From: Greg Kroah-Hartman Date: Mon, 9 Oct 2023 11:30:00 +0000 (+0200) Subject: drop queue-5.10/netfilter-nf_tables-fix-false-positive-lockdep-splat.patch X-Git-Tag: v4.14.327~26 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=caf1847f0aec6ea62502cd6e15916ceade7164d2;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-5.10/netfilter-nf_tables-fix-false-positive-lockdep-splat.patch --- diff --git a/queue-5.10/netfilter-nf_tables-fix-false-positive-lockdep-splat.patch b/queue-5.10/netfilter-nf_tables-fix-false-positive-lockdep-splat.patch deleted file mode 100644 index 961ff49a316..00000000000 --- a/queue-5.10/netfilter-nf_tables-fix-false-positive-lockdep-splat.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b9f052dc68f69dac89fe1e24693354c033daa091 Mon Sep 17 00:00:00 2001 -From: Florian Westphal -Date: Tue, 8 Aug 2023 20:40:17 +0200 -Subject: netfilter: nf_tables: fix false-positive lockdep splat - -From: Florian Westphal - -commit b9f052dc68f69dac89fe1e24693354c033daa091 upstream. - -->abort invocation may cause splat on debug kernels: - -WARNING: suspicious RCU usage -net/netfilter/nft_set_pipapo.c:1697 suspicious rcu_dereference_check() usage! -[..] -rcu_scheduler_active = 2, debug_locks = 1 -1 lock held by nft/133554: [..] (nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid -[..] - lockdep_rcu_suspicious+0x1ad/0x260 - nft_pipapo_abort+0x145/0x180 - __nf_tables_abort+0x5359/0x63d0 - nf_tables_abort+0x24/0x40 - nfnetlink_rcv+0x1a0a/0x22c0 - netlink_unicast+0x73c/0x900 - netlink_sendmsg+0x7f0/0xc20 - ____sys_sendmsg+0x48d/0x760 - -Transaction mutex is held, so parallel updates are not possible. -Switch to _protected and check mutex is held for lockdep enabled builds. - -Fixes: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") -Signed-off-by: Florian Westphal -Signed-off-by: Greg Kroah-Hartman ---- - net/netfilter/nft_set_pipapo.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - ---- a/net/netfilter/nft_set_pipapo.c -+++ b/net/netfilter/nft_set_pipapo.c -@@ -1695,6 +1695,17 @@ static void nft_pipapo_commit(const stru - priv->clone = new_clone; - } - -+static bool nft_pipapo_transaction_mutex_held(const struct nft_set *set) -+{ -+#ifdef CONFIG_PROVE_LOCKING -+ const struct net *net = read_pnet(&set->net); -+ -+ return lockdep_is_held(&nft_pernet(net)->commit_mutex); -+#else -+ return true; -+#endif -+} -+ - static void nft_pipapo_abort(const struct nft_set *set) - { - struct nft_pipapo *priv = nft_set_priv(set); -@@ -1703,7 +1714,7 @@ static void nft_pipapo_abort(const struc - if (!priv->dirty) - return; - -- m = rcu_dereference(priv->match); -+ m = rcu_dereference_protected(priv->match, nft_pipapo_transaction_mutex_held(set)); - - new_clone = pipapo_clone(m); - if (IS_ERR(new_clone)) diff --git a/queue-5.10/series b/queue-5.10/series index 74e5654e41b..c10458227fb 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -223,6 +223,5 @@ rdma-uverbs-fix-typo-of-sizeof-argument.patch rdma-siw-fix-connection-failure-handling.patch rdma-mlx5-fix-null-string-error.patch parisc-restore-__ldcw_align-for-pa-risc-2.0-processors.patch -netfilter-nf_tables-fix-false-positive-lockdep-splat.patch netfilter-nf_tables-fix-kdoc-warnings-after-gc-rework.patch netfilter-nftables-exthdr-fix-4-byte-stack-oob-write.patch