From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 03/34] netfilter: ipset: Introduce RCU locking in bitmap:* types
Date: Fri, 8 May 2015 01:01:58 +0200 [thread overview]
Message-ID: <20150507230158.GA3407@salvia> (raw)
In-Reply-To: <1430587703-3387-4-git-send-email-kadlec@blackhole.kfki.hu>
On Sat, May 02, 2015 at 07:27:52PM +0200, Jozsef Kadlecsik wrote:
> There's nothing much required because the bitmap types use atomic
> bit operations. However the logic of adding elements slightly changed:
> first the MAC address updated (which is not atomic), then the element
> activated (added).
>
> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> ---
> net/netfilter/ipset/ip_set_bitmap_gen.h | 14 ++++++++++----
> net/netfilter/ipset/ip_set_bitmap_ip.c | 3 ++-
> net/netfilter/ipset/ip_set_bitmap_ipmac.c | 13 +++++++++++--
> net/netfilter/ipset/ip_set_bitmap_port.c | 3 ++-
> 4 files changed, 25 insertions(+), 8 deletions(-)
>
[...]
> diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
> index 55b083e..487513b 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_ip.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
> @@ -80,7 +80,7 @@ static inline int
> bitmap_ip_do_add(const struct bitmap_ip_adt_elem *e, struct bitmap_ip *map,
> u32 flags, size_t dsize)
> {
> - return !!test_and_set_bit(e->id, map->members);
> + return !!test_bit(e->id, map->members);
> }
>
> static inline int
> @@ -377,6 +377,7 @@ bitmap_ip_init(void)
> static void __exit
> bitmap_ip_fini(void)
> {
> + rcu_barrier();
You need the rcu_barrier() if you kfree_rcu() or call_rcu().
Basically, this makes sure that rcu gives a chance to deferred
callbacks to run. I don't see any of this in this patch, so this may
have slipped through or it may not necessary.
> diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> index 8610474..8f3f1cd 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> @@ -146,15 +146,23 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
> struct bitmap_ipmac_elem *elem;
>
> elem = get_elem(map->extensions, e->id, dsize);
> - if (test_and_set_bit(e->id, map->members)) {
> + if (test_bit(e->id, map->members)) {
> if (elem->filled == MAC_FILLED) {
> - if (e->ether && (flags & IPSET_FLAG_EXIST))
> + if (e->ether &&
> + (flags & IPSET_FLAG_EXIST) &&
> + !ether_addr_equal(e->ether, elem->ether)) {
> + /* memcpy isn't atomic */
> + clear_bit(e->id, map->members);
> + smp_mb__after_atomic();
> memcpy(elem->ether, e->ether, ETH_ALEN);
> + }
> return IPSET_ADD_FAILED;
> } else if (!e->ether)
> /* Already added without ethernet address */
> return IPSET_ADD_FAILED;
> /* Fill the MAC address and trigger the timer activation */
> + clear_bit(e->id, map->members);
> + smp_mb__after_atomic();
> memcpy(elem->ether, e->ether, ETH_ALEN);
> elem->filled = MAC_FILLED;
> return IPSET_ADD_START_STORED_TIMEOUT;
> @@ -414,6 +422,7 @@ bitmap_ipmac_init(void)
> static void __exit
> bitmap_ipmac_fini(void)
> {
> + rcu_barrier();
Same thing here.
> ip_set_type_unregister(&bitmap_ipmac_type);
> }
>
> diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
> index 005dd36..e69619a 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_port.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_port.c
> @@ -73,7 +73,7 @@ static inline int
> bitmap_port_do_add(const struct bitmap_port_adt_elem *e,
> struct bitmap_port *map, u32 flags, size_t dsize)
> {
> - return !!test_and_set_bit(e->id, map->members);
> + return !!test_bit(e->id, map->members);
> }
>
> static inline int
> @@ -311,6 +311,7 @@ bitmap_port_init(void)
> static void __exit
> bitmap_port_fini(void)
> {
> + rcu_barrier();
And here.
next prev parent reply other threads:[~2015-05-07 22:57 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-02 17:27 [PATCH 00/34] ipset patches for nf-next Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 01/34] netfilter: ipset: Remove rbtree from hash:net,iface Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 02/34] netfilter: ipset: Prepare the ipset core to use RCU at set level Jozsef Kadlecsik
2015-05-07 23:39 ` Pablo Neira Ayuso
2015-05-08 19:58 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 03/34] netfilter: ipset: Introduce RCU locking in bitmap:* types Jozsef Kadlecsik
2015-05-07 23:01 ` Pablo Neira Ayuso [this message]
2015-05-08 19:57 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 04/34] netfilter: ipset: Introduce RCU locking in hash:* types Jozsef Kadlecsik
2015-05-07 23:52 ` Pablo Neira Ayuso
2015-05-08 20:13 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 05/34] netfilter: ipset: Introduce RCU locking in list type Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 06/34] netfilter: ipset: Fix parallel resizing and listing of the same set Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 07/34] netfilter: ipset: Fix sparse warning Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 08/34] netfilter: ipset: Use MSEC_PER_SEC consistently Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 09/34] netfilter: ipset: Give a better name to a macro in ip_set_core.c Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 10/34] netfilter: ipset: Missing rcu protection in mtype_list() fixed Jozsef Kadlecsik
2015-05-07 18:19 ` Pablo Neira Ayuso
2015-05-08 0:03 ` Pablo Neira Ayuso
2015-05-08 20:15 ` Jozsef Kadlecsik
2015-05-13 16:32 ` Pablo Neira Ayuso
2015-05-15 20:04 ` Jozsef Kadlecsik
2015-05-08 19:55 ` Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 11/34] netfilter: ipset: Make sure listing doesn't grab a set which is just being destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 12/34] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 13/34] netfilter: ipset: Fix cidr handling for hash:*net* types Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 14/34] netfilter: ipset: Properly calculate extensions offsets and total length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 15/34] netfilter: ipset: Make sure bit operations are not reordered Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 16/34] netfilter: ipset: No need to make nomatch bitfield Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 17/34] netfilter: ipset: Preprocessor directices cleanup Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 18/34] netfilter: ipset: Return ipset error instead of bool Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 19/34] netfilter: ipset: Use SET_WITH_*() helpers to test set extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 20/34] netfilter: ipset: Check extensions attributes before getting extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 21/34] netfilter: ipset: Check IPSET_ATTR_PORT only once Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 22/34] netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 23/34] netfilter: ipset: Permit CIDR equal to the host address CIDR in IPv6 Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 24/34] netfilter: ipset: Make sure we always return line number on batch Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 25/34] netfilter: ipset: Check CIDR value only when attribute is given Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 26/34] netfilter: ipset: Return bool values instead of int Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 27/34] netfilter: ipset: Check for comment netlink attribute length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 28/34] netfilter: ipset: Fix ext_*() macros Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 29/34] netfilter: ipset: Fix hashing for ipv6 sets Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 30/34] netfilter: ipset: Improve preprocessor macros checks Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 31/34] netfilter: ipset: Make sure dumping can't grab set being just destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 32/34] netfilter: ipset: RCU safe comment extension handling Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 33/34] netfilter: ipset: Fix coding styles reported by checkpatch.pl Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 34/34] netfilter: ipset: Use better include files in xt_set.c Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150507230158.GA3407@salvia \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.