Re: [syzbot] [netfilter?] possible deadlock in nf_tables_dumpreset_obj

Next message: Matthias Fend: "Re: [PATCH v6 2/2] media: i2c: add Himax HM1246 image sensor driver"
Previous message: Harry Yoo: "Re: [RFC PATCH V3 7/7] mm/slab: place slabobj_ext metadata in unused space within s-&gt;size"
In reply to: Pablo Neira Ayuso: "Re: [syzbot] [netfilter?] possible deadlock in nf_tables_dumpreset_obj"
Next in thread: Jozsef Kadlecsik: "Re: [syzbot] [netfilter?] possible deadlock in nf_tables_dumpreset_obj"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Mon Dec 22 2025 - 06:16:16 EST

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > CPU0: 'nft reset'.
> > > CPU1: 'ipset list' (anything in ipset doing a netlink dump op)
> > > CPU2: 'iptables-nft -A ... -m set ...'
> > >
> > > ... can result in:
> > >
> > > CPU0 CPU1 CPU2
> > > ---- ---- ----
> > > lock(nlk_cb_mutex-NETFILTER);
> > > lock(nfnl_subsys_ipset);
> > > lock(&nft_net->commit_mutex);
> > > lock(nlk_cb_mutex-NETFILTER);
> > > lock(nfnl_subsys_ipset);
> > > lock(&nft_net->commit_mutex);
>
> Would it work to use a separated mutex for reset itself?

I think so, yes, its only job is to prevent concurrent reset actions,
the objects themselves are protected by rcu.

Parallel add/removal should be fine.