www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 4 Nov 2024 09:41:18 +0000 (10:41 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 5 Nov 2024 21:06:32 +0000 (22:06 +0100)
commit	ee666a541ed957937454d50afa4757924508cd74
tree	ce0f09d877c375e91dcd7ca81fced94f115a4116	tree
parent	3567146b94afcd69d4916c880eb5b1b0e3797397	commit \| diff

netfilter: nf_tables: must hold rcu read lock while iterating expression type list

nft shell tests trigger:
WARNING: suspicious RCU usage
net/netfilter/nf_tables_api.c:3125 RCU-list traversed in non-reader section!!
1 lock held by nft/2068:
#0: ffff888106c6f8c8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3c/0xf0

But the transaction mutex doesn't protect this list, the nfnl subsystem
mutex would, but we can't acquire it here without risk of ABBA
deadlocks.

Acquire the rcu read lock to avoid this issue.

v3: add a comment that explains the ->inner_ops check implies
expression is builtin and lack of a module owner reference is ok.

Fixes: 3a07327d10a0 ("netfilter: nft_inner: support for inner tunnel header matching")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>