From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org, tgraf@suug.ch
Subject: Re: [PATCH 1/3] netfilter: nft_hash: no need for rcu in the hash set destroy path
Date: Tue, 2 Sep 2014 15:41:52 +0200 [thread overview]
Message-ID: <20140902134152.GA8790@salvia> (raw)
In-Reply-To: <20140902132813.GA29330@acer.localdomain>
On Tue, Sep 02, 2014 at 02:28:14PM +0100, Patrick McHardy wrote:
> > > Same thing applies to all other objects that don't have a unique identifier
> > > chosen by the kernel.
> >
> > All other objects are always notified in order from the commit path,
> > so they seem fine to me.
>
> You're right, this only seems to affect sets.
Yes, but only the sets that are released through
nf_tables_unbind_set().
> > > > The anonymous sets are problematic, we need to notify this from the
> > > > commit path too to ensure the right ordering. I was trying to avoid
> > > > some specific notify() interface in expr->ops but it seems we need it
> > > > for nft_lookup.c.
> > > >
> > > > Can you think of a better solution?
> > >
> > > No, unless we can come up with a way that's synchronous.
> >
> > I would really like not to go back to the two nearly consecutive
> > synchronize_rcu() calls, it's slow. I've been thinking on replacing
> > the current check in the packet path by static keys, but I didn't
> > manage to find the way yet.
>
> Which check exactly are you referring to?
>From the nft_do_chain:
list_for_each_entry_continue_rcu(rule, &chain->rules, list) {
/* This rule is not active, skip. */
if (unlikely(rule->genmask & (1 << gencursor)))
continue;
Plus the trick that uses the synchronize_rcu() from the commit path to
make sure all packets have left the previous generation to deactivate
the rule before we start removing them from the list.
next prev parent reply other threads:[~2014-09-02 13:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-02 9:38 [PATCH 1/3] netfilter: nft_hash: no need for rcu in the hash set destroy path Pablo Neira Ayuso
2014-09-02 9:38 ` [PATCH 2/3] netfilter: nft_rbtree: no need for spinlock from " Pablo Neira Ayuso
2014-09-02 11:11 ` Thomas Graf
2014-09-02 9:38 ` [PATCH 3/3] rhashtable: fix lockdep splat in rhashtable_destroy() Pablo Neira Ayuso
2014-09-02 11:02 ` Thomas Graf
2014-09-02 10:14 ` [PATCH 1/3] netfilter: nft_hash: no need for rcu in the hash set destroy path Patrick McHardy
2014-09-02 10:38 ` Pablo Neira Ayuso
2014-09-02 10:59 ` Patrick McHardy
2014-09-02 12:22 ` Pablo Neira Ayuso
2014-09-02 12:36 ` Thomas Graf
2014-09-02 13:28 ` Patrick McHardy
2014-09-02 13:41 ` Pablo Neira Ayuso [this message]
2014-09-02 14:00 ` Patrick McHardy
2014-09-02 11:02 ` Thomas Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140902134152.GA8790@salvia \
--to=pablo@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).