| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iLetxqpxpSBpQztPcg=av38nGNr2VpOo7HARrbqubREyg@mail.gmail.com>
Date: Fri, 30 Jan 2026 11:32:33 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: lirongqing <lirongqing@...du.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>, Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>, Phil Sutter <phil@....cc>, "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org
Subject: Re: [PATCH] netfilter: conntrack: remove __read_mostly from nf_conntrack_generation
On Fri, Jan 30, 2026 at 6:02 AM lirongqing <lirongqing@...du.com> wrote:
>
> From: Li RongQing <lirongqing@...du.com>
>
> The nf_conntrack_generation sequence counter is updated whenever
> conntrack table generations are bumped (e.g., during netns exit or
> heavy garbage collection). Under certain workloads, these updates
> can be frequent enough that the variable no longer fits the
> "read-mostly" criteria.
>
> Applying __read_mostly to a variable that is updated regularly can
> lead to cache line bouncing and performance degradation for other
> variables residing in the same section. Remove the annotation to
> let the variable reside in the standard data section.
>
> Signed-off-by: Li RongQing <lirongqing@...du.com>
> ---
> net/netfilter/nf_conntrack_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> index d1f8eb7..233a281 100644
> --- a/net/netfilter/nf_conntrack_core.c
> +++ b/net/netfilter/nf_conntrack_core.c
> @@ -204,7 +204,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
>
> unsigned int nf_conntrack_max __read_mostly;
> EXPORT_SYMBOL_GPL(nf_conntrack_max);
> -seqcount_spinlock_t nf_conntrack_generation __read_mostly;
> +seqcount_spinlock_t nf_conntrack_generation;
> static siphash_aligned_key_t nf_conntrack_hash_rnd;
>
What about nf_conntrack_hash_rnd ?
I _think_ this needs to be __read_mostly, regardless of its current
location (it might by accident share a mostly read cache line),
especially if your patch puts nf_conntrack_generation in the same
cache line than nf_conntrack_hash_rnd.
Same remark for nf_ct_expect_hashrnd
diff --git a/net/netfilter/nf_conntrack_core.c
b/net/netfilter/nf_conntrack_core.c
index d1f8eb725d4223e042b02ab86ba89b9b7caf75f5..0a705fab2bb73f7590647ff06d7066395e6eea66
100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -204,8 +204,8 @@ EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
unsigned int nf_conntrack_max __read_mostly;
EXPORT_SYMBOL_GPL(nf_conntrack_max);
-seqcount_spinlock_t nf_conntrack_generation __read_mostly;
-static siphash_aligned_key_t nf_conntrack_hash_rnd;
+seqcount_spinlock_t nf_conntrack_generation;
+static siphash_aligned_key_t nf_conntrack_hash_rnd __read_mostly;
static u32 hash_conntrack_raw(const struct nf_conntrack_tuple *tuple,
unsigned int zoneid,
diff --git a/net/netfilter/nf_conntrack_expect.c
b/net/netfilter/nf_conntrack_expect.c
index cfc2daa3fc7f340937898b4bef0769fd31f801b5..4dae405527febf913af43c49ddb2961a8f05e0e4
100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -41,7 +41,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hash);
unsigned int nf_ct_expect_max __read_mostly;
static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
-static siphash_aligned_key_t nf_ct_expect_hashrnd;
+static siphash_aligned_key_t nf_ct_expect_hashrnd __read_mostly;
/* nf_conntrack_expect helper functions */
void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
Thanks.
Powered by blists - more mailing lists