netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal
@ 2021-04-14 16:12 Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 1/3] flow: remove spi key from flowi struct Florian Westphal
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Florian Westphal @ 2021-04-14 16:12 UTC (permalink / raw)
  To: netdev; +Cc: steffen.klassert, davem, kuba, herbert, Florian Westphal

First patch gets rid of SPI key from flowi struct.
xfrm_policy populates this but there are no consumers.

This is part of a different patch (not part of this) to replace
xfrm_decode_session internals with the flow dissector.

Second patch removes a synchronize_rcu/initialisation in the init path.
Third patch avoids a synchronize_rcu during netns destruction.

Florian Westphal (3):
  flow: remove spi key from flowi struct
  xfrm: remove stray synchronize_rcu from xfrm_init
  xfrm: avoid synchronize_rcu during netns destruction

 include/net/flow.h     |  3 ---
 net/xfrm/xfrm_policy.c | 42 ------------------------------------------
 net/xfrm/xfrm_user.c   | 10 +++++++---
 3 files changed, 7 insertions(+), 48 deletions(-)

-- 
2.26.3


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH ipsec-next 1/3] flow: remove spi key from flowi struct
  2021-04-14 16:12 [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Florian Westphal
@ 2021-04-14 16:12 ` Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 2/3] xfrm: remove stray synchronize_rcu from xfrm_init Florian Westphal
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Florian Westphal @ 2021-04-14 16:12 UTC (permalink / raw)
  To: netdev; +Cc: steffen.klassert, davem, kuba, herbert, Florian Westphal

xfrm session decode ipv4 path (but not ipv6) sets this, but there are no
consumers.  Remove it.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 include/net/flow.h     |  3 ---
 net/xfrm/xfrm_policy.c | 39 ---------------------------------------
 2 files changed, 42 deletions(-)

diff --git a/include/net/flow.h b/include/net/flow.h
index 39d0cedcddee..6f5e70240071 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -59,7 +59,6 @@ union flowi_uli {
 		__le16	sport;
 	} dnports;
 
-	__be32		spi;
 	__be32		gre_key;
 
 	struct {
@@ -90,7 +89,6 @@ struct flowi4 {
 #define fl4_dport		uli.ports.dport
 #define fl4_icmp_type		uli.icmpt.type
 #define fl4_icmp_code		uli.icmpt.code
-#define fl4_ipsec_spi		uli.spi
 #define fl4_mh_type		uli.mht.type
 #define fl4_gre_key		uli.gre_key
 } __attribute__((__aligned__(BITS_PER_LONG/8)));
@@ -150,7 +148,6 @@ struct flowi6 {
 #define fl6_dport		uli.ports.dport
 #define fl6_icmp_type		uli.icmpt.type
 #define fl6_icmp_code		uli.icmpt.code
-#define fl6_ipsec_spi		uli.spi
 #define fl6_mh_type		uli.mht.type
 #define fl6_gre_key		uli.gre_key
 	__u32			mp_hash;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b74f28cabe24..c49f20657cdb 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3326,39 +3326,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse)
 				fl4->fl4_icmp_code = icmp[1];
 			}
 			break;
-		case IPPROTO_ESP:
-			if (xprth + 4 < skb->data ||
-			    pskb_may_pull(skb, xprth + 4 - skb->data)) {
-				__be32 *ehdr;
-
-				xprth = skb_network_header(skb) + ihl * 4;
-				ehdr = (__be32 *)xprth;
-
-				fl4->fl4_ipsec_spi = ehdr[0];
-			}
-			break;
-		case IPPROTO_AH:
-			if (xprth + 8 < skb->data ||
-			    pskb_may_pull(skb, xprth + 8 - skb->data)) {
-				__be32 *ah_hdr;
-
-				xprth = skb_network_header(skb) + ihl * 4;
-				ah_hdr = (__be32 *)xprth;
-
-				fl4->fl4_ipsec_spi = ah_hdr[1];
-			}
-			break;
-		case IPPROTO_COMP:
-			if (xprth + 4 < skb->data ||
-			    pskb_may_pull(skb, xprth + 4 - skb->data)) {
-				__be16 *ipcomp_hdr;
-
-				xprth = skb_network_header(skb) + ihl * 4;
-				ipcomp_hdr = (__be16 *)xprth;
-
-				fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
-			}
-			break;
 		case IPPROTO_GRE:
 			if (xprth + 12 < skb->data ||
 			    pskb_may_pull(skb, xprth + 12 - skb->data)) {
@@ -3377,7 +3344,6 @@ decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse)
 			}
 			break;
 		default:
-			fl4->fl4_ipsec_spi = 0;
 			break;
 		}
 	}
@@ -3470,12 +3436,7 @@ decode_session6(struct sk_buff *skb, struct flowi *fl, bool reverse)
 			fl6->flowi6_proto = nexthdr;
 			return;
 #endif
-		/* XXX Why are there these headers? */
-		case IPPROTO_AH:
-		case IPPROTO_ESP:
-		case IPPROTO_COMP:
 		default:
-			fl6->fl6_ipsec_spi = 0;
 			fl6->flowi6_proto = nexthdr;
 			return;
 		}
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH ipsec-next 2/3] xfrm: remove stray synchronize_rcu from xfrm_init
  2021-04-14 16:12 [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 1/3] flow: remove spi key from flowi struct Florian Westphal
@ 2021-04-14 16:12 ` Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 3/3] xfrm: avoid synchronize_rcu during netns destruction Florian Westphal
  2021-04-20 11:56 ` [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Steffen Klassert
  3 siblings, 0 replies; 5+ messages in thread
From: Florian Westphal @ 2021-04-14 16:12 UTC (permalink / raw)
  To: netdev; +Cc: steffen.klassert, davem, kuba, herbert, Florian Westphal

This function is called during boot, from ipv4 stack, there is no need
to set the pointer to NULL (static storage duration, so already NULL).

No need for the synchronize_rcu either.  Remove both.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/xfrm/xfrm_policy.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c49f20657cdb..59691611a9ab 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -4134,9 +4134,6 @@ void __init xfrm_init(void)
 #ifdef CONFIG_XFRM_ESPINTCP
 	espintcp_init();
 #endif
-
-	RCU_INIT_POINTER(xfrm_if_cb, NULL);
-	synchronize_rcu();
 }
 
 #ifdef CONFIG_AUDITSYSCALL
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH ipsec-next 3/3] xfrm: avoid synchronize_rcu during netns destruction
  2021-04-14 16:12 [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 1/3] flow: remove spi key from flowi struct Florian Westphal
  2021-04-14 16:12 ` [PATCH ipsec-next 2/3] xfrm: remove stray synchronize_rcu from xfrm_init Florian Westphal
@ 2021-04-14 16:12 ` Florian Westphal
  2021-04-20 11:56 ` [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Steffen Klassert
  3 siblings, 0 replies; 5+ messages in thread
From: Florian Westphal @ 2021-04-14 16:12 UTC (permalink / raw)
  To: netdev; +Cc: steffen.klassert, davem, kuba, herbert, Florian Westphal

Use the new exit_pre hook to NULL the netlink socket.
The net namespace core will do a synchronize_rcu() between the exit_pre
and exit/exit_batch handlers.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/xfrm/xfrm_user.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5a0ef4361e43..9313592fa01f 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -3480,18 +3480,22 @@ static int __net_init xfrm_user_net_init(struct net *net)
 	return 0;
 }
 
+static void __net_exit xfrm_user_net_pre_exit(struct net *net)
+{
+	RCU_INIT_POINTER(net->xfrm.nlsk, NULL);
+}
+
 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list)
 {
 	struct net *net;
-	list_for_each_entry(net, net_exit_list, exit_list)
-		RCU_INIT_POINTER(net->xfrm.nlsk, NULL);
-	synchronize_net();
+
 	list_for_each_entry(net, net_exit_list, exit_list)
 		netlink_kernel_release(net->xfrm.nlsk_stash);
 }
 
 static struct pernet_operations xfrm_user_net_ops = {
 	.init	    = xfrm_user_net_init,
+	.pre_exit   = xfrm_user_net_pre_exit,
 	.exit_batch = xfrm_user_net_exit,
 };
 
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal
  2021-04-14 16:12 [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Florian Westphal
                   ` (2 preceding siblings ...)
  2021-04-14 16:12 ` [PATCH ipsec-next 3/3] xfrm: avoid synchronize_rcu during netns destruction Florian Westphal
@ 2021-04-20 11:56 ` Steffen Klassert
  3 siblings, 0 replies; 5+ messages in thread
From: Steffen Klassert @ 2021-04-20 11:56 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netdev, davem, kuba, herbert

On Wed, Apr 14, 2021 at 06:12:50PM +0200, Florian Westphal wrote:
> First patch gets rid of SPI key from flowi struct.
> xfrm_policy populates this but there are no consumers.
> 
> This is part of a different patch (not part of this) to replace
> xfrm_decode_session internals with the flow dissector.
> 
> Second patch removes a synchronize_rcu/initialisation in the init path.
> Third patch avoids a synchronize_rcu during netns destruction.
> 
> Florian Westphal (3):
>   flow: remove spi key from flowi struct
>   xfrm: remove stray synchronize_rcu from xfrm_init
>   xfrm: avoid synchronize_rcu during netns destruction

Applied, thanks a lot Florian!

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-04-20 11:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-14 16:12 [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Florian Westphal
2021-04-14 16:12 ` [PATCH ipsec-next 1/3] flow: remove spi key from flowi struct Florian Westphal
2021-04-14 16:12 ` [PATCH ipsec-next 2/3] xfrm: remove stray synchronize_rcu from xfrm_init Florian Westphal
2021-04-14 16:12 ` [PATCH ipsec-next 3/3] xfrm: avoid synchronize_rcu during netns destruction Florian Westphal
2021-04-20 11:56 ` [PATCH ipsec-next 0/3] xfrm: minor cleanup and synchronize_rcu removal Steffen Klassert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).