[{"id":3675791,"web_url":"http://patchwork.ozlabs.org/comment/3675791/","msgid":"<adjRiG_Bp3WpRYOz@strlen.de>","list_archive_url":null,"date":"2026-04-10T10:31:36","subject":"Re: [PATCH nf] netfilter: nf_tables: use RCU-safe list primitives\n for basechain hook list","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/people/1025/","name":"Florian Westphal","email":"fw@strlen.de"},"content":"Weiming Shi <bestswngs@gmail.com> wrote:\n> NFT_MSG_GETCHAIN runs as an NFNL_CB_RCU callback, so chain dumps\n> traverse basechain->hook_list under rcu_read_lock() without holding\n> commit_mutex. Meanwhile, nft_delchain_hook() mutates that same live\n> hook_list with plain list_move() and list_splice(), and the commit/abort\n> paths splice hooks back with plain list_splice(). None of these are\n> RCU-safe list operations.\n> \n> A concurrent GETCHAIN dump can observe partially updated list pointers,\n> follow them into stack-local or transaction-private list heads, and\n> crash when container_of() produces a bogus struct nft_hook pointer.\n\nRight, but this is broken by design.\n\n> Replace list_move() in nft_delchain_hook() with list_del_rcu() plus an\n> intermediate pointer array, followed by synchronize_rcu() before the\n> deleted hooks' list pointers are reused to link them into the\n> transaction's private list. In the error paths, put hooks back with\n> list_add_tail_rcu() which is safe for concurrent RCU readers (they\n> either continue to the original successor or see the list head and\n> terminate the walk).\n\nI don't understand the existing code.\n\nI don't even understand why\nwe have a difference between the 'update delete' and chain delete cases.\n\nI think its wrong to unlink and then relink on abort.\nWhat prevents nft_delchain_hook() from using the normal approach done\nby nft_delchain()...?\n\nThis existing code appears to be way too complex.","headers":{"Return-Path":"\n <netfilter-devel+bounces-11793-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11793-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=strlen.de"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsY564sZTz1yGS\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 20:31:54 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 08C323020FF3\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 10:31:47 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 80067340A57;\n\tFri, 10 Apr 2026 10:31:45 +0000 (UTC)","from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 8819B34572B;\n\tFri, 10 Apr 2026 10:31:43 +0000 (UTC)","by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid 030996065C; Fri, 10 Apr 2026 12:31:35 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775817105; cv=none;\n b=rlkcSLmX7MqmcNpYeTVM7EmQGw2ih4u61xcd4d67sHnTGQaXp8UaVjJUXba2Appj9cQqONamLwdDA4mkZdavATH2wcaB42w/mOmWQ9RBLU97g7kF5eT3qrFGeTZZ/mS3RwRPSqJu8/ztqIjX530GjbhduK1YWvDrKeouTZwO9Os=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775817105; c=relaxed/simple;\n\tbh=TEMszoT24S5Fp2NWULGdBLvJaraVJqOg9DNqqM6UkMc=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=FyhcW0PAo4tGM9JbzXLeWaA7exGuLQfULCqIzAvD0kTXWKu14SaM4XG0AYcal8PW/Yab/gYER7hSTHm8xUSFbqZUSjgX4epBqSvQBX1CN/lZBQNJo9416hO7jOjy0Hm8GyvmqxKM5AqAM6cGB3n8P5gHKd69v9XgjMzqMVOthKQ=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30","Date":"Fri, 10 Apr 2026 12:31:36 +0200","From":"Florian Westphal <fw@strlen.de>","To":"Weiming Shi <bestswngs@gmail.com>","Cc":"Pablo Neira Ayuso <pablo@netfilter.org>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,\n\tPhil Sutter <phil@nwl.cc>, Simon Horman <horms@kernel.org>,\n\tnetfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n\tnetdev@vger.kernel.org, linux-kernel@vger.kernel.org,\n\tXiang Mei <xmei5@asu.edu>","Subject":"Re: [PATCH nf] netfilter: nf_tables: use RCU-safe list primitives\n for basechain hook list","Message-ID":"<adjRiG_Bp3WpRYOz@strlen.de>","References":"<20260410101321.915190-2-bestswngs@gmail.com>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20260410101321.915190-2-bestswngs@gmail.com>"}},{"id":3675828,"web_url":"http://patchwork.ozlabs.org/comment/3675828/","msgid":"<adjbrcTOL8MLjtfh@chamomile>","list_archive_url":null,"date":"2026-04-10T11:14:53","subject":"Re: [PATCH nf] netfilter: nf_tables: use RCU-safe list primitives\n for basechain hook list","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"content":"On Fri, Apr 10, 2026 at 12:31:36PM +0200, Florian Westphal wrote:\n> Weiming Shi <bestswngs@gmail.com> wrote:\n[...]\n> > Replace list_move() in nft_delchain_hook() with list_del_rcu() plus an\n> > intermediate pointer array, followed by synchronize_rcu() before the\n> > deleted hooks' list pointers are reused to link them into the\n> > transaction's private list. In the error paths, put hooks back with\n> > list_add_tail_rcu() which is safe for concurrent RCU readers (they\n> > either continue to the original successor or see the list head and\n> > terminate the walk).\n> \n> I don't understand the existing code.\n\nI am working on an alternative fix.","headers":{"Return-Path":"\n <netfilter-devel+bounces-11795-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=YUxalXX6;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11795-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"YUxalXX6\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsZBN4my6z1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 21:21:32 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 106B93036384\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 11:15:08 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id E73A134CFC7;\n\tFri, 10 Apr 2026 11:15:06 +0000 (UTC)","from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 624083B8D79;\n\tFri, 10 Apr 2026 11:15:04 +0000 (UTC)","from netfilter.org (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with UTF8SMTPSA id 6DB476017D;\n\tFri, 10 Apr 2026 13:14:56 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775819706; cv=none;\n b=Lr96WIFEkgiUNrAvjbmWJz8kfpqQb3mBicPnYeAc3kcqPQrewmwJWI+h5R0euloKlYyx+Y+gIWnkZ1ReFPl0JYPhKdiE5gNgXknCT/5k8twWgpvFFfPRDkpzPaymj3IcoET7f7oN9fhnBgPpFLYSz1vOwoSMqo1UZCaWWq11Vtc=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775819706; c=relaxed/simple;\n\tbh=8eu8GjfNcwmpDh12DHbw8IEt5L3Ifz1hcaq6AJy5lsY=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=MgTSA8CCUclyVu0NhSQHZAOnwuxL3ZeyGcX1kOILYew31JYeKVLYMXNx9J/Iqea3+LN2pHA6R7DnQVMUsf+RNLUbj5skP6SBauUnBKlS2us98UDNq9C8CNzZ5UL6UXU2Jn1I0vmC6ISC0z9xsHNO6oGf8YyNvpBa6Aj4RbgLdBU=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=YUxalXX6; arc=none smtp.client-ip=217.70.190.124","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1775819696;\n\tbh=Mh3S7WIx/yhoFJTOcpC2TOSd4VC6CTJCoUxt3kvMeh8=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=YUxalXX6CIjkCwx+feFuII932EZOeNwp1fzQTNWDzsY/bNxgdnqPgOJpMa+uNdJKF\n\t ZwWzf+82QI/F1a46afoOg5q9vvfw6XpY5+qBQvE3VfN9jJ2wmHpQLRbWVv4PMq7F5B\n\t mhqVGV7c1VpcUhss1YhC5ciXyg+4VTF/DDiOw4Wxb0+KN2obwOZDZTyExn0r1E8EX+\n\t dr51b1Uz0OB42UpZtsRvkaWWrMSU+Sy8NzQP8QilfZM+K2U9Idx3OrsbUzPqpxs3vA\n\t J+jM8awH/bxKLa8Ogs5APcbLDE0su4TPO4tcWpupDIfyu7mWGxYzcea4gLxnQ/vfdt\n\t F4NYfRJiTK91A==","Date":"Fri, 10 Apr 2026 13:14:53 +0200","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"Florian Westphal <fw@strlen.de>","Cc":"Weiming Shi <bestswngs@gmail.com>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,\n\tPhil Sutter <phil@nwl.cc>, Simon Horman <horms@kernel.org>,\n\tnetfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n\tnetdev@vger.kernel.org, linux-kernel@vger.kernel.org,\n\tXiang Mei <xmei5@asu.edu>","Subject":"Re: [PATCH nf] netfilter: nf_tables: use RCU-safe list primitives\n for basechain hook list","Message-ID":"<adjbrcTOL8MLjtfh@chamomile>","References":"<20260410101321.915190-2-bestswngs@gmail.com>\n <adjRiG_Bp3WpRYOz@strlen.de>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<adjRiG_Bp3WpRYOz@strlen.de>"}}]