Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Feature:
Performance of 'nft --echo --json' has been improved. The required mapping from kernel response containing assigned handles to user input was slow if user input was huge, e.g. when restoring a set with many elements. Via introduction of a hash table for this purpose, the delay is avoided entirely.
Reason:
Firewalld is a user of libnftables' JSON API, maintaining blacklists in there could lead to significant startup delay depending on list size.
Result:
No slowdown in firewalld anymore.
There's a required follow-up, above improvement by itself does not work and breaks JSON echo functionality:
commit 299ec575faa6b070940b483dc517ecd883b9f1a4
Author: Phil Sutter <phil>
Date: Wed Dec 2 23:07:11 2020 +0100
json: Fix seqnum_to_json() functionality
Introduction of json_cmd_assoc_hash missed that by the time the hash
table insert happens, the struct cmd object's 'seqnum' field which is
used as key is not initialized yet. This doesn't happen until
nft_netlink() prepares the batch object which records the lowest seqnum.
Therefore push all json_cmd_assoc objects into a temporary list until
the first lookup happens. At this time, all referenced cmd objects have
their seqnum set and the list entries can be moved into the hash table
for fast lookups.
To expose such problems in the future, make json_events_cb() emit an
error message if the passed message has a handle but no assoc entry is
found for its seqnum.
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Cc: Derek Dai <daiderek>
Signed-off-by: Phil Sutter <phil>
And one more follow-up to the original backport:
commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date: Mon Dec 14 16:53:29 2020 +0100
json: don't leave dangling pointers on hlist
unshare -n tests/json_echo/run-test.py
[..]
Adding chain c
free(): double free detected in tcache 2
Aborted (core dumped)
The element must be deleted from the hlist prior to freeing it.
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Signed-off-by: Florian Westphal <fw>
One more follow-up to the original backport:
commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date: Mon Dec 14 16:53:29 2020 +0100
json: don't leave dangling pointers on hlist
unshare -n tests/json_echo/run-test.py
[..]
Adding chain c
free(): double free detected in tcache 2
Aborted (core dumped)
The element must be deleted from the hlist prior to freeing it.
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Signed-off-by: Florian Westphal <fw>
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (nftables bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2021:1722
There's a required follow-up, above improvement by itself does not work and breaks JSON echo functionality: commit 299ec575faa6b070940b483dc517ecd883b9f1a4 Author: Phil Sutter <phil> Date: Wed Dec 2 23:07:11 2020 +0100 json: Fix seqnum_to_json() functionality Introduction of json_cmd_assoc_hash missed that by the time the hash table insert happens, the struct cmd object's 'seqnum' field which is used as key is not initialized yet. This doesn't happen until nft_netlink() prepares the batch object which records the lowest seqnum. Therefore push all json_cmd_assoc objects into a temporary list until the first lookup happens. At this time, all referenced cmd objects have their seqnum set and the list entries can be moved into the hash table for fast lookups. To expose such problems in the future, make json_events_cb() emit an error message if the passed message has a handle but no assoc entry is found for its seqnum. Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()") Cc: Derek Dai <daiderek> Signed-off-by: Phil Sutter <phil>