Received: by 2002:a05:7412:518d:b0:e2:908c:2ebd with SMTP id fn13csp410486rdb; Thu, 5 Oct 2023 09:18:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFDmR5kLXRFMlpY/GzdGfzzUsGw8gy07HcryeGsIv96gg3O+oAX0d6ASLh5yKrq3oCaLoC3 X-Received: by 2002:a05:6a21:8cc5:b0:14c:c393:6af with SMTP id ta5-20020a056a218cc500b0014cc39306afmr5587940pzb.0.1696522679923; Thu, 05 Oct 2023 09:17:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696522679; cv=none; d=google.com; s=arc-20160816; b=zQ/28BXdwctTZgIRdAqNI2xy5H7kBz8kz2bRKdGeMsujQQ4j5PHVPdjkanvVBHIwgY 53nYh4V/KsZNfTM2pxjgsF0UNGEiOtpxWaPGR9Ws7QIugrQhXZ/bCQbXb92uiNUxHXZv fJfUr7/k5/YS8VCBbBiXkkjoZg8NY07QxtiBoKuz3Ry9Ve/lGC9OpUkPTTlTE+bKVAoE bkZJXd5FFq7IvHg//OysCsFIZr+R6UTyn0VB2Hkc3qER9mGcoPzPJF6Zk8vDduTAy9m+ ltSSuQ1PXUHBI6AKaRz7+JsqO1b2qxyJj2ZMo2jN9TitMY0XBG7lH5B/tehinI6L0ix5 nz3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=wyOdQ9KwUa1IKti+Ji67GlFpBoe47R22a6ddQpYTZFo=; fh=4ZLWBbUG9dex7t27ZOJNU5V2+mN3tU+QGVJuy8THyRU=; b=rltYy8TA2nlm6ruTZNCramBWad+KiU26VgRQwvrIRWieIfBMJfbMRMWJh1jFyT/2Xo c8Qt2TzHg7hHWKI2Fu5yeAtpDED4tGSDnz2EWj8X/1mi90BQly/LOZy+v6HlFZYujQ25 QXJ3/kcNIHg/tLmKRr/DX8cb829V7fA9UTmC5tTVQXXpY+ReObhVQeht7WsIYCkW+RTV P8VxYTM7GGzw8dc6nUFMtx6COljRjTyznWnG4NX/oACRJ83A83uF1OavnxHF71kAXtOF 70mZKgfgKblJYIAl4uTkYYWRGyoC5rSmrC/YXTX1yu4Q+l1hbzaEOaYfPKIE8WEG550x rhEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id a26-20020a63705a000000b005859c6d691dsi1801801pgn.895.2023.10.05.09.17.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 09:17:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id D337083CE295; Thu, 5 Oct 2023 09:17:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240488AbjJEQOF (ORCPT + 99 others); Thu, 5 Oct 2023 12:14:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240972AbjJEQMU (ORCPT ); Thu, 5 Oct 2023 12:12:20 -0400 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:237:300::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7ADDA26A42; Thu, 5 Oct 2023 05:31:39 -0700 (PDT) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1qoNVT-0008M5-La; Thu, 05 Oct 2023 14:31:07 +0200 Date: Thu, 5 Oct 2023 14:31:07 +0200 From: Florian Westphal To: xiaolinkui Cc: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, justinstitt@google.com, kuniyu@amazon.com, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Linkui Xiao Subject: Re: [PATCH] netfilter: ipset: wait for xt_recseq on all cpus Message-ID: <20231005123107.GB9350@breakpoint.cc> References: <20231005115022.12902-1-xiaolinkui@126.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231005115022.12902-1-xiaolinkui@126.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 05 Oct 2023 09:17:21 -0700 (PDT) xiaolinkui wrote: > From: Linkui Xiao > > Before destroying the ipset, take a check on sequence to ensure that the > ip_set_test operation of this ipset has been completed. > > The code of set_match_v4 is protected by addend=xt_write_recseq_begin() and > xt_write_recseq_end(addend). So we can ensure that the test operation is > completed by reading seqcount. Nope, please don't do this, the xt_set can also be used from nft_compat which doesn't use the xtables packet traversers. I'd rather use synchonize_rcu() once in ip_set_destroy(), that will make sure all concurrent traversers are gone. That said, I still do not understand this fix, the match / target destroy hooks are called after the table has been completely replaced, i.e., while packets can still be in flight no packets should be within the ipset lookup functions when this happens, and no more packets should be able to enter them. AFAICS the request to delete the set will fail if its still referenced via any rule. xt_set holds references to the sets. So: 1. set have dropped all references 2. userspace *can* delete the set 3. we get crash because xt_set was still within a sets eval function. I don't see how 3) can happen, xt table replace isn't supposed to call the xt_set destroy functions until after table replace. We even release the entire x_table blob right afterwards.