From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 03/34] netfilter: ipset: Introduce RCU locking in bitmap:* types
Date: Fri, 8 May 2015 01:01:58 +0200 [thread overview]
Message-ID: <20150507230158.GA3407@salvia> (raw)
In-Reply-To: <1430587703-3387-4-git-send-email-kadlec@blackhole.kfki.hu>
On Sat, May 02, 2015 at 07:27:52PM +0200, Jozsef Kadlecsik wrote:
> There's nothing much required because the bitmap types use atomic
> bit operations. However the logic of adding elements slightly changed:
> first the MAC address updated (which is not atomic), then the element
> activated (added).
>
> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> ---
> net/netfilter/ipset/ip_set_bitmap_gen.h | 14 ++++++++++----
> net/netfilter/ipset/ip_set_bitmap_ip.c | 3 ++-
> net/netfilter/ipset/ip_set_bitmap_ipmac.c | 13 +++++++++++--
> net/netfilter/ipset/ip_set_bitmap_port.c | 3 ++-
> 4 files changed, 25 insertions(+), 8 deletions(-)
>
[...]
> diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
> index 55b083e..487513b 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_ip.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
> @@ -80,7 +80,7 @@ static inline int
> bitmap_ip_do_add(const struct bitmap_ip_adt_elem *e, struct bitmap_ip *map,
> u32 flags, size_t dsize)
> {
> - return !!test_and_set_bit(e->id, map->members);
> + return !!test_bit(e->id, map->members);
> }
>
> static inline int
> @@ -377,6 +377,7 @@ bitmap_ip_init(void)
> static void __exit
> bitmap_ip_fini(void)
> {
> + rcu_barrier();
You need the rcu_barrier() if you kfree_rcu() or call_rcu().
Basically, this makes sure that rcu gives a chance to deferred
callbacks to run. I don't see any of this in this patch, so this may
have slipped through or it may not necessary.
> diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> index 8610474..8f3f1cd 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> @@ -146,15 +146,23 @@ bitmap_ipmac_do_add(const struct bitmap_ipmac_adt_elem *e,
> struct bitmap_ipmac_elem *elem;
>
> elem = get_elem(map->extensions, e->id, dsize);
> - if (test_and_set_bit(e->id, map->members)) {
> + if (test_bit(e->id, map->members)) {
> if (elem->filled == MAC_FILLED) {
> - if (e->ether && (flags & IPSET_FLAG_EXIST))
> + if (e->ether &&
> + (flags & IPSET_FLAG_EXIST) &&
> + !ether_addr_equal(e->ether, elem->ether)) {
> + /* memcpy isn't atomic */
> + clear_bit(e->id, map->members);
> + smp_mb__after_atomic();
> memcpy(elem->ether, e->ether, ETH_ALEN);
> + }
> return IPSET_ADD_FAILED;
> } else if (!e->ether)
> /* Already added without ethernet address */
> return IPSET_ADD_FAILED;
> /* Fill the MAC address and trigger the timer activation */
> + clear_bit(e->id, map->members);
> + smp_mb__after_atomic();
> memcpy(elem->ether, e->ether, ETH_ALEN);
> elem->filled = MAC_FILLED;
> return IPSET_ADD_START_STORED_TIMEOUT;
> @@ -414,6 +422,7 @@ bitmap_ipmac_init(void)
> static void __exit
> bitmap_ipmac_fini(void)
> {
> + rcu_barrier();
Same thing here.
> ip_set_type_unregister(&bitmap_ipmac_type);
> }
>
> diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
> index 005dd36..e69619a 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_port.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_port.c
> @@ -73,7 +73,7 @@ static inline int
> bitmap_port_do_add(const struct bitmap_port_adt_elem *e,
> struct bitmap_port *map, u32 flags, size_t dsize)
> {
> - return !!test_and_set_bit(e->id, map->members);
> + return !!test_bit(e->id, map->members);
> }
>
> static inline int
> @@ -311,6 +311,7 @@ bitmap_port_init(void)
> static void __exit
> bitmap_port_fini(void)
> {
> + rcu_barrier();
And here.
next prev parent reply other threads:[~2015-05-07 22:57 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-02 17:27 [PATCH 00/34] ipset patches for nf-next Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 01/34] netfilter: ipset: Remove rbtree from hash:net,iface Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 02/34] netfilter: ipset: Prepare the ipset core to use RCU at set level Jozsef Kadlecsik
2015-05-07 23:39 ` Pablo Neira Ayuso
2015-05-08 19:58 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 03/34] netfilter: ipset: Introduce RCU locking in bitmap:* types Jozsef Kadlecsik
2015-05-07 23:01 ` Pablo Neira Ayuso [this message]
2015-05-08 19:57 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 04/34] netfilter: ipset: Introduce RCU locking in hash:* types Jozsef Kadlecsik
2015-05-07 23:52 ` Pablo Neira Ayuso
2015-05-08 20:13 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 05/34] netfilter: ipset: Introduce RCU locking in list type Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 06/34] netfilter: ipset: Fix parallel resizing and listing of the same set Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 07/34] netfilter: ipset: Fix sparse warning Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 08/34] netfilter: ipset: Use MSEC_PER_SEC consistently Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 09/34] netfilter: ipset: Give a better name to a macro in ip_set_core.c Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 10/34] netfilter: ipset: Missing rcu protection in mtype_list() fixed Jozsef Kadlecsik
2015-05-07 18:19 ` Pablo Neira Ayuso
2015-05-08 0:03 ` Pablo Neira Ayuso
2015-05-08 20:15 ` Jozsef Kadlecsik
2015-05-13 16:32 ` Pablo Neira Ayuso
2015-05-15 20:04 ` Jozsef Kadlecsik
2015-05-08 19:55 ` Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 11/34] netfilter: ipset: Make sure listing doesn't grab a set which is just being destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 12/34] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 13/34] netfilter: ipset: Fix cidr handling for hash:*net* types Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 14/34] netfilter: ipset: Properly calculate extensions offsets and total length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 15/34] netfilter: ipset: Make sure bit operations are not reordered Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 16/34] netfilter: ipset: No need to make nomatch bitfield Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 17/34] netfilter: ipset: Preprocessor directices cleanup Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 18/34] netfilter: ipset: Return ipset error instead of bool Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 19/34] netfilter: ipset: Use SET_WITH_*() helpers to test set extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 20/34] netfilter: ipset: Check extensions attributes before getting extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 21/34] netfilter: ipset: Check IPSET_ATTR_PORT only once Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 22/34] netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 23/34] netfilter: ipset: Permit CIDR equal to the host address CIDR in IPv6 Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 24/34] netfilter: ipset: Make sure we always return line number on batch Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 25/34] netfilter: ipset: Check CIDR value only when attribute is given Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 26/34] netfilter: ipset: Return bool values instead of int Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 27/34] netfilter: ipset: Check for comment netlink attribute length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 28/34] netfilter: ipset: Fix ext_*() macros Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 29/34] netfilter: ipset: Fix hashing for ipv6 sets Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 30/34] netfilter: ipset: Improve preprocessor macros checks Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 31/34] netfilter: ipset: Make sure dumping can't grab set being just destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 32/34] netfilter: ipset: RCU safe comment extension handling Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 33/34] netfilter: ipset: Fix coding styles reported by checkpatch.pl Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 34/34] netfilter: ipset: Use better include files in xt_set.c Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150507230158.GA3407@salvia \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).