Hi Florian, Pablo, On 25/10/2024 01:22, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> >> this comment below is also not valid anymore: >> >> /* called with rcu_read_lock held */ >> static struct sk_buff * >> nf_tables_getrule_single(u32 portid, const struct nfnl_info *info, >> const struct nlattr * const nla[], bool reset) > > Yes, either called with rcu read lock or commit mutex held. > >> This is not the only spot that can trigger rcu splats. > > Agree. Will you make a patch or should I take a look? > I'm leaning towards a common helper that can pass the > right lockdep annotation, i.e. pass nft_net as arg to > document when RCU or transaction semantics apply. Thank you both for your quick replies, and for looking for a fix! While at it, I had a question related to the rules' list: in __nft_release_basechain() from the same nf_tables_api.c file, list's entries are not removed with the _rcu variant → is it OK to do that because this function is only called last at the cleanup time, when no other readers can iterate over the list? So similar to what is done in __nft_release_table()? Cheers, Matt -- Sponsored by the NGI0 Core fund.
