Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > > index b71b57a83bb4..b4dd96e4dc8d 100644 > > --- a/include/linux/netfilter_netdev.h > > +++ b/include/linux/netfilter_netdev.h > > @@ -94,7 +94,7 @@ static inline struct sk_buff *nf_hook_egress(struct sk_buff *skb, int *rc, > > return skb; > > #endif > > - e = rcu_dereference(dev->nf_hooks_egress); > > + e = rcu_dereference_check(dev->nf_hooks_egress, rcu_read_lock_bh_held()); > > if (!e) > > return skb; > > > It seems other rcu_dereference() uses will also trigger lockdep splat. > if (genbit) > blob = rcu_dereference(chain->blob_gen_1); > else > blob = rcu_dereference(chain->blob_gen_0); > > I wonder how many other places will need a fix ? I don't like that, all nf hooks assume rcu_read_lock is held. nf_hook_egress() call to nf_hook_slow() needs to be wrapped in rcu_read_(un)lock pair.
