From: Simon Horman <horms@kernel.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com,
edumazet@google.com, fw@strlen.de
Subject: Re: [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker
Date: Fri, 3 Nov 2023 17:34:42 +0000 [thread overview]
Message-ID: <20231103173442.GB768996@kernel.org> (raw)
In-Reply-To: <20231025212555.132775-3-pablo@netfilter.org>
On Wed, Oct 25, 2023 at 11:25:38PM +0200, Pablo Neira Ayuso wrote:
> From: Florian Westphal <fw@strlen.de>
>
> There is no need for asynchronous garbage collection, rbtree inserts
> can only happen from the netlink control plane.
>
> We already perform on-demand gc on insertion, in the area of the
> tree where the insertion takes place, but we don't do a full tree
> walk there for performance reasons.
>
> Do a full gc walk at the end of the transaction instead and
> remove the async worker.
>
> Signed-off-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
...
> @@ -515,11 +523,7 @@ static void nft_rbtree_remove(const struct net *net,
> struct nft_rbtree *priv = nft_set_priv(set);
> struct nft_rbtree_elem *rbe = elem->priv;
>
> - write_lock_bh(&priv->lock);
> - write_seqcount_begin(&priv->count);
> - rb_erase(&rbe->node, &priv->root);
> - write_seqcount_end(&priv->count);
> - write_unlock_bh(&priv->lock);
> + nft_rbtree_erase(priv, rbe);
> }
>
> static void nft_rbtree_activate(const struct net *net,
> @@ -613,45 +617,40 @@ static void nft_rbtree_walk(const struct nft_ctx *ctx,
> read_unlock_bh(&priv->lock);
> }
>
> -static void nft_rbtree_gc(struct work_struct *work)
> +static void nft_rbtree_gc_remove(struct net *net, struct nft_set *set,
> + struct nft_rbtree *priv,
> + struct nft_rbtree_elem *rbe)
> {
> + struct nft_set_elem elem = {
> + .priv = rbe,
> + };
> +
> + nft_setelem_data_deactivate(net, set, &elem);
> + nft_rbtree_erase(priv, rbe);
> +}
> +
> +static void nft_rbtree_gc(struct nft_set *set)
> +{
> + struct nft_rbtree *priv = nft_set_priv(set);
> struct nft_rbtree_elem *rbe, *rbe_end = NULL;
> struct nftables_pernet *nft_net;
Hi Florian and Pablo,
I understand that this patch has been accepted upstream,
and that by implication this feedback is rather slow,
but I noticed that with this patch nft_net is now
set but otherwise unused in this function.
As flagged by clang-16 and gcc-13 W=1 builds.
> - struct nft_rbtree *priv;
> + struct rb_node *node, *next;
> struct nft_trans_gc *gc;
> - struct rb_node *node;
> - struct nft_set *set;
> - unsigned int gc_seq;
> struct net *net;
>
> - priv = container_of(work, struct nft_rbtree, gc_work.work);
> set = nft_set_container_of(priv);
> net = read_pnet(&set->net);
> nft_net = nft_pernet(net);
> - gc_seq = READ_ONCE(nft_net->gc_seq);
>
> - if (nft_set_gc_is_pending(set))
> - goto done;
> -
> - gc = nft_trans_gc_alloc(set, gc_seq, GFP_KERNEL);
> + gc = nft_trans_gc_alloc(set, 0, GFP_KERNEL);
> if (!gc)
> - goto done;
> -
> - read_lock_bh(&priv->lock);
> - for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) {
> + return;
>
> - /* Ruleset has been updated, try later. */
> - if (READ_ONCE(nft_net->gc_seq) != gc_seq) {
> - nft_trans_gc_destroy(gc);
> - gc = NULL;
> - goto try_later;
> - }
> + for (node = rb_first(&priv->root); node ; node = next) {
> + next = rb_next(node);
>
> rbe = rb_entry(node, struct nft_rbtree_elem, node);
>
> - if (nft_set_elem_is_dead(&rbe->ext))
> - goto dead_elem;
> -
> /* elements are reversed in the rbtree for historical reasons,
> * from highest to lowest value, that is why end element is
> * always visited before the start element.
...
next prev parent reply other threads:[~2023-11-03 17:34 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-25 21:25 [PATCH net-next 00/19] Netfilter updates for net-next Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function Pablo Neira Ayuso
2023-10-26 13:30 ` patchwork-bot+netdevbpf
2023-10-25 21:25 ` [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker Pablo Neira Ayuso
2023-11-03 17:34 ` Simon Horman [this message]
2023-11-03 17:55 ` Florian Westphal
2023-10-25 21:25 ` [PATCH net-next 03/19] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 04/19] netfilter: nf_tables: Introduce nf_tables_getrule_single() Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 05/19] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 06/19] br_netfilter: use single forward hook for ip and arp Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 08/19] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 09/19] netfilter: nf_tables: Unconditionally allocate nft_obj_filter Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 10/19] netfilter: nf_tables: A better name for nft_obj_filter Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 11/19] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 12/19] netfilter: nf_tables: nft_obj_filter fits into cb->ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 13/19] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 14/19] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 15/19] netfilter: nf_tables: set backend .flush always succeeds Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 16/19] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 17/19] netfilter: nf_tables: shrink memory consumption of set elements Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 18/19] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 19/19] netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231103173442.GB768996@kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.