Re: [PATCH v2 nf-next 0/7] netfilter: nf_tables: avoid PROVE_RCU_LIST splats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Fri, Nov 01, 2024 at 12:02:14AM +0100, Florian Westphal wrote:
> > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > # nft -f test.nft
> > > test.nft:3:32-45: Error: Could not process rule: Operation not supported
> > >                 udp dport 4789 vxlan ip saddr 1.2.3.4
> > >                                ^^^^^^^^^^^^^^
> > > 
> > > Reverting "netfilter: nf_tables: must hold rcu read lock while iterating expression type list"
> > > makes it work for me again.
> > > 
> > > Are you compiling nf_tables built-in there? I make as a module, the
> > > type->owner is THIS_MODULE which refers to nf_tables.ko?
> > 
> > Indeed, this doesn't work.
> > 
> > But I cannot remove this test, this code looks broken to me in case
> > inner type is its own module.
> > 
> > No idea yet how to fix this.
> 
> I'm missing why this check is required by now.
> 
> Only meta and payload provide inner_ops and they are always built-in.
> 
> I understand this is an issue if more expressions are supported in the
> future.

Can you mangle the patch to remove the type->owner test and amend
the comment to say that this restriction exists (inner_ops != NULL ->
builtin?)

Else this might work:

+       if (!type->inner_ops || type->owner != THIS_MODULE) {

... but that would also need a comment, I think :-/




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux