Mathieu reported a lockdep splat on rule deletion with
CONFIG_RCU_LIST=y.
Unfortunately there are many more errors, and not all are false
positives.
First patches pass lockdep_commit_lock_is_held() to the rcu
list traversal macro so that those splats are avoided.
The last two patches are real code change as opposed to
'pass the transaction mutex to relax rcu check':
Those two lists are not protected by transaction mutex so
could be altered in parallel.
Aside from context these patches could be applied in any order.
This targets nf-next because these are long-standing issues so
it seems wrong to fix it this late in the release cycle.
Florian Westphal (7):
netfilter: nf_tables: avoid false-positive lockdep splat on rule
deletion
netfilter: nf_tables: avoid false-positive lockdep splats with sets
netfilter: nf_tables: avoid false-positive lockdep splats with
flowtables
netfilter: nf_tables: avoid false-positive lockdep splats in set
walker
netfilter: nf_tables: avoid false-positive lockdep splats with
basechain hook
netfilter: nf_tables: must hold rcu read lock while iterating
expression type list
netfilter: nf_tables: must hold rcu read lock while iterating object
type list
include/net/netfilter/nf_tables.h | 3 +-
net/netfilter/nf_tables_api.c | 110 ++++++++++++++++++------------
net/netfilter/nft_flow_offload.c | 4 +-
net/netfilter/nft_set_bitmap.c | 10 +--
net/netfilter/nft_set_hash.c | 3 +-
5 files changed, 79 insertions(+), 51 deletions(-)
--
2.45.2
