| Message ID | 20241106234625.168468-1-pablo@netfilter.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Netdev Maintainers |
| Headers | show |
On Thu, 7 Nov 2024 00:46:14 +0100 Pablo Neira Ayuso wrote:
> "Unfortunately there are many more errors, and not all are false positives.
Thanks a lot for jumping on fixing the CONFIG_RCU_LIST=y splats!
To clarify should the selftests be splat-free now or there is more
work required to get there?
Jakub Kicinski <kuba@kernel.org> wrote: > On Thu, 7 Nov 2024 00:46:14 +0100 Pablo Neira Ayuso wrote: > > "Unfortunately there are many more errors, and not all are false positives. > > Thanks a lot for jumping on fixing the CONFIG_RCU_LIST=y splats! > To clarify should the selftests be splat-free now or there is more > work required to get there? I tried to repro last week on net-next (not nf-next!) + v2 of these patches and I did not see splats, but I'll re-run everything later today to make sure they've been fixed up.
On Thu, 7 Nov 2024 08:08:34 +0100 Florian Westphal wrote: > Jakub Kicinski <kuba@kernel.org> wrote: > > On Thu, 7 Nov 2024 00:46:14 +0100 Pablo Neira Ayuso wrote: > > > "Unfortunately there are many more errors, and not all are false positives. > > > > Thanks a lot for jumping on fixing the CONFIG_RCU_LIST=y splats! > > To clarify should the selftests be splat-free now or there is more > > work required to get there? > > I tried to repro last week on net-next (not nf-next!) + v2 of these patches > and I did not see splats, but I'll re-run everything later today to make > sure they've been fixed up. Great! I was double checking if you know of any selftest-triggered problems before I re-enable that config in our CI. I flipped it back on few hours ago and looks like it's only hitting mcast routing and sctp bugs we already know about, so all good :) Thanks again!
Jakub Kicinski <kuba@kernel.org> wrote: > > I tried to repro last week on net-next (not nf-next!) + v2 of these patches > > and I did not see splats, but I'll re-run everything later today to make > > sure they've been fixed up. > > Great! I was double checking if you know of any selftest-triggered > problems before I re-enable that config in our CI. The only splat I saw today on re-run is in kernel/events/core.c, but Matthieu Baerts tells me there is a fix pending for it. > I flipped it back on few hours ago and looks like it's only hitting > mcast routing and sctp bugs we already know about, so all good :) Great. It finds real bugs so its good that it can be turned on again to catch future issues.
On Thu, Nov 7, 2024 at 9:48 PM Jakub Kicinski <kuba@kernel.org> wrote: > > On Thu, 7 Nov 2024 08:08:34 +0100 Florian Westphal wrote: > > Jakub Kicinski <kuba@kernel.org> wrote: > > > On Thu, 7 Nov 2024 00:46:14 +0100 Pablo Neira Ayuso wrote: > > > > "Unfortunately there are many more errors, and not all are false positives. > > > > > > Thanks a lot for jumping on fixing the CONFIG_RCU_LIST=y splats! > > > To clarify should the selftests be splat-free now or there is more > > > work required to get there? > > > > I tried to repro last week on net-next (not nf-next!) + v2 of these patches > > and I did not see splats, but I'll re-run everything later today to make > > sure they've been fixed up. > > Great! I was double checking if you know of any selftest-triggered > problems before I re-enable that config in our CI. > > I flipped it back on few hours ago and looks like it's only hitting > mcast routing and sctp bugs we already know about, so all good :) > sctp fix : https://patchwork.kernel.org/project/netdevbpf/patch/20241107192021.2579789-1-edumazet@google.com/
Hi, The following series contains Netfilter updates for net-next: 1) Make legacy xtables configs user selectable, from Breno Leitao. 2) Fix a few sparse warnings related to percpu, from Uros Bizjak. 3) Use strscpy_pad, from Justin Stitt. 4) Use nft_trans_elem_alloc() in catchall flush, from Florian Westphal. 5) A series of 7 patches to fix false positive with CONFIG_RCU_LIST=y. Florian also sees possible issue with 10 while module load/removal when requesting an expression that is available via module. As for patch 11, object is being updated so reference on the module already exists so I don't see any real issue. Florian says: "Unfortunately there are many more errors, and not all are false positives. First patches pass lockdep_commit_lock_is_held() to the rcu list traversal macro so that those splats are avoided. The last two patches are real code change as opposed to 'pass the transaction mutex to relax rcu check': Those two lists are not protected by transaction mutex so could be altered in parallel. This targets nf-next because these are long-standing issues." Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-24-11-07 Thanks. ---------------------------------------------------------------- The following changes since commit f66ebf37d69cc700ca884c6a18c2258caf8b151b: Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2024-10-03 10:05:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-24-11-07 for you to fetch changes up to cddc04275f95ca3b18da5c0fb111705ac173af89: netfilter: nf_tables: must hold rcu read lock while iterating object type list (2024-11-05 22:07:12 +0100) ---------------------------------------------------------------- netfilter pull request 24-11-07 ---------------------------------------------------------------- Breno Leitao (1): netfilter: Make legacy configs user selectable Florian Westphal (8): netfilter: nf_tables: prefer nft_trans_elem_alloc helper netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion netfilter: nf_tables: avoid false-positive lockdep splats with sets netfilter: nf_tables: avoid false-positive lockdep splats with flowtables netfilter: nf_tables: avoid false-positive lockdep splats in set walker netfilter: nf_tables: avoid false-positive lockdep splats with basechain hook netfilter: nf_tables: must hold rcu read lock while iterating expression type list netfilter: nf_tables: must hold rcu read lock while iterating object type list Justin Stitt (1): netfilter: nf_tables: replace deprecated strncpy with strscpy_pad Uros Bizjak (1): netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c include/net/netfilter/nf_tables.h | 3 +- net/bridge/netfilter/Kconfig | 8 +- net/bridge/netfilter/nft_meta_bridge.c | 2 +- net/ipv4/netfilter/Kconfig | 16 +++- net/ipv6/netfilter/Kconfig | 9 ++- net/netfilter/nf_tables_api.c | 132 +++++++++++++++++++-------------- net/netfilter/nft_flow_offload.c | 4 +- net/netfilter/nft_set_bitmap.c | 10 ++- net/netfilter/nft_set_hash.c | 3 +- 9 files changed, 119 insertions(+), 68 deletions(-)