1. Patchew
  2. linux
  3. [PATCH 5.15 000/779] 5.15.61-rc1 review
  4. View patch

[PATCH 5.15 154/779] netfilter: nf_tables: add rescheduling points during loop detection walks

Greg Kroah-Hartman posted 779 patches 3 years, 4 months ago
[PATCH 5.15 154/779] netfilter: nf_tables: add rescheduling points during loop detection walks
Posted by Greg Kroah-Hartman 3 years, 4 months ago 
From: Florian Westphal <fw@strlen.de>

[ Upstream commit 81ea010667417ef3f218dfd99b69769fe66c2b67 ]

Add explicit rescheduling points during ruleset walk.

Switching to a faster algorithm is possible but this is a much
smaller change, suitable for nf tree.

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1460
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/netfilter/nf_tables_api.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 13d14fcc2371..3d52a08bd560 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3248,6 +3248,8 @@ int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain)
 			if (err < 0)
 				return err;
 		}
+
+		cond_resched();
 	}
 
 	return 0;
@@ -9225,9 +9227,13 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
 				break;
 			}
 		}
+
+		cond_resched();
 	}
 
 	list_for_each_entry(set, &ctx->table->sets, list) {
+		cond_resched();
+
 		if (!nft_is_active_next(ctx->net, set))
 			continue;
 		if (!(set->flags & NFT_SET_MAP) ||
-- 
2.35.1
Re: [PATCH 5.15 154/779] netfilter: nf_tables: add rescheduling points during loop detection walks
Posted by Florian Westphal 3 years, 4 months ago 
Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> From: Florian Westphal <fw@strlen.de>
> 
> [ Upstream commit 81ea010667417ef3f218dfd99b69769fe66c2b67 ]
> 
> Add explicit rescheduling points during ruleset walk.

NAK.  There is a partial revert pending.

> @@ -9225,9 +9227,13 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
>  				break;
>  			}
>  		}
> +
> +		cond_resched();
>  	}
>  
>  	list_for_each_entry(set, &ctx->table->sets, list) {
> +		cond_resched();

Can't be used here, this can be called from atomic context.
Re: [PATCH 5.15 154/779] netfilter: nf_tables: add rescheduling points during loop detection walks
Posted by Greg Kroah-Hartman 3 years, 3 months ago 
On Mon, Aug 15, 2022 at 08:58:22PM +0200, Florian Westphal wrote:
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> > From: Florian Westphal <fw@strlen.de>
> > 
> > [ Upstream commit 81ea010667417ef3f218dfd99b69769fe66c2b67 ]
> > 
> > Add explicit rescheduling points during ruleset walk.
> 
> NAK.  There is a partial revert pending.
> 
> > @@ -9225,9 +9227,13 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx,
> >  				break;
> >  			}
> >  		}
> > +
> > +		cond_resched();
> >  	}
> >  
> >  	list_for_each_entry(set, &ctx->table->sets, list) {
> > +		cond_resched();
> 
> Can't be used here, this can be called from atomic context.

Thanks, now dropped from all branches.

greg k-h

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.