| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Apr 2009 17:34:36 +0800
From: Lai Jiangshan <laijs@...fujitsu.com>
To: Eric Dumazet <dada1@...mosbay.com>
CC: Evgeniy Polyakov <zbr@...emap.net>,
Stephen Hemminger <shemminger@...tta.com>,
Paul Mackerras <paulus@...ba.org>, paulmck@...ux.vnet.ibm.com,
David Miller <davem@...emloft.net>, kaber@...sh.net,
torvalds@...ux-foundation.org, jeff.chua.linux@...il.com,
mingo@...e.hu, jengelh@...ozas.de, r000n@...0n.net,
linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
netdev@...r.kernel.org, benh@...nel.crashing.org,
mathieu.desnoyers@...ymtl.ca
Subject: Re: [PATCH] netfilter: use per-cpu recursive lock (v11)
Eric Dumazet wrote:
> Evgeniy Polyakov a écrit :
>> Hi.
>>
>> On Tue, Apr 21, 2009 at 02:52:30PM +0800, Lai Jiangshan (laijs@...fujitsu.com) wrote:
>>>> +void xt_info_rdlock_bh(void)
>>>>> +{
>>>>> + struct xt_info_lock *lock;
>>>>> +
>>>>> + preempt_disable();
>>>>> + lock = &__get_cpu_var(xt_info_locks);
>>>>> + if (likely(++lock->depth == 0))
>>> So what happen when xt_info_rdlock_bh() called recursively here?
>>>
>>>>> + spin_lock_bh(&lock->lock);
>>>>> + preempt_enable_no_resched();
>>>>> +}
>>>>> +EXPORT_SYMBOL_GPL(xt_info_rdlock_bh);
>>>>> +
>>> ----------
>>> Is this OK? (Now I suppose we can enter the read-side critical region
>>> in irq context)
>>>
>>> void xt_info_rdlock_bh(void)
>>> {
>>> unsigned long flags;
>>> struct xt_info_lock *lock;
>>>
>>> local_irq_save(flags);
>>> lock = &__get_cpu_var(xt_info_locks);
>>> if (likely(++lock->depth == 0))
>>> spin_lock_bh(&lock->lock);
>>> local_irq_restore(flags);
>>> }
>> Netfilter as long as other generic network pathes are never accessed
>> from interrupt context, but your analysis looks right for the softirq
>> case.
>>
>> Stephen, should preempt_disable() be replaced with local_bh_disable() to
>> prevent softirq to race on the same cpu for the lock's depth field? Or
>> can it be made atomic?
>>
>
>
> Maybe just dont care about calling several time local_bh_disable()
> (since we were doing this in previous kernels anyway, we used to call read_lock_bh())
>
> This shortens fastpath, is faster than local_irq_save()/local_irq_restore(),
> and looks better.
>
> void xt_info_rdlock_bh(void)
> {
> struct xt_info_lock *lock;
>
> local_bh_disable();
> lock = &__get_cpu_var(xt_info_locks);
> if (likely(++lock->depth == 0))
> spin_lock(&lock->lock);
> }
This two functions is OK. But...
>
> void xt_info_rdunlock_bh(void)
> {
> struct xt_info_lock *lock = &__get_cpu_var(xt_info_locks);
>
> BUG_ON(lock->depth < 0);
> if (likely(--lock->depth < 0))
> spin_unlock(&lock->lock);
> local_bh_enable();
> }
>
>
David said:
Netfilter itself, is nesting.
When using bridging netfilter, iptables can be entered twice
in the same call chain.
And Stephen said:
In this version, I was trying to use/preserve the optimizations that
are done in spin_unlock_bh().
So:
void xt_info_rdlock_bh(void)
{
struct xt_info_lock *lock;
preempt_disable();
lock = &__get_cpu_var(xt_info_locks);
if (likely(lock->depth < 0))
spin_lock_bh(&lock->lock);
/* softirq is disabled now */
++lock->depth;
preempt_enable_no_resched();
}
xt_info_rdunlock_bh() is the same as v11.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists