Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [bugreport] [5.10] warning at net/netfilter/nf_tables_api.c:622
@ 2020-10-16  7:11 Mikhail Gavrilov
  2020-10-16 14:31 ` Mikhail Gavrilov
  0 siblings, 1 reply; 2+ messages in thread
From: Mikhail Gavrilov @ 2020-10-16  7:11 UTC (permalink / raw)
  To: Linux List Kernel Mailing, Florian Westphal, Pablo Neira Ayuso,
	netfilter-devel

Hi folks,
today I joined to testing Kernel 5.10 and see that every boot happens
this warning:

[   22.180180] ------------[ cut here ]------------
[   22.180193] WARNING: CPU: 28 PID: 1205 at
net/netfilter/nf_tables_api.c:622 nft_chain_parse_hook+0x224/0x330
[nf_tables]
[   22.180194] Modules linked in: nf_tables nfnetlink ip6table_filter
ip6_tables iptable_filter cmac bnep sunrpc vfat fat
snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio
snd_hda_codec_hdmi mt76x2u mt76x2_common mt76x02_usb iwlmvm mt76_usb
uvcvideo snd_hda_intel mt76x02_lib gspca_zc3xx snd_intel_dspcfg btusb
gspca_main videobuf2_vmalloc btrtl mt76 edac_mce_amd snd_hda_codec
btbcm videobuf2_memops btintel kvm_amd snd_usb_audio videobuf2_v4l2
snd_hda_core mac80211 kvm bluetooth snd_usbmidi_lib joydev
videobuf2_common iwlwifi snd_seq xpad snd_hwdep ff_memless videodev
snd_rawmidi snd_seq_device libarc4 eeepc_wmi snd_pcm ecdh_generic
irqbypass asus_wmi mc rapl sparse_keymap ecc snd_timer sp5100_tco
video cfg80211 wmi_bmof pcspkr snd k10temp i2c_piix4 soundcore rfkill
acpi_cpufreq binfmt_misc zram ip_tables hid_logitech_hidpp
hid_logitech_dj amdgpu iommu_v2 gpu_sched ttm drm_kms_helper
crct10dif_pclmul crc32_pclmul crc32c_intel cec drm ccp
ghash_clmulni_intel igb nvme dca nvme_core
[   22.180273]  i2c_algo_bit wmi pinctrl_amd fuse
[   22.180279] CPU: 28 PID: 1205 Comm: ebtables Not tainted
5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64 #1
[   22.180281] Hardware name: System manufacturer System Product
Name/ROG STRIX X570-I GAMING, BIOS 2606 08/13/2020
[   22.180289] RIP: 0010:nft_chain_parse_hook+0x224/0x330 [nf_tables]
[   22.180292] Code: a0 14 00 00 be ff ff ff ff e8 68 82 e1 e4 85 c0
0f 85 21 fe ff ff 0f 0b bf 0a 00 00 00 e8 14 60 97 ff 84 c0 0f 84 1f
fe ff ff <0f> 0b e9 18 fe ff ff 48 85 f6 74 61 4c 89 ef e8 78 d0 ff ff
48 89
[   22.180294] RSP: 0018:ffffa9850214f780 EFLAGS: 00010202
[   22.180296] RAX: 0000000000000001 RBX: ffffa9850214f810 RCX: 0000000000000000
[   22.180297] RDX: ffffa9850214f810 RSI: 00000000ffffffff RDI: ffffffffc0851c20
[   22.180299] RBP: 0000000000000007 R08: 0000000000000001 R09: ffffa9850214f847
[   22.180300] R10: 0000000000000000 R11: 0000000000000007 R12: ffffa9850214fa88
[   22.180301] R13: ffffffffa6fdfcc0 R14: ffffa9850214fa88 R15: ffff993c5c12c800
[   22.180304] FS:  00007ff92ed99540(0000) GS:ffff993c8a200000(0000)
knlGS:0000000000000000
[   22.180305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.180307] CR2: 00007ff92ed1e000 CR3: 00000007d3714000 CR4: 0000000000350ee0
[   22.180308] Call Trace:
[   22.180319]  ? __rhashtable_lookup+0x11d/0x210 [nf_tables]
[   22.180329]  nf_tables_addchain.constprop.0+0xab/0x5e0 [nf_tables]
[   22.180337]  ? nft_chain_lookup.part.0+0x12c/0x1e0 [nf_tables]
[   22.180344]  ? get_order+0x20/0x20 [nf_tables]
[   22.180350]  ? nft_chain_hash+0x30/0x30 [nf_tables]
[   22.180356]  ? nft_dump_register+0x40/0x40 [nf_tables]
[   22.180368]  nf_tables_newchain+0x54d/0x730 [nf_tables]
[   22.180376]  nfnetlink_rcv_batch+0x2a4/0x950 [nfnetlink]
[   22.180385]  ? lock_acquire+0x175/0x400
[   22.180387]  ? lock_release+0x1e7/0x400
[   22.180391]  ? cred_has_capability.isra.0+0x68/0x100
[   22.180395]  ? __nla_validate_parse+0x4f/0x8d0
[   22.180401]  nfnetlink_rcv+0x115/0x130 [nfnetlink]
[   22.180407]  netlink_unicast+0x16d/0x230
[   22.180426]  netlink_sendmsg+0x23f/0x460
[   22.180431]  sock_sendmsg+0x5e/0x60
[   22.180434]  ____sys_sendmsg+0x231/0x270
[   22.180438]  ? import_iovec+0x17/0x20
[   22.180440]  ? sendmsg_copy_msghdr+0x5c/0x80
[   22.180444]  ___sys_sendmsg+0x75/0xb0
[   22.180450]  ? cred_has_capability.isra.0+0x68/0x100
[   22.180452]  ? lock_acquire+0x175/0x400
[   22.180454]  ? lock_acquire+0x93/0x400
[   22.180457]  ? lock_release+0x1e7/0x400
[   22.180459]  ? lock_release+0x1e7/0x400
[   22.180462]  ? trace_hardirqs_on+0x1b/0xe0
[   22.180465]  ? sock_setsockopt+0xdf/0x1010
[   22.180467]  ? __local_bh_enable_ip+0x82/0xd0
[   22.180470]  ? sock_setsockopt+0xdf/0x1010
[   22.180473]  __sys_sendmsg+0x49/0x80
[   22.180480]  do_syscall_64+0x33/0x40
[   22.180483]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   22.180486] RIP: 0033:0x7ff92efdb087
[   22.180488] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7
0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00
00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74
24 10
[   22.180490] RSP: 002b:00007fff54436b38 EFLAGS: 00000246 ORIG_RAX:
000000000000002e
[   22.180492] RAX: ffffffffffffffda RBX: 00007fff54436b40 RCX: 00007ff92efdb087
[   22.180494] RDX: 0000000000000000 RSI: 00007fff54437be0 RDI: 0000000000000003
[   22.180495] RBP: 00007fff544381e0 R08: 0000000000000004 R09: 000055b281bcf1d0
[   22.180496] R10: 00007fff54437bcc R11: 0000000000000246 R12: 0000000000007000
[   22.180497] R13: 0000000000000001 R14: 00007fff54436b50 R15: 00007fff54438200
[   22.180503] irq event stamp: 0
[   22.180505] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
[   22.180507] hardirqs last disabled at (0): [<ffffffffa50d7683>]
copy_process+0x723/0x1c80
[   22.180509] softirqs last  enabled at (0): [<ffffffffa50d7683>]
copy_process+0x723/0x1c80
[   22.180511] softirqs last disabled at (0): [<0000000000000000>] 0x0
[   22.180512] ---[ end trace 6a0904ace1916b5d ]---

reproductivity 100% reliable on my system

$ /usr/src/kernels/`uname -r`/scripts/faddr2line
/lib/debug/lib/modules/`uname
-r`/kernel/net/netfilter/nf_tables.ko.debug nft_chain_parse_hook+0x224
nft_chain_parse_hook+0x224/0x330:
lockdep_nfnl_nft_mutex_not_held at
/usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:622
(inlined by) lockdep_nfnl_nft_mutex_not_held at
/usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:619
(inlined by) nft_chain_parse_hook at
/usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:1816

$ git blame -L 617,627 net/netfilter/nf_tables_api.c
452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 617) #endif
452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 618)
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 619) static
void lockdep_nfnl_nft_mutex_not_held(void)
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 620) {
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 621) #ifdef
CONFIG_PROVE_LOCKING
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 622)
 WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 623) #endif
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 624) }
f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 625)
32537e91847a5 (Pablo Neira Ayuso 2018-03-27 11:53:05 +0200 626) static
const struct nft_chain_type *
452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 627)
nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,

$ git show f102d66b335a4
commit f102d66b335a417d4848da9441f585695a838934
Author: Florian Westphal <fw@strlen.de>
Date:   Wed Jul 11 13:45:14 2018 +0200

    netfilter: nf_tables: use dedicated mutex to guard transactions

    Continue to use nftnl subsys mutex to protect (un)registration of
hook types,
    expressions and so on, but force batch operations to do their own
    locking.

    This allows distinct net namespaces to perform transactions in parallel.

    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
index 94767ea3a490..286fd960896f 100644
--- a/include/net/netns/nftables.h
+++ b/include/net/netns/nftables.h
@@ -7,6 +7,7 @@
 struct netns_nftables {
        struct list_head        tables;
        struct list_head        commit_list;
+       struct mutex            commit_mutex;
        unsigned int            base_seq;
        u8                      gencursor;
        u8                      validate_state;
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 68436edd9cdf..c0fb2bcd30fe 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -480,12 +480,19 @@ static void nft_request_module(struct net *net,
const char *fmt, ...)
        if (WARN(ret >= MODULE_NAME_LEN, "truncated: '%s' (len %d)",
module_name, ret))
                return;

-       nfnl_unlock(NFNL_SUBSYS_NFTABLES);
+       mutex_unlock(&net->nft.commit_mutex);
        request_module("%s", module_name);
-       nfnl_lock(NFNL_SUBSYS_NFTABLES);
+       mutex_lock(&net->nft.commit_mutex);
 }
 #endif

+static void lockdep_nfnl_nft_mutex_not_held(void)
+{
+#ifdef CONFIG_PROVE_LOCKING
+       WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
+#endif
+}
+
 static const struct nft_chain_type *
 nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,

The last changes were made by Florian. That is why I invited you here,
can you clarify the situation.

Full dmesg output: https://pastebin.com/tZY3npHG

--
Best Regards,
Mike Gavrilov.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [bugreport] [5.10] warning at net/netfilter/nf_tables_api.c:622
  2020-10-16  7:11 [bugreport] [5.10] warning at net/netfilter/nf_tables_api.c:622 Mikhail Gavrilov
@ 2020-10-16 14:31 ` Mikhail Gavrilov
  0 siblings, 0 replies; 2+ messages in thread
From: Mikhail Gavrilov @ 2020-10-16 14:31 UTC (permalink / raw)
  To: Linux List Kernel Mailing, Florian Westphal, Pablo Neira Ayuso,
	netfilter-devel

On Fri, 16 Oct 2020 at 12:11, Mikhail Gavrilov
<mikhail.v.gavrilov@gmail.com> wrote:
>
> Hi folks,
> today I joined to testing Kernel 5.10 and see that every boot happens
> this warning:
>
> [   22.180180] ------------[ cut here ]------------
> [   22.180193] WARNING: CPU: 28 PID: 1205 at
> net/netfilter/nf_tables_api.c:622 nft_chain_parse_hook+0x224/0x330
> [nf_tables]
> [   22.180194] Modules linked in: nf_tables nfnetlink ip6table_filter
> ip6_tables iptable_filter cmac bnep sunrpc vfat fat
> snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio
> snd_hda_codec_hdmi mt76x2u mt76x2_common mt76x02_usb iwlmvm mt76_usb
> uvcvideo snd_hda_intel mt76x02_lib gspca_zc3xx snd_intel_dspcfg btusb
> gspca_main videobuf2_vmalloc btrtl mt76 edac_mce_amd snd_hda_codec
> btbcm videobuf2_memops btintel kvm_amd snd_usb_audio videobuf2_v4l2
> snd_hda_core mac80211 kvm bluetooth snd_usbmidi_lib joydev
> videobuf2_common iwlwifi snd_seq xpad snd_hwdep ff_memless videodev
> snd_rawmidi snd_seq_device libarc4 eeepc_wmi snd_pcm ecdh_generic
> irqbypass asus_wmi mc rapl sparse_keymap ecc snd_timer sp5100_tco
> video cfg80211 wmi_bmof pcspkr snd k10temp i2c_piix4 soundcore rfkill
> acpi_cpufreq binfmt_misc zram ip_tables hid_logitech_hidpp
> hid_logitech_dj amdgpu iommu_v2 gpu_sched ttm drm_kms_helper
> crct10dif_pclmul crc32_pclmul crc32c_intel cec drm ccp
> ghash_clmulni_intel igb nvme dca nvme_core
> [   22.180273]  i2c_algo_bit wmi pinctrl_amd fuse
> [   22.180279] CPU: 28 PID: 1205 Comm: ebtables Not tainted
> 5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64 #1
> [   22.180281] Hardware name: System manufacturer System Product
> Name/ROG STRIX X570-I GAMING, BIOS 2606 08/13/2020
> [   22.180289] RIP: 0010:nft_chain_parse_hook+0x224/0x330 [nf_tables]
> [   22.180292] Code: a0 14 00 00 be ff ff ff ff e8 68 82 e1 e4 85 c0
> 0f 85 21 fe ff ff 0f 0b bf 0a 00 00 00 e8 14 60 97 ff 84 c0 0f 84 1f
> fe ff ff <0f> 0b e9 18 fe ff ff 48 85 f6 74 61 4c 89 ef e8 78 d0 ff ff
> 48 89
> [   22.180294] RSP: 0018:ffffa9850214f780 EFLAGS: 00010202
> [   22.180296] RAX: 0000000000000001 RBX: ffffa9850214f810 RCX: 0000000000000000
> [   22.180297] RDX: ffffa9850214f810 RSI: 00000000ffffffff RDI: ffffffffc0851c20
> [   22.180299] RBP: 0000000000000007 R08: 0000000000000001 R09: ffffa9850214f847
> [   22.180300] R10: 0000000000000000 R11: 0000000000000007 R12: ffffa9850214fa88
> [   22.180301] R13: ffffffffa6fdfcc0 R14: ffffa9850214fa88 R15: ffff993c5c12c800
> [   22.180304] FS:  00007ff92ed99540(0000) GS:ffff993c8a200000(0000)
> knlGS:0000000000000000
> [   22.180305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   22.180307] CR2: 00007ff92ed1e000 CR3: 00000007d3714000 CR4: 0000000000350ee0
> [   22.180308] Call Trace:
> [   22.180319]  ? __rhashtable_lookup+0x11d/0x210 [nf_tables]
> [   22.180329]  nf_tables_addchain.constprop.0+0xab/0x5e0 [nf_tables]
> [   22.180337]  ? nft_chain_lookup.part.0+0x12c/0x1e0 [nf_tables]
> [   22.180344]  ? get_order+0x20/0x20 [nf_tables]
> [   22.180350]  ? nft_chain_hash+0x30/0x30 [nf_tables]
> [   22.180356]  ? nft_dump_register+0x40/0x40 [nf_tables]
> [   22.180368]  nf_tables_newchain+0x54d/0x730 [nf_tables]
> [   22.180376]  nfnetlink_rcv_batch+0x2a4/0x950 [nfnetlink]
> [   22.180385]  ? lock_acquire+0x175/0x400
> [   22.180387]  ? lock_release+0x1e7/0x400
> [   22.180391]  ? cred_has_capability.isra.0+0x68/0x100
> [   22.180395]  ? __nla_validate_parse+0x4f/0x8d0
> [   22.180401]  nfnetlink_rcv+0x115/0x130 [nfnetlink]
> [   22.180407]  netlink_unicast+0x16d/0x230
> [   22.180426]  netlink_sendmsg+0x23f/0x460
> [   22.180431]  sock_sendmsg+0x5e/0x60
> [   22.180434]  ____sys_sendmsg+0x231/0x270
> [   22.180438]  ? import_iovec+0x17/0x20
> [   22.180440]  ? sendmsg_copy_msghdr+0x5c/0x80
> [   22.180444]  ___sys_sendmsg+0x75/0xb0
> [   22.180450]  ? cred_has_capability.isra.0+0x68/0x100
> [   22.180452]  ? lock_acquire+0x175/0x400
> [   22.180454]  ? lock_acquire+0x93/0x400
> [   22.180457]  ? lock_release+0x1e7/0x400
> [   22.180459]  ? lock_release+0x1e7/0x400
> [   22.180462]  ? trace_hardirqs_on+0x1b/0xe0
> [   22.180465]  ? sock_setsockopt+0xdf/0x1010
> [   22.180467]  ? __local_bh_enable_ip+0x82/0xd0
> [   22.180470]  ? sock_setsockopt+0xdf/0x1010
> [   22.180473]  __sys_sendmsg+0x49/0x80
> [   22.180480]  do_syscall_64+0x33/0x40
> [   22.180483]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [   22.180486] RIP: 0033:0x7ff92efdb087
> [   22.180488] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7
> 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00
> 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74
> 24 10
> [   22.180490] RSP: 002b:00007fff54436b38 EFLAGS: 00000246 ORIG_RAX:
> 000000000000002e
> [   22.180492] RAX: ffffffffffffffda RBX: 00007fff54436b40 RCX: 00007ff92efdb087
> [   22.180494] RDX: 0000000000000000 RSI: 00007fff54437be0 RDI: 0000000000000003
> [   22.180495] RBP: 00007fff544381e0 R08: 0000000000000004 R09: 000055b281bcf1d0
> [   22.180496] R10: 00007fff54437bcc R11: 0000000000000246 R12: 0000000000007000
> [   22.180497] R13: 0000000000000001 R14: 00007fff54436b50 R15: 00007fff54438200
> [   22.180503] irq event stamp: 0
> [   22.180505] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
> [   22.180507] hardirqs last disabled at (0): [<ffffffffa50d7683>]
> copy_process+0x723/0x1c80
> [   22.180509] softirqs last  enabled at (0): [<ffffffffa50d7683>]
> copy_process+0x723/0x1c80
> [   22.180511] softirqs last disabled at (0): [<0000000000000000>] 0x0
> [   22.180512] ---[ end trace 6a0904ace1916b5d ]---
>
> reproductivity 100% reliable on my system
>
> $ /usr/src/kernels/`uname -r`/scripts/faddr2line
> /lib/debug/lib/modules/`uname
> -r`/kernel/net/netfilter/nf_tables.ko.debug nft_chain_parse_hook+0x224
> nft_chain_parse_hook+0x224/0x330:
> lockdep_nfnl_nft_mutex_not_held at
> /usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:622
> (inlined by) lockdep_nfnl_nft_mutex_not_held at
> /usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:619
> (inlined by) nft_chain_parse_hook at
> /usr/src/debug/kernel-20201014gitb5fc7a89e58b/linux-5.10.0-0.rc0.20201014gitb5fc7a89e58b.41.fc34.x86_64/net/netfilter/nf_tables_api.c:1816
>
> $ git blame -L 617,627 net/netfilter/nf_tables_api.c
> 452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 617) #endif
> 452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 618)
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 619) static
> void lockdep_nfnl_nft_mutex_not_held(void)
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 620) {
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 621) #ifdef
> CONFIG_PROVE_LOCKING
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 622)
>  WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 623) #endif
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 624) }
> f102d66b335a4 (Florian Westphal  2018-07-11 13:45:14 +0200 625)
> 32537e91847a5 (Pablo Neira Ayuso 2018-03-27 11:53:05 +0200 626) static
> const struct nft_chain_type *
> 452238e8d5ffd (Florian Westphal  2018-07-11 13:45:10 +0200 627)
> nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
>
> $ git show f102d66b335a4
> commit f102d66b335a417d4848da9441f585695a838934
> Author: Florian Westphal <fw@strlen.de>
> Date:   Wed Jul 11 13:45:14 2018 +0200
>
>     netfilter: nf_tables: use dedicated mutex to guard transactions
>
>     Continue to use nftnl subsys mutex to protect (un)registration of
> hook types,
>     expressions and so on, but force batch operations to do their own
>     locking.
>
>     This allows distinct net namespaces to perform transactions in parallel.
>
>     Signed-off-by: Florian Westphal <fw@strlen.de>
>     Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
>
> diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
> index 94767ea3a490..286fd960896f 100644
> --- a/include/net/netns/nftables.h
> +++ b/include/net/netns/nftables.h
> @@ -7,6 +7,7 @@
>  struct netns_nftables {
>         struct list_head        tables;
>         struct list_head        commit_list;
> +       struct mutex            commit_mutex;
>         unsigned int            base_seq;
>         u8                      gencursor;
>         u8                      validate_state;
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index 68436edd9cdf..c0fb2bcd30fe 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -480,12 +480,19 @@ static void nft_request_module(struct net *net,
> const char *fmt, ...)
>         if (WARN(ret >= MODULE_NAME_LEN, "truncated: '%s' (len %d)",
> module_name, ret))
>                 return;
>
> -       nfnl_unlock(NFNL_SUBSYS_NFTABLES);
> +       mutex_unlock(&net->nft.commit_mutex);
>         request_module("%s", module_name);
> -       nfnl_lock(NFNL_SUBSYS_NFTABLES);
> +       mutex_lock(&net->nft.commit_mutex);
>  }
>  #endif
>
> +static void lockdep_nfnl_nft_mutex_not_held(void)
> +{
> +#ifdef CONFIG_PROVE_LOCKING
> +       WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
> +#endif
> +}
> +
>  static const struct nft_chain_type *
>  nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
>
> The last changes were made by Florian. That is why I invited you here,
> can you clarify the situation.
>
> Full dmesg output: https://pastebin.com/tZY3npHG
>

Here https://lkml.org/lkml/2020/10/16/494 attached the patch which
cure also this problem.
Sorry for the noise.

--
Best Regards,
Mike Gavrilov.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-16  7:11 [bugreport] [5.10] warning at net/netfilter/nf_tables_api.c:622 Mikhail Gavrilov
2020-10-16 14:31 ` Mikhail Gavrilov

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git