From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 03/15] netfilter: nf_tables: skip synchronize_rcu if transaction log is empty
Date: Mon, 14 May 2018 00:36:44 +0200 [thread overview]
Message-ID: <20180513223656.10077-4-pablo@netfilter.org> (raw)
In-Reply-To: <20180513223656.10077-1-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
After processing the transaction log, the remaining entries of the log
need to be released.
However, in some cases no entries remain, e.g. because the transaction
did not remove anything.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 04d4e3772584..785d7fcf1fe1 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5761,7 +5761,7 @@ static void nft_chain_commit_update(struct nft_trans *trans)
}
}
-static void nf_tables_commit_release(struct nft_trans *trans)
+static void nft_commit_release(struct nft_trans *trans)
{
switch (trans->msg_type) {
case NFT_MSG_DELTABLE:
@@ -5790,6 +5790,21 @@ static void nf_tables_commit_release(struct nft_trans *trans)
kfree(trans);
}
+static void nf_tables_commit_release(struct net *net)
+{
+ struct nft_trans *trans, *next;
+
+ if (list_empty(&net->nft.commit_list))
+ return;
+
+ synchronize_rcu();
+
+ list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
+ list_del(&trans->list);
+ nft_commit_release(trans);
+ }
+}
+
static int nf_tables_commit(struct net *net, struct sk_buff *skb)
{
struct nft_trans *trans, *next;
@@ -5920,13 +5935,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
}
}
- synchronize_rcu();
-
- list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
- list_del(&trans->list);
- nf_tables_commit_release(trans);
- }
-
+ nf_tables_commit_release(net);
nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
return 0;
--
2.11.0
next prev parent reply other threads:[~2018-05-13 22:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-13 22:36 [PATCH 00/15] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 01/15] netfilter: Fix handling simultaneous open in TCP conntrack Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 02/15] netfilter: x_tables: check name length in find_match/target, too Pablo Neira Ayuso
2018-05-13 22:36 ` Pablo Neira Ayuso [this message]
2018-05-13 22:36 ` [PATCH 04/15] netfilter: bridge: stp fix reference to uninitialized data Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 05/15] netfilter: nf_tables: nft_compat: fix refcount leak on xt module Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 06/15] ipvs: fix refcount usage for conns in ops mode Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 07/15] ipvs: fix stats update from local clients Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 08/15] netfilter: core: add missing __rcu annotation Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 09/15] netfilter: prefer nla_strlcpy for dealing with NLA_STRING attributes Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 10/15] netfilter: x_tables: add module alias for icmp matches Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 11/15] netfilter: nf_tables: don't assume chain stats are set when jumplabel is set Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 12/15] netfilter: nft_compat: prepare for indirect info storage Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 13/15] netfilter: nft_compat: fix handling of large matchinfo size Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 14/15] netfilter: nf_tables: bogus EBUSY in chain deletions Pablo Neira Ayuso
2018-05-13 22:36 ` [PATCH 15/15] netfilter: nf_tables: fix memory leak on error exit return Pablo Neira Ayuso
2018-05-14 1:05 ` [PATCH 00/15] Netfilter/IPVS fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180513223656.10077-4-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).