Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> The dormant flag need to be updated from the preparation phase,
> otherwise, two consecutive requests to dorm a table in the same batch
> might try to remove the same hooks twice, resulting in the following
> warning:
>
> hook not found, pf 3 num 0
> WARNING: CPU: 0 PID: 334 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x1eb/0x610 net/netfilter/core.c:480
> Modules linked in:
> CPU: 0 PID: 334 Comm: kworker/u4:5 Not tainted 5.12.0-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Workqueue: netns cleanup_net
> RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 net/netfilter/core.c:480
>
> This patch is a partial revert of 0ce7cf4127f1 ("netfilter: nftables:
> update table flags from the commit phase") to restore the previous
> behaviour, which updates the dormant flag from the preparation phase
> to address this issue.
>
> However, there is still another problem: A batch containing a series of
> dorm-wakeup-dorm table and vice-versa also trigger the warning above
> since hook unregistration happens from the preparation phase, while hook
> registration occurs from the commit phase.
You could add nf_unregister_net_hook_try() or somesuch that elides
the WARN().
AFAIU this would not be needed at all if the WARN would not exist.
We could also just remove the WARN but it did catch the earlier
NFPROTO_ARP bug, so I would refer to keep it.
