tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH

For convenience when performing GC over the connection list, make
nf_conncount_gc_list() to disable BH. This unifies the behavior with
nf_conncount_add() and nf_conncount_count().

Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Fernando Fernandez Mancera and committed by
Pablo Neira Ayuso c0362b57 be102eb6

+18 -13
+17 -7
net/netfilter/nf_conncount.c
··· 278 278 EXPORT_SYMBOL_GPL(nf_conncount_list_init); 279 279 280 280 /* Return true if the list is empty. Must be called with BH disabled. */ 281 - bool nf_conncount_gc_list(struct net *net, 282 - struct nf_conncount_list *list) 281 + static bool __nf_conncount_gc_list(struct net *net, 282 + struct nf_conncount_list *list) 283 283 { 284 284 const struct nf_conntrack_tuple_hash *found; 285 285 struct nf_conncount_tuple *conn, *conn_n; ··· 289 289 290 290 /* don't bother if we just did GC */ 291 291 if ((u32)jiffies == READ_ONCE(list->last_gc)) 292 - return false; 293 - 294 - /* don't bother if other cpu is already doing GC */ 295 - if (!spin_trylock(&list->list_lock)) 296 292 return false; 297 293 298 294 list_for_each_entry_safe(conn, conn_n, &list->head, node) { ··· 319 323 if (!list->count) 320 324 ret = true; 321 325 list->last_gc = (u32)jiffies; 322 - spin_unlock(&list->list_lock); 326 + 327 + return ret; 328 + } 329 + 330 + bool nf_conncount_gc_list(struct net *net, 331 + struct nf_conncount_list *list) 332 + { 333 + bool ret; 334 + 335 + /* don't bother if other cpu is already doing GC */ 336 + if (!spin_trylock_bh(&list->list_lock)) 337 + return false; 338 + 339 + ret = __nf_conncount_gc_list(net, list); 340 + spin_unlock_bh(&list->list_lock); 323 341 324 342 return ret; 325 343 }
+1 -6
net/netfilter/nft_connlimit.c
··· 223 223 static bool nft_connlimit_gc(struct net *net, const struct nft_expr *expr) 224 224 { 225 225 struct nft_connlimit *priv = nft_expr_priv(expr); 226 - bool ret; 227 226 228 - local_bh_disable(); 229 - ret = nf_conncount_gc_list(net, priv->list); 230 - local_bh_enable(); 231 - 232 - return ret; 227 + return nf_conncount_gc_list(net, priv->list); 233 228 } 234 229 235 230 static struct nft_expr_type nft_connlimit_type;