From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 06/33] netfilter: ipset: Fix sparse warnings due to missing rcu annotations
Date: Fri, 4 Oct 2013 10:32:51 +0200 [thread overview]
Message-ID: <1380875598-5250-7-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1380875598-5250-1-git-send-email-pablo@netfilter.org>
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_hash_gen.h | 87 +++++++++++++++++++++------------
1 file changed, 55 insertions(+), 32 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 7ff20ec..09a21dd 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -15,6 +15,8 @@
#define rcu_dereference_bh(p) rcu_dereference(p)
#endif
+#define rcu_dereference_bh_nfnl(p) rcu_dereference_bh_check(p, 1)
+
#define CONCAT(a, b) a##b
#define TOKEN(a, b) CONCAT(a, b)
@@ -269,7 +271,7 @@ hbucket_elem_add(struct hbucket *n, u8 ahash_max, size_t dsize)
/* The generic hash structure */
struct htype {
- struct htable *table; /* the hash table */
+ struct htable __rcu *table; /* the hash table */
u32 maxelem; /* max elements in the hash */
u32 elements; /* current element (vs timeout) */
u32 initval; /* random jhash init value */
@@ -347,10 +349,10 @@ mtype_del_cidr(struct htype *h, u8 cidr, u8 nets_length)
/* Calculate the actual memory size of the set data */
static size_t
-mtype_ahash_memsize(const struct htype *h, u8 nets_length)
+mtype_ahash_memsize(const struct htype *h, const struct htable *t,
+ u8 nets_length)
{
u32 i;
- struct htable *t = h->table;
size_t memsize = sizeof(*h)
+ sizeof(*t)
#ifdef IP_SET_HASH_WITH_NETS
@@ -369,10 +371,11 @@ static void
mtype_flush(struct ip_set *set)
{
struct htype *h = set->data;
- struct htable *t = h->table;
+ struct htable *t;
struct hbucket *n;
u32 i;
+ t = rcu_dereference_bh_nfnl(h->table);
for (i = 0; i < jhash_size(t->htable_bits); i++) {
n = hbucket(t, i);
if (n->size) {
@@ -397,7 +400,7 @@ mtype_destroy(struct ip_set *set)
if (set->extensions & IPSET_EXT_TIMEOUT)
del_timer_sync(&h->gc);
- ahash_destroy(h->table);
+ ahash_destroy(rcu_dereference_bh_nfnl(h->table));
#ifdef IP_SET_HASH_WITH_RBTREE
rbtree_destroy(&h->rbtree);
#endif
@@ -443,12 +446,14 @@ mtype_same_set(const struct ip_set *a, const struct ip_set *b)
static void
mtype_expire(struct htype *h, u8 nets_length, size_t dsize)
{
- struct htable *t = h->table;
+ struct htable *t;
struct hbucket *n;
struct mtype_elem *data;
u32 i;
int j;
+ rcu_read_lock_bh();
+ t = rcu_dereference_bh(h->table);
for (i = 0; i < jhash_size(t->htable_bits); i++) {
n = hbucket(t, i);
for (j = 0; j < n->pos; j++) {
@@ -481,6 +486,7 @@ mtype_expire(struct htype *h, u8 nets_length, size_t dsize)
n->value = tmp;
}
}
+ rcu_read_unlock_bh();
}
static void
@@ -505,7 +511,7 @@ static int
mtype_resize(struct ip_set *set, bool retried)
{
struct htype *h = set->data;
- struct htable *t, *orig = h->table;
+ struct htable *t, *orig = rcu_dereference_bh_nfnl(h->table);
u8 htable_bits = orig->htable_bits;
#ifdef IP_SET_HASH_WITH_NETS
u8 flags;
@@ -682,13 +688,15 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
struct ip_set_ext *mext, u32 flags)
{
struct htype *h = set->data;
- struct htable *t = h->table;
+ struct htable *t;
const struct mtype_elem *d = value;
struct mtype_elem *data;
struct hbucket *n;
- int i;
+ int i, ret = -IPSET_ERR_EXIST;
u32 key, multi = 0;
+ rcu_read_lock_bh();
+ t = rcu_dereference_bh(h->table);
key = HKEY(value, h->initval, t->htable_bits);
n = hbucket(t, key);
for (i = 0; i < n->pos; i++) {
@@ -697,7 +705,7 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
continue;
if (SET_WITH_TIMEOUT(set) &&
ip_set_timeout_expired(ext_timeout(data, h)))
- return -IPSET_ERR_EXIST;
+ goto out;
if (i != n->pos - 1)
/* Not last one */
memcpy(data, ahash_data(n, n->pos - 1, h->dsize),
@@ -712,17 +720,22 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,
void *tmp = kzalloc((n->size - AHASH_INIT_SIZE)
* h->dsize,
GFP_ATOMIC);
- if (!tmp)
- return 0;
+ if (!tmp) {
+ ret = 0;
+ goto out;
+ }
n->size -= AHASH_INIT_SIZE;
memcpy(tmp, n->value, n->size * h->dsize);
kfree(n->value);
n->value = tmp;
}
- return 0;
+ ret = 0;
+ goto out;
}
- return -IPSET_ERR_EXIST;
+out:
+ rcu_read_unlock_bh();
+ return ret;
}
static inline int
@@ -745,7 +758,7 @@ mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,
struct ip_set_ext *mext, u32 flags)
{
struct htype *h = set->data;
- struct htable *t = h->table;
+ struct htable *t = rcu_dereference_bh(h->table);
struct hbucket *n;
struct mtype_elem *data;
int i, j = 0;
@@ -785,18 +798,22 @@ mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,
struct ip_set_ext *mext, u32 flags)
{
struct htype *h = set->data;
- struct htable *t = h->table;
+ struct htable *t;
struct mtype_elem *d = value;
struct hbucket *n;
struct mtype_elem *data;
- int i;
+ int i, ret = 0;
u32 key, multi = 0;
+ rcu_read_lock_bh();
+ t = rcu_dereference_bh(h->table);
#ifdef IP_SET_HASH_WITH_NETS
/* If we test an IP address and not a network address,
* try all possible network sizes */
- if (CIDR(d->cidr) == SET_HOST_MASK(set->family))
- return mtype_test_cidrs(set, d, ext, mext, flags);
+ if (CIDR(d->cidr) == SET_HOST_MASK(set->family)) {
+ ret = mtype_test_cidrs(set, d, ext, mext, flags);
+ goto out;
+ }
#endif
key = HKEY(d, h->initval, t->htable_bits);
@@ -805,10 +822,14 @@ mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,
data = ahash_data(n, i, h->dsize);
if (mtype_data_equal(data, d, &multi) &&
!(SET_WITH_TIMEOUT(set) &&
- ip_set_timeout_expired(ext_timeout(data, h))))
- return mtype_data_match(data, ext, mext, set, flags);
+ ip_set_timeout_expired(ext_timeout(data, h)))) {
+ ret = mtype_data_match(data, ext, mext, set, flags);
+ goto out;
+ }
}
- return 0;
+out:
+ rcu_read_unlock_bh();
+ return ret;
}
/* Reply a HEADER request: fill out the header part of the set */
@@ -816,18 +837,18 @@ static int
mtype_head(struct ip_set *set, struct sk_buff *skb)
{
const struct htype *h = set->data;
+ const struct htable *t;
struct nlattr *nested;
size_t memsize;
- read_lock_bh(&set->lock);
- memsize = mtype_ahash_memsize(h, NETS_LENGTH(set->family));
- read_unlock_bh(&set->lock);
+ t = rcu_dereference_bh_nfnl(h->table);
+ memsize = mtype_ahash_memsize(h, t, NETS_LENGTH(set->family));
nested = ipset_nest_start(skb, IPSET_ATTR_DATA);
if (!nested)
goto nla_put_failure;
if (nla_put_net32(skb, IPSET_ATTR_HASHSIZE,
- htonl(jhash_size(h->table->htable_bits))) ||
+ htonl(jhash_size(t->htable_bits))) ||
nla_put_net32(skb, IPSET_ATTR_MAXELEM, htonl(h->maxelem)))
goto nla_put_failure;
#ifdef IP_SET_HASH_WITH_NETMASK
@@ -856,7 +877,7 @@ mtype_list(const struct ip_set *set,
struct sk_buff *skb, struct netlink_callback *cb)
{
const struct htype *h = set->data;
- const struct htable *t = h->table;
+ const struct htable *t = rcu_dereference_bh_nfnl(h->table);
struct nlattr *atd, *nested;
const struct hbucket *n;
const struct mtype_elem *e;
@@ -956,6 +977,7 @@ TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
#endif
size_t hsize;
struct HTYPE *h;
+ struct htable *t;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
@@ -1013,12 +1035,13 @@ TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
kfree(h);
return -ENOMEM;
}
- h->table = ip_set_alloc(hsize);
- if (!h->table) {
+ t = ip_set_alloc(hsize);
+ if (!t) {
kfree(h);
return -ENOMEM;
}
- h->table->htable_bits = hbits;
+ t->htable_bits = hbits;
+ rcu_assign_pointer(h->table, t);
set->data = h;
if (set->family == NFPROTO_IPV4)
@@ -1096,8 +1119,8 @@ TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags)
}
pr_debug("create %s hashsize %u (%u) maxelem %u: %p(%p)\n",
- set->name, jhash_size(h->table->htable_bits),
- h->table->htable_bits, h->maxelem, set->data, h->table);
+ set->name, jhash_size(t->htable_bits),
+ t->htable_bits, h->maxelem, set->data, t);
return 0;
}
--
1.7.10.4
next prev parent reply other threads:[~2013-10-04 8:32 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-04 8:32 [PATCH 00/33] Netfilter updates for net-next Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 01/33] netfilter: nf_ct_sip: extend RCU read lock in set_expected_rtp_rtcp() Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 02/33] netfilter: xt_TCPMSS: Get mtu only if clamp-mss-to-pmtu is specified Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 03/33] netfilter: xt_TCPMSS: lookup route from proper net namespace Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 04/33] netfilter: ipset: Don't call ip_nest_end needlessly in the error path Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 05/33] netfilter: ipset: Sparse warning about shadowed variable fixed Pablo Neira Ayuso
2013-10-04 8:32 ` Pablo Neira Ayuso [this message]
2013-10-04 8:32 ` [PATCH 07/33] netfilter: ipset: Rename simple macro names to avoid namespace issues Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 08/33] netfilter: ipset: Fix "may be used uninitialized" warnings Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 09/33] netfilter: ipset: Use fix sized type for timeout in the extension part Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 10/33] netfilter: ipset: Support package fragments for IPv4 protos without ports Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 11/33] netfilter: ipset: order matches and targets separatedly in xt_set.c Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 12/33] netfilter: ipset: Introduce new operation to get both setname and family Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 13/33] netfilter: ipset: Prepare ipset to support multiple networks for hash types Pablo Neira Ayuso
2013-10-04 8:32 ` [PATCH 14/33] netfilter: ipset: Rename extension offset ids to extension ids Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 15/33] netfilter: ipset: Move extension data to set structure Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 16/33] netfilter: ipset: Generalize extensions support Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 17/33] netfilter: ipset: Support extensions which need a per data destroy function Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 18/33] netfilter: ipset: list:set: make sure all elements are checked by the gc Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 19/33] netfilter: ipset: Kconfig: ipset needs NETFILTER_NETLINK Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 20/33] netfilter: ipset: Add hash:net,net module to kernel Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 21/33] netfilter: ipset: Support comments for ipset entries in the core Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 22/33] netfilter: ipset: Support comments in bitmap-type ipsets Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 23/33] netfilter: ipset: Support comments in the list-type ipset Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 24/33] netfilter: ipset: Support comments in hash-type ipsets Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 25/33] netfilter: ipset: Fix hash resizing with comments Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 26/33] netfilter: ipset: For set:list types, replaced elements must be zeroed out Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 27/33] netfilter: ipset: Use a common function at listing the extensions Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 28/33] netfiler: ipset: Add net namespace for ipset Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 29/33] netfilter: ipset: Add hash:net,port,net module to kernel Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 30/33] netfilter: nfnetlink_queue: use proper net namespace to allocate skb Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 31/33] netfilter: nfnetlink_log: use proper net " Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 32/33] netfilter: nf_ct_sip: consolidate NAT hook functions Pablo Neira Ayuso
2013-10-04 8:33 ` [PATCH 33/33] netfilter: cttimeout: allow to set/get default protocol timeouts Pablo Neira Ayuso
2013-10-04 17:59 ` [PATCH 00/33] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380875598-5250-7-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).