net/nat: g_nat_lock can be used recursively#18571
Open
masc2008 wants to merge 1 commit intoapache:masterfrom
Open
net/nat: g_nat_lock can be used recursively#18571masc2008 wants to merge 1 commit intoapache:masterfrom
masc2008 wants to merge 1 commit intoapache:masterfrom
Conversation
github-actions
bot
added
Area: Networking
masc2008
changed the title
acassis
approved these changes
Mar 21, 2026
Contributor
Member
|
All CI Builds have been failing since 18 hours ago. @simbit18 Would you know how to check the GitHub Actions allowed by ASF Infra Team? Wonder if they blocked something due to yesterday's Trivy Security Incident. https://github.com/apache/nuttx/actions/runs/23389990049
Update: Found the allowed GitHub Actions. It's updated recently, lemme see what they blocked...
Hmmm why did ASF Infra Team insist on docker/login-action@v3.7.0? Lemme submit a patch to roll back. docker/login-action:
c94ce9fb468520275223c153574b00df6fe4bcc9:
tag: v3.7.0
|
Member
|
This patch should fix our CI Builds:
Yep the ASF Policy Change is due to the Trivy Security Incident. Yesterday somehow I failed to understand the meaning of the exact words when I read this broadcast email (maybe
|
lupyuen
added a commit
to lupyuen14/nuttx-apps
that referenced
this pull request
Mar 22, 2026
All CI Builds have been failing since 18 hours ago: - apache/nuttx#18571 (comment) - https://github.com/apache/nuttx/actions/runs/23389990049 > _The action docker/login-action@v4 is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: 1Password/load-secrets-action@13f58ee, 1Password/load-secrets-action@8d0d610, 1Password/load-secrets-action@dafbe7c, AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, DavidAnson/markdownlint-cli2-action@07035fd, DavidAnson/markdownlint-cli2-action@30a0e04, EnricoMi/publish-unit-test-result-action@*, JamesIves/github-pages-deploy-action@4a3abc7, JamesIves/github-pages-deploy-action@d92aa23, Jimver/cuda-toolkit@6008063, Jimver/cuda-toolkit@b6fc3a9, JustinBeckwith/linkinator-action@af984b9f30f63e796..._ That's because ASF Infrastructure Team has mandated that we use the Specific Versions of GitHub Actions for Docker, stated below: - https://github.com/apache/infrastructure-actions/blob/main/actions.yml - Which generates: https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml ```yaml docker/build-push-action: 10e90e3645eae34f1e60eeb005ba3a3d33f178e8: tag: v6.19.2 docker/login-action: c94ce9fb468520275223c153574b00df6fe4bcc9: tag: v3.7.0 docker/metadata-action: c299e40c65443455700f0fdfc63efafe5b349051: tag: v5.10.0 docker/setup-buildx-action: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f: tag: v3.12.0 ``` This PR reverts our GitHub Actions for Docker to the versions stated above. Signed-off-by: Lup Yuen Lee <luppy@appkaki.com>
Member
|
Oops I need to pin to a Specific Hash, not just the Specific Version. Lemme resubmit the patch... |
lupyuen
added a commit
to lupyuen14/nuttx
that referenced
this pull request
Mar 22, 2026
All CI Builds have been failing since 18 hours ago: - apache#18571 (comment) - https://github.com/apache/nuttx/actions/runs/23389990049 > _The action docker/login-action@v4 is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: 1Password/load-secrets-action@13f58ee, 1Password/load-secrets-action@8d0d610, 1Password/load-secrets-action@dafbe7c, AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, DavidAnson/markdownlint-cli2-action@07035fd, DavidAnson/markdownlint-cli2-action@30a0e04, EnricoMi/publish-unit-test-result-action@*, JamesIves/github-pages-deploy-action@4a3abc7, JamesIves/github-pages-deploy-action@d92aa23, Jimver/cuda-toolkit@6008063, Jimver/cuda-toolkit@b6fc3a9, JustinBeckwith/linkinator-action@af984b9f30f63e796..._ That's because ASF Infrastructure Team has mandated that we use the Hash Versions of GitHub Actions for Docker, stated below: - https://github.com/apache/infrastructure-actions/blob/main/actions.yml - Which generates: https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml - Due to: apache/infrastructure-actions#547 ```yaml docker/build-push-action: 10e90e3645eae34f1e60eeb005ba3a3d33f178e8: tag: v6.19.2 docker/login-action: c94ce9fb468520275223c153574b00df6fe4bcc9: tag: v3.7.0 docker/metadata-action: c299e40c65443455700f0fdfc63efafe5b349051: tag: v5.10.0 docker/setup-buildx-action: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f: tag: v3.12.0 ``` This PR reverts our GitHub Actions for Docker to the hash versions stated above. Signed-off-by: Lup Yuen Lee <luppy@appkaki.com>
lupyuen
added a commit
to lupyuen14/nuttx-apps
that referenced
this pull request
Mar 22, 2026
All CI Builds have been failing since 18 hours ago: - apache/nuttx#18571 (comment) - https://github.com/apache/nuttx/actions/runs/23389990049 > _The action docker/login-action@v4 is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: 1Password/load-secrets-action@13f58ee, 1Password/load-secrets-action@8d0d610, 1Password/load-secrets-action@dafbe7c, AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, DavidAnson/markdownlint-cli2-action@07035fd, DavidAnson/markdownlint-cli2-action@30a0e04, EnricoMi/publish-unit-test-result-action@*, JamesIves/github-pages-deploy-action@4a3abc7, JamesIves/github-pages-deploy-action@d92aa23, Jimver/cuda-toolkit@6008063, Jimver/cuda-toolkit@b6fc3a9, JustinBeckwith/linkinator-action@af984b9f30f63e796..._ That's because ASF Infrastructure Team has mandated that we use the Hash Versions of GitHub Actions for Docker, stated below: - https://github.com/apache/infrastructure-actions/blob/main/actions.yml - Which generates: https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml - Due to: apache/infrastructure-actions#547 ```yaml docker/build-push-action: 10e90e3645eae34f1e60eeb005ba3a3d33f178e8: tag: v6.19.2 docker/login-action: c94ce9fb468520275223c153574b00df6fe4bcc9: tag: v3.7.0 docker/metadata-action: c299e40c65443455700f0fdfc63efafe5b349051: tag: v5.10.0 docker/setup-buildx-action: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f: tag: v3.12.0 ``` This PR reverts our GitHub Actions for Docker to the hash versions stated above. Signed-off-by: Lup Yuen Lee <luppy@appkaki.com>
simbit18
pushed a commit
that referenced
this pull request
Mar 22, 2026
All CI Builds have been failing since 18 hours ago: - #18571 (comment) - https://github.com/apache/nuttx/actions/runs/23389990049 > _The action docker/login-action@v4 is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: 1Password/load-secrets-action@13f58ee, 1Password/load-secrets-action@8d0d610, 1Password/load-secrets-action@dafbe7c, AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, DavidAnson/markdownlint-cli2-action@07035fd, DavidAnson/markdownlint-cli2-action@30a0e04, EnricoMi/publish-unit-test-result-action@*, JamesIves/github-pages-deploy-action@4a3abc7, JamesIves/github-pages-deploy-action@d92aa23, Jimver/cuda-toolkit@6008063, Jimver/cuda-toolkit@b6fc3a9, JustinBeckwith/linkinator-action@af984b9f30f63e796..._ That's because ASF Infrastructure Team has mandated that we use the Hash Versions of GitHub Actions for Docker, stated below: - https://github.com/apache/infrastructure-actions/blob/main/actions.yml - Which generates: https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml - Due to: apache/infrastructure-actions#547 ```yaml docker/build-push-action: 10e90e3645eae34f1e60eeb005ba3a3d33f178e8: tag: v6.19.2 docker/login-action: c94ce9fb468520275223c153574b00df6fe4bcc9: tag: v3.7.0 docker/metadata-action: c299e40c65443455700f0fdfc63efafe5b349051: tag: v5.10.0 docker/setup-buildx-action: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f: tag: v3.12.0 ``` This PR reverts our GitHub Actions for Docker to the hash versions stated above. Signed-off-by: Lup Yuen Lee <luppy@appkaki.com>
lupyuen
added a commit
to apache/nuttx-apps
that referenced
this pull request
Mar 22, 2026
All CI Builds have been failing since 18 hours ago: - apache/nuttx#18571 (comment) - https://github.com/apache/nuttx/actions/runs/23389990049 > _The action docker/login-action@v4 is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns: 1Password/load-secrets-action@13f58ee, 1Password/load-secrets-action@8d0d610, 1Password/load-secrets-action@dafbe7c, AdoptOpenJDK/install-jdk@*, BobAnkh/auto-generate-changelog@*, DavidAnson/markdownlint-cli2-action@07035fd, DavidAnson/markdownlint-cli2-action@30a0e04, EnricoMi/publish-unit-test-result-action@*, JamesIves/github-pages-deploy-action@4a3abc7, JamesIves/github-pages-deploy-action@d92aa23, Jimver/cuda-toolkit@6008063, Jimver/cuda-toolkit@b6fc3a9, JustinBeckwith/linkinator-action@af984b9f30f63e796..._ That's because ASF Infrastructure Team has mandated that we use the Hash Versions of GitHub Actions for Docker, stated below: - https://github.com/apache/infrastructure-actions/blob/main/actions.yml - Which generates: https://github.com/apache/infrastructure-actions/blob/main/approved_patterns.yml - Due to: apache/infrastructure-actions#547 ```yaml docker/build-push-action: 10e90e3645eae34f1e60eeb005ba3a3d33f178e8: tag: v6.19.2 docker/login-action: c94ce9fb468520275223c153574b00df6fe4bcc9: tag: v3.7.0 docker/metadata-action: c299e40c65443455700f0fdfc63efafe5b349051: tag: v5.10.0 docker/setup-buildx-action: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f: tag: v3.12.0 ``` This PR reverts our GitHub Actions for Docker to the hash versions stated above. Signed-off-by: Lup Yuen Lee <luppy@appkaki.com>
Member
|
@masc2008 Can you Rebase with Master Branch to trigger the CI Build? Thanks :-) |
case: when rndis receive a packet and this packet is going to be forwarded. 1. first lock happen when ipv4_dev_forward call ipv4_nat_outbound; 2. next lock is: ipv4_nat_outbound_entry_find --> nat_port_select --> tcp_selectport --> nat_port_inuse Signed-off-by: Jerry Ma <shichunma@bestechnic.com>
Contributor
Author
I just did: "git pull upstream" and "git push", the "rebase" should be finished, am I correct? |
Member
|
Yep it's building now thanks :-) |
| ****************************************************************************/ | ||
|
|
||
| static mutex_t g_nat_lock = NXMUTEX_INITIALIZER; | ||
| static mutex_t g_nat_lock = NXRMUTEX_INITIALIZER; |
Contributor
There was a problem hiding this comment.
Suggested change
| static mutex_t g_nat_lock = NXRMUTEX_INITIALIZER; | |
| static rmutex_t g_nat_lock = NXRMUTEX_INITIALIZER; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note: Please adhere to Contributing Guidelines.
Summary
case: when rndis receive a packet and this packet is going to be forwarded.
Impact
fix assert when NET_NAT is enabled, and packet forwards from one net device to another.
Testing
without this code, it has below assert:
