[PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
	pabeni@redhat.com, edumazet@google.com, fw@strlen.de
Subject: [PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t
Date: Wed, 25 Oct 2023 23:25:43 +0200	[thread overview]
Message-ID: <20231025212555.132775-8-pablo@netfilter.org> (raw)
In-Reply-To: <20231025212555.132775-1-pablo@netfilter.org>

From: Florian Westphal <fw@strlen.de>

The spinlock is back from the day when connabels did not have
a fixed size and reallocation had to be supported.

Remove it.  This change also allows to call the helpers from
softirq or timers without deadlocks.

Also add WARN()s to catch refcounting imbalances.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/net/netfilter/nf_conntrack_labels.h |  2 +-
 include/net/netns/conntrack.h               |  2 +-
 net/netfilter/nf_conntrack_labels.c         | 17 ++++++++---------
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/include/net/netfilter/nf_conntrack_labels.h b/include/net/netfilter/nf_conntrack_labels.h
index fcb19a4e8f2b..6903f72bcc15 100644
--- a/include/net/netfilter/nf_conntrack_labels.h
+++ b/include/net/netfilter/nf_conntrack_labels.h
@@ -39,7 +39,7 @@ static inline struct nf_conn_labels *nf_ct_labels_ext_add(struct nf_conn *ct)
 #ifdef CONFIG_NF_CONNTRACK_LABELS
 	struct net *net = nf_ct_net(ct);
 
-	if (net->ct.labels_used == 0)
+	if (atomic_read(&net->ct.labels_used) == 0)
 		return NULL;
 
 	return nf_ct_ext_add(ct, NF_CT_EXT_LABELS, GFP_ATOMIC);
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 1f463b3957c7..bae914815aa3 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -107,7 +107,7 @@ struct netns_ct {
 	struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;
 	struct nf_ip_net	nf_ct_proto;
 #if defined(CONFIG_NF_CONNTRACK_LABELS)
-	unsigned int		labels_used;
+	atomic_t		labels_used;
 #endif
 };
 #endif
diff --git a/net/netfilter/nf_conntrack_labels.c b/net/netfilter/nf_conntrack_labels.c
index 6e70e137a0a6..6c46aad23313 100644
--- a/net/netfilter/nf_conntrack_labels.c
+++ b/net/netfilter/nf_conntrack_labels.c
@@ -11,8 +11,6 @@
 #include <net/netfilter/nf_conntrack_ecache.h>
 #include <net/netfilter/nf_conntrack_labels.h>
 
-static DEFINE_SPINLOCK(nf_connlabels_lock);
-
 static int replace_u32(u32 *address, u32 mask, u32 new)
 {
 	u32 old, tmp;
@@ -60,23 +58,24 @@ EXPORT_SYMBOL_GPL(nf_connlabels_replace);
 
 int nf_connlabels_get(struct net *net, unsigned int bits)
 {
+	int v;
+
 	if (BIT_WORD(bits) >= NF_CT_LABELS_MAX_SIZE / sizeof(long))
 		return -ERANGE;
 
-	spin_lock(&nf_connlabels_lock);
-	net->ct.labels_used++;
-	spin_unlock(&nf_connlabels_lock);
-
 	BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);
 
+	v = atomic_inc_return_relaxed(&net->ct.labels_used);
+	WARN_ON_ONCE(v <= 0);
+
 	return 0;
 }
 EXPORT_SYMBOL_GPL(nf_connlabels_get);
 
 void nf_connlabels_put(struct net *net)
 {
-	spin_lock(&nf_connlabels_lock);
-	net->ct.labels_used--;
-	spin_unlock(&nf_connlabels_lock);
+	int v = atomic_dec_return_relaxed(&net->ct.labels_used);
+
+	WARN_ON_ONCE(v < 0);
 }
 EXPORT_SYMBOL_GPL(nf_connlabels_put);
-- 
2.30.2

next prev parent reply	other threads:[~2023-10-25 21:26 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-25 21:25 [PATCH net-next 00/19] Netfilter updates for net-next Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 01/19] netfilter: nft_set_rbtree: rename gc deactivate+erase function Pablo Neira Ayuso
2023-10-26 13:30   ` patchwork-bot+netdevbpf
2023-10-25 21:25 ` [PATCH net-next 02/19] netfilter: nft_set_rbtree: prefer sync gc to async worker Pablo Neira Ayuso
2023-11-03 17:34   ` Simon Horman
2023-11-03 17:55     ` Florian Westphal
2023-10-25 21:25 ` [PATCH net-next 03/19] netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 04/19] netfilter: nf_tables: Introduce nf_tables_getrule_single() Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 05/19] netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 06/19] br_netfilter: use single forward hook for ip and arp Pablo Neira Ayuso
2023-10-25 21:25 ` Pablo Neira Ayuso [this message]
2023-10-25 21:25 ` [PATCH net-next 08/19] netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 09/19] netfilter: nf_tables: Unconditionally allocate nft_obj_filter Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 10/19] netfilter: nf_tables: A better name for nft_obj_filter Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 11/19] netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 12/19] netfilter: nf_tables: nft_obj_filter fits into cb->ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 13/19] netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 14/19] netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 15/19] netfilter: nf_tables: set backend .flush always succeeds Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 16/19] netfilter: nf_tables: expose opaque set element as struct nft_elem_priv Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 17/19] netfilter: nf_tables: shrink memory consumption of set elements Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 18/19] netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST Pablo Neira Ayuso
2023-10-25 21:25 ` [PATCH net-next 19/19] netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fcb19a4e8f2 dfblob:6903f72bcc1 dfblob:1f463b3957c
dfblob:bae914815aa dfblob:6e70e137a0a dfblob:6c46aad2331 )
 OR (
bs:"[PATCH net-next 07/19] netfilter: conntrack: switch connlabels to atomic_t" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231025212555.132775-8-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).