lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 10 Aug 2018 20:51:40 +0300
From:   Vlad Buslov <>
Cc:,,,,,,,,,,,, Vlad Buslov <>
Subject: [PATCH net-next v2 00/15] Remove rtnl lock dependency from all action implementations

Currently, all netlink protocol handlers for updating rules, actions and
qdiscs are protected with single global rtnl lock which removes any
possibility for parallelism. This patch set is a second step to remove
rtnl lock dependency from TC rules update path.

Recently, new rtnl registration flag RTNL_FLAG_DOIT_UNLOCKED was added.
Handlers registered with this flag are called without RTNL taken. End
goal is to have rule update handlers(RTM_NEWTFILTER, RTM_DELTFILTER,
etc.) to be registered with UNLOCKED flag to allow parallel execution.
However, there is no intention to completely remove or split rtnl lock
itself. This patch set addresses specific problems in implementation of
tc actions that prevent their control path from being executed
concurrently. Additional changes are required to refactor classifiers
API and individual classifiers for parallel execution. This patch set
lays groundwork to eventually register rule update handlers as

Action API is already prepared for parallel execution with previous
patch set, which means that action ops that use action API for their
implementation do not require additional modifications. (delete, search,
etc.) Action API implements concurrency-safe reference counting and
guarantees that cleanup/delete is called only once, after last reference
to action is released.

The goal of this change is to update specific actions APIs that access
action private state directly, in order to be independent from external
locking. General approach is to re-use existing tcf_lock spinlock (used
by some action implementation to synchronize control path with data
path) to protect action private state from concurrent modification. If
action has rcu-protected pointer, tcf spinlock is used to protect its
update code, instead of relying on rtnl lock.

Some actions need to determine rtnl mutex status in order to release it.
For example, ife action can load additional kernel modules(meta ops) and
must make sure that no locks are held during module load. In such cases
'rtnl_held' argument is used to conditionally release rtnl mutex.

Changes from V1 to V2:
- Patch 12:
  - new patch
- Patch 14:
  - refactor gen_new_estimator() to reuse stats_lock when re-assigning
    rate estimator statistics pointer
- Remove mirred and tunnel_key helper function changes. (to be submitted
  and standalone patch)

Vlad Buslov (15):
  net: sched: act_bpf: remove dependency on rtnl lock
  net: sched: act_csum: remove dependency on rtnl lock
  net: sched: act_gact: remove dependency on rtnl lock
  net: sched: act_ife: remove dependency on rtnl lock
  net: sched: act_ipt: remove dependency on rtnl lock
  net: sched: act_pedit: remove dependency on rtnl lock
  net: sched: act_sample: remove dependency on rtnl lock
  net: sched: act_simple: remove dependency on rtnl lock
  net: sched: act_skbmod: remove dependency on rtnl lock
  net: sched: act_tunnel_key: remove dependency on rtnl lock
  net: sched: act_vlan: remove dependency on rtnl lock
  net: sched: extend action ops with put_dev callback
  net: sched: act_mirred: remove dependency on rtnl lock
  net: core: protect rate estimator statistics pointer with lock
  net: sched: act_police: remove dependency on rtnl lock

 include/net/act_api.h      |  1 +
 include/net/gen_stats.h    |  4 +--
 net/core/gen_estimator.c   | 21 ++++++-----
 net/sched/act_bpf.c        | 10 ++++--
 net/sched/act_csum.c       | 24 ++++++++-----
 net/sched/act_gact.c       | 10 ++++--
 net/sched/act_ife.c        | 40 +++++++++++++--------
 net/sched/act_ipt.c        |  3 ++
 net/sched/act_mirred.c     | 88 ++++++++++++++++++++++++++++++++--------------
 net/sched/act_pedit.c      | 40 ++++++++++-----------
 net/sched/act_police.c     |  9 +++--
 net/sched/act_sample.c     | 12 +++++--
 net/sched/act_simple.c     |  6 +++-
 net/sched/act_skbmod.c     | 14 +++++---
 net/sched/act_tunnel_key.c | 26 +++++++-------
 net/sched/act_vlan.c       | 27 +++++++-------
 net/sched/cls_api.c        |  1 +
 17 files changed, 214 insertions(+), 122 deletions(-)


Powered by blists - more mailing lists