On Sun, 4 Feb 2024, Greg Kroah-Hartman wrote:
On Sun, Feb 04, 2024 at 02:00:12PM +0700, Bagas Sanjaya wrote:
On Fri, Feb 02, 2024 at 08:06:32PM -0800, Greg Kroah-Hartman wrote:
6.6-stable review patch. If anyone has any objections, please let me know.
From: Jozsef Kadlecsik kadlec@netfilter.org
[ Upstream commit 97f7cf1cd80eeed3b7c808b7c12463295c751001 ]
The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.
Hi,
Стас Ничипорович stasn77@gmail.com reported ipset kernel panic with this patch [1]. He noted that reverting it fixed the regression.
Thanks.
Is this also an issue in Linus's tree?
I'm going to send a patch in my next email which fixes the issue. Sorry, splitting the destroy operation into two halves was not taken into account at every location.
Best regards, Jozsef