Re: [PATCH v3] netfilter: nf_conntrack: use safer way to lock all buckets

From: Pablo Neira Ayuso
Date: Tue Jan 19 2016 - 14:10:05 EST

Next message: Duc Dang: "Re: [PATCH 1/3] irqchip/GIC: Add workaround for aliased GIC400"
Previous message: Andy Lutomirski: "Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
In reply to: Sasha Levin: "[PATCH v3] netfilter: nf_conntrack: use safer way to lock all buckets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 18, 2016 at 07:23:51PM -0500, Sasha Levin wrote:
> When we need to lock all buckets in the connection hashtable we'd attempt to
> lock 1024 spinlocks, which is way more preemption levels than supported by
> the kernel. Furthermore, this behavior was hidden by checking if lockdep is
> enabled, and if it was - use only 8 buckets(!).
>
> Fix this by using a global lock and synchronize all buckets on it when we
> need to lock them all. This is pretty heavyweight, but is only done when we
> need to resize the hashtable, and that doesn't happen often enough (or at all).
>
> Acked-by: Jesper Dangaard Brouer <brouer@xxxxxxxxxx>
> Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>

Applied, thanks.

I'm including the Reviewed-by tag from Florian in this patch.

Next message: Duc Dang: "Re: [PATCH 1/3] irqchip/GIC: Add workaround for aliased GIC400"
Previous message: Andy Lutomirski: "Re: [PATCH v4 8/8] x86, vdso: mark vDSO read-only after init"
In reply to: Sasha Levin: "[PATCH v3] netfilter: nf_conntrack: use safer way to lock all buckets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]