netfilter: nf_tables: adjust lockdep assertions handling

JIRA: https://issues.redhat.com/browse/RHEL-115582
Upstream Status: commit 8df1b40

commit 8df1b40
Author: Fedor Pchelkin <pchelkin@ispras.ru>
Date:   Tue Jun 24 14:12:15 2025 +0300

    netfilter: nf_tables: adjust lockdep assertions handling

    It's needed to check the return value of lockdep_commit_lock_is_held(),
    otherwise there's no point in this assertion as it doesn't print any
    debug information on itself.

    Found by Linux Verification Center (linuxtesting.org) with Svace static
    analysis tool.

    Fixes: b04df3d ("netfilter: nf_tables: do not defer rule destruction via call_rcu")
    Reported-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
    Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
    Acked-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by: Florian Westphal <fwestpha@redhat.com>

Author: fw-strlen

net/netfilter/nf_tables_api.c

@@ -3986,7 +3986,7 @@ void nf_tables_rule_destroy(const struct nft_ctx *ctx, struct nft_rule *rule)
 /* can only be used if rule is no longer visible to dumps */
 static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule)
 {
-	lockdep_commit_lock_is_held(ctx->net);
+	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));
 
 	nft_rule_expr_deactivate(ctx, rule, NFT_TRANS_RELEASE);
 	nf_tables_rule_destroy(ctx, rule);
@@ -5806,7 +5806,7 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
 			      struct nft_set_binding *binding,
 			      enum nft_trans_phase phase)
 {
-	lockdep_commit_lock_is_held(ctx->net);
+	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));
 
 	switch (phase) {
 	case NFT_TRANS_PREPARE_ERROR: