Thanks for the suggestion. I'm not that familiar with ipset source code, do you mean something like issuing a second rcu_barrier between call_rcu and returning result code back to netlink (and only doing that for list type)? As I understand it there isn't much that could be done in e.g. list_set_destroy as it might not be called yet, sitting in the rcu wait queue. On Sat, 13 Apr 2024 at 19:02, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx> wrote: > > On Sat, 13 Apr 2024, keltargw wrote: > > > I have a problem with recent kernels. Due to delayed ipset destroy I'm > > unable to destroy ipset that was recently in use by another (destroyed) > > ipset. It is demonstrated by this example: > > > > #!/bin/bash > > set -x > > > > ipset create qwe1 list:set > > ipset create asd1 hash:net > > ipset add qwe1 asd1 > > ipset add asd1 1.1.1.1 > > > > ipset destroy qwe1 > > ipset list asd1 -t > > ipset destroy asd1 > > > > Second ipset destroy reports an error "ipset v7.21: Set cannot be > > destroyed: it is in use by a kernel component". > > If this command is repeated after a short delay, it deletes ipset > > without any problems. > > > > It seems it could be fixed with that kernel module patch: > > > > Index: linux-6.7.9/net/netfilter/ipset/ip_set_core.c > > =================================================================== > > --- linux-6.7.9.orig/net/netfilter/ipset/ip_set_core.c > > +++ linux-6.7.9/net/netfilter/ipset/ip_set_core.c > > @@ -1241,6 +1241,9 @@ static int ip_set_destroy(struct sk_buff > > u32 flags = flag_exist(info->nlh); > > u16 features = 0; > > > > + /* Wait for flush to ensure references are cleared */ > > + rcu_barrier(); > > + > > read_lock_bh(&ip_set_ref_lock); > > s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]), > > &i); > > > > If you have any suggestions on how this problem should be approached > > please let me know. > > I'd better solve it in the list type itself: your patch unnecessarily > slows down all set destroy operations. > > Best regards, > Jozsef > -- > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx > PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt > Address : Wigner Research Centre for Physics > H-1525 Budapest 114, POB. 49, Hungary
