From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>, Dan Williams <dcbw@redhat.com>,
Eric Dumazet <edumazet@google.com>
Subject: [PATCH v3 nf-next 1/2] netfilter: x_tables: wait until old table isn't used anymore
Date: Wed, 11 Oct 2017 16:26:06 +0200 [thread overview]
Message-ID: <20171011142607.15026-2-fw@strlen.de> (raw)
In-Reply-To: <20171011142607.15026-1-fw@strlen.de>
xt_replace_table relies on table replacement counter retrieval (which
uses xt_recseq to synchronize pcpu counters).
This is fine, however with large rule set get_counters() can take
a very long time -- it needs to synchronize all counters because
it has to assume concurrent modifications can occur.
Make xt_replace_table synchronize by itself by waiting until all cpus
had an even seqcount.
This allows a followup patch to copy the counters of the old ruleset
without any synchonization after xt_replace_table has completed.
Cc: Dan Williams <dcbw@redhat.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
v3: check for 'seq is uneven' OR 'has changed' since
last check. Its fine if seq is uneven iff its a different
sequence number than the initial one.
v2: fix Erics email address
net/netfilter/x_tables.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index c83a3b5e1c6c..ffd1c7a76e29 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1153,6 +1153,7 @@ xt_replace_table(struct xt_table *table,
int *error)
{
struct xt_table_info *private;
+ unsigned int cpu;
int ret;
ret = xt_jumpstack_alloc(newinfo);
@@ -1184,12 +1185,23 @@ xt_replace_table(struct xt_table *table,
/*
* Even though table entries have now been swapped, other CPU's
- * may still be using the old entries. This is okay, because
- * resynchronization happens because of the locking done
- * during the get_counters() routine.
+ * may still be using the old entries...
*/
local_bh_enable();
+ /* ... so wait for even xt_recseq on all cpus */
+ for_each_possible_cpu(cpu) {
+ seqcount_t *s = &per_cpu(xt_recseq, cpu);
+ u32 seq = raw_read_seqcount(s);
+
+ if (seq & 1) {
+ do {
+ cond_resched();
+ cpu_relax();
+ } while (seq == raw_read_seqcount(s));
+ }
+ }
+
#ifdef CONFIG_AUDIT
if (audit_enabled) {
audit_log(current->audit_context, GFP_KERNEL,
--
2.13.6
next prev parent reply other threads:[~2017-10-11 14:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-11 14:26 [PATCH v3 nf-next 0/2] netfilter: x_tables: speed up iptables-restore Florian Westphal
2017-10-11 14:26 ` Florian Westphal [this message]
2017-10-11 15:09 ` [PATCH v3 nf-next 1/2] netfilter: x_tables: wait until old table isn't used anymore Eric Dumazet
2017-10-11 17:48 ` Florian Westphal
2017-10-11 17:57 ` Eric Dumazet
2017-10-11 18:18 ` Florian Westphal
2017-10-11 18:23 ` Eric Dumazet
2017-10-11 14:26 ` [PATCH v3 nf-next 2/2] netfilter: x_tables: don't use seqlock when fetching old counters Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171011142607.15026-2-fw@strlen.de \
--to=fw@strlen.de \
--cc=dcbw@redhat.com \
--cc=edumazet@google.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.