lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Aug 2020 13:03:51 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Florian Westphal <fw@...len.de> Cc: netfilter-devel@...r.kernel.org, lkp@...ts.01.org, linux-kernel@...r.kernel.org, kernel test robot <rong.a.chen@...el.com> Subject: Re: [PATCH nf] netfilter: nft_compat: remove flush counter optimization On Sun, Aug 09, 2020 at 08:28:01PM +0200, Florian Westphal wrote: > WARNING: CPU: 1 PID: 16059 at lib/refcount.c:31 refcount_warn_saturate+0xdf/0xf > [..] > __nft_mt_tg_destroy+0x42/0x50 [nft_compat] > nft_target_destroy+0x63/0x80 [nft_compat] > nf_tables_expr_destroy+0x1b/0x30 [nf_tables] > nf_tables_rule_destroy+0x3a/0x70 [nf_tables] > nf_tables_exit_net+0x186/0x3d0 [nf_tables] > > Happens when a compat expr is destoyed from abort path. > There is no functional impact; after this work queue is flushed > unconditionally if its pending. > > This removes the waitcount optimization. Test of repeated > iptables-restore of a ~60k kubernetes ruleset doesn't indicate > a slowdown. In case the counter is needed after all for some workloads > we can revert this and increment the refcount for the > != NFT_PREPARE_TRANS case to avoid the increment/decrement imbalance. > > While at it, also flush for match case, this was an oversight > in the original patch. Applied, thanks.
Powered by blists - more mailing lists