Skip to content

Commit

Permalink
netfilter: nf_tables: free base chain counters from worker
Browse files Browse the repository at this point in the history 
No need to use synchronize_rcu() here, just swap the two pointers
and have the release occur from work queue after commit has completed.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed May 31, 2019
1 parent 5e2ad02 commit 53315ac
Showing 1 changed file with 10 additions and 16 deletions.
26 changes: 10 additions & 16 deletions net/netfilter/nf_tables_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1449,25 +1449,18 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
return newstats;
}

static void nft_chain_stats_replace(struct net *net,
struct nft_base_chain *chain,
struct nft_stats __percpu *newstats)
static void nft_chain_stats_replace(struct nft_trans *trans)
{
struct nft_stats __percpu *oldstats;
struct nft_base_chain *chain = nft_base_chain(trans->ctx.chain);

if (newstats == NULL)
if (!nft_trans_chain_stats(trans))
return;

if (rcu_access_pointer(chain->stats)) {
oldstats = rcu_dereference_protected(chain->stats,
lockdep_commit_lock_is_held(net));
rcu_assign_pointer(chain->stats, newstats);
synchronize_rcu();
free_percpu(oldstats);
} else {
rcu_assign_pointer(chain->stats, newstats);
rcu_swap_protected(chain->stats, nft_trans_chain_stats(trans),
lockdep_commit_lock_is_held(trans->ctx.net));

if (!nft_trans_chain_stats(trans))
static_branch_inc(&nft_counters_enabled);
}
}

static void nf_tables_chain_free_chain_rules(struct nft_chain *chain)
Expand Down Expand Up @@ -6360,9 +6353,9 @@ static void nft_chain_commit_update(struct nft_trans *trans)
if (!nft_is_base_chain(trans->ctx.chain))
return;

nft_chain_stats_replace(trans);

basechain = nft_base_chain(trans->ctx.chain);
nft_chain_stats_replace(trans->ctx.net, basechain,
nft_trans_chain_stats(trans));

switch (nft_trans_chain_policy(trans)) {
case NF_DROP:
Expand All @@ -6379,6 +6372,7 @@ static void nft_commit_release(struct nft_trans *trans)
nf_tables_table_destroy(&trans->ctx);
break;
case NFT_MSG_NEWCHAIN:
free_percpu(nft_trans_chain_stats(trans));
kfree(nft_trans_chain_name(trans));
break;
case NFT_MSG_DELCHAIN:
Expand Down

0 comments on commit 53315ac

Please sign in to comment.