[Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

There could be a deadlock: 1. "nft" process calls request_module() with nfnl_lock(NFNL_SUBSYS_NFTABLES) taken and waits for its completion: [UN] PID: 7391 TASK: 939e154bc000 COMMAND: "nft" wait_for_completion_killable __call_usermodehelper_exec __request_module nf_logger_find_get

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 7/16/20 3:37 PM, Konstantin Khorenko wrote: > > +extern struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] > __read_mostly; > + > +/* > + * In "nft_log" module we need to drop nfnl lock while performing > + * request_module(), calls to nf_logger_find_get() in other > + * m

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 07/16/2020 04:55 PM, Andrey Ryabinin wrote: On 7/16/20 3:37 PM, Konstantin Khorenko wrote: +extern struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly; + +/* + * In "nft_log" module we need to drop nfnl lock while performing + * request_module(), calls to nf_log

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 07/16/2020 07:47 PM, Konstantin Khorenko wrote: On 07/16/2020 04:55 PM, Andrey Ryabinin wrote: On 7/16/20 3:37 PM, Konstantin Khorenko wrote: +extern struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly; + +/* + * In "nft_log" module we need to drop nfnl lock wh

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 7/16/20 3:37 PM, Konstantin Khorenko wrote: > +static int nf_logger_find_get_lock(int pf, enum nf_log_type type) > +{ > + struct nf_logger *logger; > + int ret = 0; > + > + logger = loggers[pf][type]; > + if (logger == NULL) { > + nfnl_unlock(NFNL_SUBSYS_NFTABLES);

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 7/16/20 8:21 PM, Konstantin Khorenko wrote: > If nc->call_batch() == nf_tables_newrule(), it means > nc == nf_tables_cb[NFT_MSG_NEWRULE] > > nc == &ss->cb[cb_id] > => ss == nf_tables_subsys > > and we know that nf_tables_subsys.subsys_id = NFNL_SUBSYS_NFTABLES > > > static const struct nf

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 07/17/2020 03:39 PM, Andrey Ryabinin wrote: On 7/16/20 3:37 PM, Konstantin Khorenko wrote: +static int nf_logger_find_get_lock(int pf, enum nf_log_type type) +{ + struct nf_logger *logger; + int ret = 0; + + logger = loggers[pf][type]; + if (logger == NULL) { +

Re: [Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module

On 07/17/2020 03:41 PM, Andrey Ryabinin wrote: On 7/16/20 8:21 PM, Konstantin Khorenko wrote: If nc->call_batch() == nf_tables_newrule(), it means nc == nf_tables_cb[NFT_MSG_NEWRULE] nc == &ss->cb[cb_id] => ss == nf_tables_subsys and we know that nf_tables_subsys.subsys_id = NFNL_SUBSYS_NFT