On Thu, Oct 24, 2024 at 07:35:36PM +0200, Florian Westphal wrote:
> Matthieu Baerts <matttbe@xxxxxxxxxx> wrote:
> > Hello,
> >
> > First, thank you for all the work you did and are still doing around
> > Netfilter!
> >
> > I'm writing you this email, because when I run the MPTCP test suite with
> > a VM running a kernel built with a debug config including
> > CONFIG_PROVE_RCU_LIST=y (and CONFIG_RCU_EXPERT=y), I get the following
> > warning:
> >
> >
> > > 6.12.0-rc3+ #7 Not tainted
> > > -----------------------------
> > > net/netfilter/nf_tables_api.c:3420 RCU-list traversed in non-reader section!!
> > >
> > > other info that might help us debug this:
> > >
> > > rcu_scheduler_active = 2, debug_locks = 1
> > > 1 lock held by iptables/134:
> > > #0: ffff888008c4fcc8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid (include/linux/jiffies.h:101) nf_tables
>
> List is protected by transaction mutex, but we can't switch to plain
> for_each_entry as this is also called from rcu-only context.
>
> We either need two functions or pass nft_net + lockdep_is_held() check
> as extra arg.
Right, I can see _rcu is still needed for the nf_tables_getrule_single() case.
