[ Sasha's backport helper bot ]
Hi,
Summary of potential issues: ℹ️ This is part 2/3 of a series ⚠️ Found follow-up fixes in mainline
The upstream commit SHA1 provided is correct: c03d278fdf35e73dd0ec543b9b556876b9d9a8dc
Status in newer kernel trees: 6.14.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: bfd05c68e4c6) 6.1.y | Not found
Found fixes commits: b04df3da1b5c netfilter: nf_tables: do not defer rule destruction via call_rcu
Note: The patch differs from the upstream commit: --- 1: c03d278fdf35e ! 1: 14e8d506ade73 netfilter: nf_tables: wait for rcu grace period on net_device removal @@ Metadata ## Commit message ## netfilter: nf_tables: wait for rcu grace period on net_device removal
+ commit c03d278fdf35e73dd0ec543b9b556876b9d9a8dc upstream. + 8c873e219970 ("netfilter: core: free hooks with call_rcu") removed synchronize_net() call when unregistering basechain hook, however, net_device removal event handler for the NFPROTO_NETDEV was not updated @@ Commit message Signed-off-by: Pablo Neira Ayuso pablo@netfilter.org
## include/net/netfilter/nf_tables.h ## -@@ include/net/netfilter/nf_tables.h: struct nft_rule_blob { - * @name: name of the chain - * @udlen: user data length - * @udata: user data in the chain -+ * @rcu_head: rcu head for deferred release - * @blob_next: rule blob pointer to the next in the chain - */ - struct nft_chain { @@ include/net/netfilter/nf_tables.h: struct nft_chain { char *name; u16 udlen; @@ include/net/netfilter/nf_tables.h: struct nft_chain { + struct rcu_head rcu_head;
/* Only used during control plane commit phase: */ - struct nft_rule_blob *blob_next; + struct nft_rule **rules_next; @@ include/net/netfilter/nf_tables.h: static inline void nft_use_inc_restore(u32 *use) * @sets: sets in the table * @objects: stateful objects in the table ---
NOTE: These results are for this patch alone. Full series testing will be performed when all parts are received.
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |