From 7cc93d888df764a13f196e3d4aef38869f7dd217 Mon Sep 17 00:00:00 2001 From: Louis Peens Date: Fri, 2 Jul 2021 11:21:39 +0200 Subject: [PATCH] nfp: flower-ct: remove callback delete deadlock The current location of the callback delete can lead to a race condition where deleting the callback requires a write_lock on the nf_table, but at the same time another thread from netfilter could have taken a read lock on the table before trying to offload. Since the driver is taking a rtnl_lock this can lead into a deadlock situation, where the netfilter offload will wait for the cls_flower rtnl_lock to be released, but this cannot happen since this is waiting for the nf_table read_lock to be released before it can delete the callback. Solve this by completely removing the nf_flow_table_offload_del_cb call, as this will now be cleaned up by act_ct itself when cleaning up the specific nf_table. Fixes: 62268e78145f ("nfp: flower-ct: add nft callback stubs") Signed-off-by: Louis Peens Signed-off-by: Yinjun Zhang Signed-off-by: Simon Horman Signed-off-by: David S. Miller --- drivers/net/ethernet/netronome/nfp/flower/conntrack.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c index 273d529d43c2..128020b1573e 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c +++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c @@ -1141,20 +1141,7 @@ int nfp_fl_ct_del_flow(struct nfp_fl_ct_map_entry *ct_map_ent) nfp_fl_ct_clean_flow_entry(ct_entry); kfree(ct_map_ent); - /* If this is the last pre_ct_rule it means that it is - * very likely that the nft table will be cleaned up next, - * as this happens on the removal of the last act_ct flow. - * However we cannot deregister the callback on the removal - * of the last nft flow as this runs into a deadlock situation. - * So deregister the callback on removal of the last pre_ct flow - * and remove any remaining nft flow entries. We also cannot - * save this state and delete the callback later since the - * nft table would already have been freed at that time. - */ if (!zt->pre_ct_count) { - nf_flow_table_offload_del_cb(zt->nft, - nfp_fl_ct_handle_nft_flow, - zt); zt->nft = NULL; nfp_fl_ct_clean_nft_entries(zt); } -- 2.11.0