public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-17 12:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS

Browse source 
Most of the time these were the same value anyway, but when
CONFIG_LOCKDEP was enabled we would use a smaller number of locks to
reduce overhead.  Unfortunately having two values is confusing and not
worth the complexity.

This fixes a bug where tree_gc_worker() would only GC up to
CONNCOUNT_LOCK_SLOTS trees which meant when CONFIG_LOCKDEP was enabled
not all trees would be GCed by tree_gc_worker().

Fixes: 5c789e131c ("netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Shawn Bohrer <sbohrer@cloudflare.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Shawn Bohrer 2018-12-28 01:24:42 +01:00 committed by Pablo Neira Ayuso
parent eb8950861c
commit c78e7818f1
1 changed files with 5 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
net/netfilter/nf_conncount.c
View file

@ -33,12 +33,6 @@
#define CONNCOUNT_SLOTS 256U #define CONNCOUNT_SLOTS 256U
#ifdef CONFIG_LOCKDEP
#define CONNCOUNT_LOCK_SLOTS 8U
#else
#define CONNCOUNT_LOCK_SLOTS 256U
#endif
#define CONNCOUNT_GC_MAX_NODES 8 #define CONNCOUNT_GC_MAX_NODES 8
#define MAX_KEYLEN 5 #define MAX_KEYLEN 5
@ -60,7 +54,7 @@ struct nf_conncount_rb {
struct rcu_head rcu_head; struct rcu_head rcu_head;
}; };
static spinlock_t nf_conncount_locks[CONNCOUNT_LOCK_SLOTS] __cacheline_aligned_in_smp; static spinlock_t nf_conncount_locks[CONNCOUNT_SLOTS] __cacheline_aligned_in_smp;
struct nf_conncount_data { struct nf_conncount_data {
unsigned int keylen; unsigned int keylen;
@ -353,7 +347,7 @@ insert_tree(struct net *net,
unsigned int count = 0, gc_count = 0; unsigned int count = 0, gc_count = 0;
bool node_found = false; bool node_found = false;
spin_lock_bh(&nf_conncount_locks[hash % CONNCOUNT_LOCK_SLOTS]); spin_lock_bh(&nf_conncount_locks[hash]);
parent = NULL; parent = NULL;
rbnode = &(root->rb_node); rbnode = &(root->rb_node);
@ -430,7 +424,7 @@ insert_tree(struct net *net,
rb_link_node_rcu(&rbconn->node, parent, rbnode); rb_link_node_rcu(&rbconn->node, parent, rbnode);
rb_insert_color(&rbconn->node, root); rb_insert_color(&rbconn->node, root);
out_unlock: out_unlock:
spin_unlock_bh(&nf_conncount_locks[hash % CONNCOUNT_LOCK_SLOTS]); spin_unlock_bh(&nf_conncount_locks[hash]);
return count; return count;
} }
@ -499,7 +493,7 @@ static void tree_gc_worker(struct work_struct *work)
struct rb_node *node; struct rb_node *node;
unsigned int tree, next_tree, gc_count = 0; unsigned int tree, next_tree, gc_count = 0;
tree = data->gc_tree % CONNCOUNT_LOCK_SLOTS; tree = data->gc_tree % CONNCOUNT_SLOTS;
root = &data->root[tree]; root = &data->root[tree];
rcu_read_lock(); rcu_read_lock();
@ -621,10 +615,7 @@ static int __init nf_conncount_modinit(void)
{ {
int i; int i;
BUILD_BUG_ON(CONNCOUNT_LOCK_SLOTS > CONNCOUNT_SLOTS); for (i = 0; i < CONNCOUNT_SLOTS; ++i)
BUILD_BUG_ON((CONNCOUNT_SLOTS % CONNCOUNT_LOCK_SLOTS) != 0);
for (i = 0; i < CONNCOUNT_LOCK_SLOTS; ++i)
spin_lock_init(&nf_conncount_locks[i]); spin_lock_init(&nf_conncount_locks[i]);
conncount_conn_cachep = kmem_cache_create("nf_conncount_tuple", conncount_conn_cachep = kmem_cache_create("nf_conncount_tuple",