On 04.02.24 16:26, Jozsef Kadlecsik wrote:
> The patch fdb8e12cc2cc ("netfilter: ipset: fix performance regression
> in swap operation") missed to add the calls to gc cancellations
> at the error path of create operations and at module unload. Also,
> because the half of the destroy operations now executed by a
> function registered by call_rcu(), neither NFNL_SUBSYS_IPSET mutex
> or rcu read lock is held and therefore the checking of them results
> false warnings.
>
> Reported-by: syzbot+52bbc0ad036f6f0d4a25@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: Brad Spengler <spender@xxxxxxxxxxxxxx>
> Reported-by: Стас Ничипорович <stasn77@xxxxxxxxx>
> Fixes: fdb8e12cc2cc ("netfilter: ipset: fix performance regression in swap operation")
That afaics should be 97f7cf1cd80e ("netfilter: ipset: fix performance
regression in swap operation").
Side note in case anyone cares: I first didn't add the problem to the
regression tracking as I assumed the fix would get quickly reviewed and
merged to mainline (for some patches going through -net that's the
case), but now added it as nothing happened yet.
Ciao, Thorsten
