Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-28 16:56:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux-stable/include/linux/netfilter
History
Jozsef Kadlecsik 97f7cf1cd8 netfilter: ipset: fix performance regression in swap operation 
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.

Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.

Link: https://lore.kernel.org/lkml/C0829B10-EAA6-4809-874E-E1E9C05A8D84@automattic.com/
Fixes: 28628fa952 ("netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test")
Reported-by: Ale Crismani <ale.crismani@automattic.com>
Reported-by: David Wang <00107082@163.com>
Tested-by: David Wang <00107082@163.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2024-01-31 23:13:57 +01:00
..
ipset netfilter: ipset: fix performance regression in swap operation 2024-01-31 23:13:57 +01:00
nf_conntrack_amanda.h
nf_conntrack_common.h
nf_conntrack_dccp.h
nf_conntrack_ftp.h
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_h323.h netfilter: h323: Remove unused function declarations 2023-08-08 13:02:01 +02:00
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h netfilter: gre: Remove unused function declaration nf_ct_gre_keymap_flush() 2023-08-08 13:01:59 +02:00
nf_conntrack_sane.h
nf_conntrack_sctp.h netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp 2023-10-04 14:12:01 +02:00
nf_conntrack_sip.h
nf_conntrack_snmp.h
nf_conntrack_tcp.h
nf_conntrack_tftp.h
nf_conntrack_zones_common.h
nfnetlink_acct.h
nfnetlink_osf.h
nfnetlink.h netfilter: nf_tables: don't write table validation state without mutex 2023-04-22 01:39:40 +02:00
x_tables.h