Hi Florian, Pablo,
On Sat, Sep 9, 2017 at 9:21 PM, Linux Kernel Mailing List
<linux-ker...@vger.kernel.org> wrote:
> Web:
> https://git.kernel.org/torvalds/c/8073e960a03bf7b5d5ebfc5ff18ac475e1688f46
> Commit: 8073e960a03bf7b5d5ebfc5ff18ac475e1688f46
> Parent: e1bf1687740ce1a3598a1c5e452b852ff2190682
> Refname: refs/heads/master
> Author: Florian Westphal <f...@strlen.de>
> AuthorDate: Wed Sep 6 14:39:52 2017 +0200
> Committer: Pablo Neira Ayuso <pa...@netfilter.org>
> CommitDate: Fri Sep 8 18:55:52 2017 +0200
>
> netfilter: nat: use keyed locks
>
> no need to serialize on a single lock, we can partition the table and
> add/delete in parallel to different slots.
> This restores one of the advantages that got lost with the rhlist
> revert.
>
> Cc: Ivan Babrou <ibob...@gmail.com>
> Signed-off-by: Florian Westphal <f...@strlen.de>
> Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
> ---
> net/netfilter/nf_nat_core.c | 36 ++++++++++++++++++++++++------------
> 1 file changed, 24 insertions(+), 12 deletions(-)
>
> diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
> index f090419f5f97..f393a7086025 100644
> --- a/net/netfilter/nf_nat_core.c
> +++ b/net/netfilter/nf_nat_core.c
> @@ -30,7 +30,7 @@
> #include <net/netfilter/nf_conntrack_zones.h>
> #include <linux/netfilter/nf_nat.h>
>
> -static DEFINE_SPINLOCK(nf_nat_lock);
> +static spinlock_t nf_nat_locks[CONNTRACK_LOCKS];
>
> static DEFINE_MUTEX(nf_nat_proto_mutex);
> static const struct nf_nat_l3proto __rcu *nf_nat_l3protos[NFPROTO_NUMPROTO]
> @@ -425,13 +425,15 @@ nf_nat_setup_info(struct nf_conn *ct,
>
> if (maniptype == NF_NAT_MANIP_SRC) {
> unsigned int srchash;
> + spinlock_t *lock;
>
> srchash = hash_by_src(net,
>
> &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
> - spin_lock_bh(&nf_nat_lock);
> + lock = &nf_nat_locks[srchash % ARRAY_SIZE(nf_nat_locks)];
> + spin_lock_bh(lock);
If no spinlock debugging options (CONFIG_GENERIC_LOCKBREAK,
CONFIG_DEBUG_SPINLOCK, CONFIG_DEBUG_LOCK_ALLOC) are enabled on a UP platform
(e.g. m68k defconfig), arch_spinlock_t is an empty struct, and thus
ARRAY_SIZE(nf_nat_locks)] is zero, leading to:
net/netfilter/nf_nat_core.c: In function ‘nf_nat_setup_info’:
net/netfilter/nf_nat_core.c:432: warning: division by zero
net/netfilter/nf_nat_core.c: In function ‘__nf_nat_cleanup_conntrack’:
net/netfilter/nf_nat_core.c:535: warning: division by zero
net/netfilter/nf_nat_core.c:537: warning: division by zero
net/netfilter/nf_nat_core.c: In function ‘nf_nat_init’:
net/netfilter/nf_nat_core.c:810: warning: division by zero
net/netfilter/nf_nat_core.c:811: warning: division by zero
net/netfilter/nf_nat_core.c:824: warning: division by zero
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
