcu_read_lock, not just read_lock_bh */
+ rcu_read_lock();
ret = nf_hook_slow(skb, &state, e, 0);
+ rcu_read_unlock();
if (ret == 1) {
return skb;
--
2.34.1
next prev parent reply other threads:[~2022-03-17 12:58 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 12:45 [PATCH 5.16 00/28] 5.16.16-rc1 review Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 01/28] Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 02/28] arm64: dts: rockchip: fix dma-controller node names on rk356x Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 03/28] arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 04/28] xfrm: Check if_id in xfrm_migrate Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 05/28] xfrm: Fix xfrm migrate issues when address family changes Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 06/28] arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 07/28] arm64: dts: rockchip: align pl330 node name with dtschema Greg Kroah-Hartman
2022-03-17 12:45 ` [PATCH 5.16 08/28] arm64: dts: rockchip: reorder rk3399 hdmi clocks Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 09/28] arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 10/28] ARM: dts: rockchip: reorder rk322x hmdi clocks Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 11/28] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 12/28] mac80211: refuse aggregations sessions before authorized Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 13/28] MIPS: smp: fill in sibling and core maps earlier Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 14/28] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 15/28] Bluetooth: hci_core: Fix leaking sent_cmd skb Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 16/28] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 17/28] atm: firestream: check the return value of ioremap() in fs_init() Greg Kroah-Hartman
2022-03-17 12:46 ` Greg Kroah-Hartman [this message]
2022-03-17 12:46 ` [PATCH 5.16 19/28] Input: goodix - use the new soc_intel_is_byt() helper Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 20/28] Input: goodix - workaround Cherry Trail devices with a bogus ACPI Interrupt() resource Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 21/28] iwlwifi: dont advertise TWT support Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 22/28] drm/vrr: Set VRR capable prop only if it is attached to connector Greg Kroah-Hartman
2022-03-17 12:46 ` Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 23/28] nl80211: Update bss channel on channel switch for P2P_CLIENT Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 24/28] tcp: make tcp_read_sock() more robust Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 25/28] sfc: extend the locking on mcdi->seqno Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 26/28] bnx2: Fix an error message Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 27/28] kselftest/vm: fix tests build with old libc Greg Kroah-Hartman
2022-03-17 12:46 ` [PATCH 5.16 28/28] ice: Fix race condition during interface enslave Greg Kroah-Hartman
2022-03-17 17:01 ` [PATCH 5.16 00/28] 5.16.16-rc1 review Fox Chen
2022-03-17 22:17 ` Florian Fainelli
2022-03-18 2:20 ` Guenter Roeck
2022-03-18 9:10 ` Naresh Kamboju
2022-03-18 11:09 ` Bagas Sanjaya
2022-03-18 13:14 ` Jon Hunter
2022-03-18 13:48 ` Ron Economos
2022-03-18 13:52 ` Rudi Heitbaum
2022-03-18 22:56 ` Justin Forbes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220317124527.285482124@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=eric.dumazet@gmail.com \
--cc=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.