Re: [syzbot] [netfilter?] possible deadlock in nf_tables_dumpreset_obj

Next message: Stefano Garzarella: "Re: [PATCH net 1/2] vsock: Make accept()ed sockets use custom setsockopt()"
Previous message: Li Chen: "[PATCH] ext4: fast commit: avoid fs_reclaim inversion in perform_commit"
In reply to: Jozsef Kadlecsik: "Re: [syzbot] [netfilter?] possible deadlock in nf_tables_dumpreset_obj"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Tue Dec 23 2025 - 08:14:03 EST

Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote:
> > Not yet sure how to avoid it.
> > Maybe we could get rid of 'lock(nfnl_subsys_ipset);'
> > from the xt_set module call paths.
>
> I don't know how calling it could be avoided: userspace commands (ipset +
> iptables checkentry using ipset match/target) are serialized by
> nfnl_subsys_ipset.

Ok, thanks Jozsef. In that case its much simpler to leave ipset
alone and add a new reset serialization mutex in nf_tables.