Commit 8df1b40d authored by Fedor Pchelkin's avatar Fedor Pchelkin Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: adjust lockdep assertions handling 



It's needed to check the return value of lockdep_commit_lock_is_held(),
otherwise there's no point in this assertion as it doesn't print any
debug information on itself.

Found by Linux Verification Center (linuxtesting.org) with Svace static
analysis tool.

Fixes: b04df3da ("netfilter: nf_tables: do not defer rule destruction via call_rcu")
Reported-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: default avatarFedor Pchelkin <pchelkin@ispras.ru>
Acked-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a1050dd0

net/netfilter/nf_tables_api.c

+2 −2
Original line number Diff line number Diff line
@@ -4042,7 +4042,7 @@ void nf_tables_rule_destroy(const struct nft_ctx *ctx, struct nft_rule *rule) 
/* can only be used if rule is no longer visible to dumps */

static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule)

{

	lockdep_commit_lock_is_held(ctx->net);

	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));



	nft_rule_expr_deactivate(ctx, rule, NFT_TRANS_RELEASE);

	nf_tables_rule_destroy(ctx, rule);
@@ -5864,7 +5864,7 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, 
			      struct nft_set_binding *binding,

			      enum nft_trans_phase phase)

{

	lockdep_commit_lock_is_held(ctx->net);

	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));



	switch (phase) {

	case NFT_TRANS_PREPARE_ERROR: