Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229655/?format=api
{ "id": 2229655, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229655/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-4-kadlec@netfilter.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260428151913.584739-4-kadlec@netfilter.org>", "date": "2026-04-28T15:19:11", "name": "[3/5] netfilter: ipset: annotate \"pos\" for concurrent readers/writers", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "4c8dad782476491394bf029ee671f422d4b43be5", "submitter": { "id": 77226, "url": "http://patchwork.ozlabs.org/api/1.1/people/77226/?format=api", "name": "Jozsef Kadlecsik", "email": "kadlec@netfilter.org" }, "delegate": { "id": 11902, "url": "http://patchwork.ozlabs.org/api/1.1/users/11902/?format=api", "username": "strlen", "first_name": "Florian", "last_name": "Westphal", "email": "fw@strlen.de" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-4-kadlec@netfilter.org/mbox/", "series": [ { "id": 501876, "url": "http://patchwork.ozlabs.org/api/1.1/series/501876/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501876", "date": "2026-04-28T15:19:09", "name": "netfilter: ipset fixes", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501876/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229655/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229655/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12259-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=blackhole.kfki.hu header.i=@blackhole.kfki.hu\n header.a=rsa-sha256 header.s=20151130 header.b=G+I443EE;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12259-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=\"G+I443EE\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=148.6.0.51", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4kd568fVz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 01:19:53 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 616433034570\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 15:19:32 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 095EE3ACA4C;\n\tTue, 28 Apr 2026 15:19:29 +0000 (UTC)", "from smtp-out.kfki.hu (smtp-out.kfki.hu [148.6.0.51])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 50394394462\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 28 Apr 2026 15:19:23 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby smtp2.kfki.hu (Postfix) with ESMTP id 4g4kcN2N71z7s855;\n\tTue, 28 Apr 2026 17:19:16 +0200 (CEST)", "from smtp2.kfki.hu ([127.0.0.1])\n by localhost (smtp2.kfki.hu [127.0.0.1]) (amavis, port 10026) with ESMTP\n id RQGEkG-hgrRo; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)", "from mentat.rmki.kfki.hu (unknown [148.6.40.64])\n\t(Authenticated sender: kadlecsik.jozsef@wigner.hu)\n\tby smtp2.kfki.hu (Postfix) with ESMTPSA id 4g4kcK4tMSz7s857;\n\tTue, 28 Apr 2026 17:19:13 +0200 (CEST)", "by mentat.rmki.kfki.hu (Postfix, from userid 1000)\n\tid 7D3511413C5; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777389567; cv=none;\n b=KAurIzORoFdHe/yRVsp4XHPIxBfTCKv1M9PFcrI4yE/yPZJRDx+FyVYDZFxK6kunTP6OBNB6+jJBb2B8cgvS4iXVIi+vssPd9xzgy1Q8GTtEPm3US8C3+6/WzVJ4RyX21MddLO7Uelom1MK9K6Nd1W+2elyTDlyodyGZosoRJGc=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777389567; c=relaxed/simple;\n\tbh=ITnA7v/F1DvuPPmA/wUB9GEIZno4TChrND7eOq8ZZGY=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=OQMgZlRcj2bwZBXJUiGZVZ9YO9y0pueS0WYIj4jYNdQ+lGO6sTUBFquxbhTkNvcnX+rRUmnoTuq3XWO2AXflCfRB/ZxwqrZAYLL3od2id6Ct331pUhZtC2TTA7OhvmSEaZVCULtMKtCcp78aYREzA+Cs1obPD9xEUm4IBoOEYiw=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu;\n dkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=G+I443EE;\n arc=none smtp.client-ip=148.6.0.51", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tblackhole.kfki.hu; h=mime-version:references:in-reply-to\n\t:x-mailer:message-id:date:date:from:from:received:received\n\t:received; s=20151130; t=1777389553; x=1779203954; bh=SkiYUmAqLu\n\tPoVPmdekXfHm/shyVNvuXhpy51pSOKYiY=; b=G+I443EE0n9NROOfpWw/LfGcT1\n\tsZ02pwftDkXCB8lAyvDLqv32Vdzi6osegJVQiIKo+JVt1mH0wFu3c6c1DRLOI86a\n\tm6pv1S6EDb0FpiNJpwigUGG3IYpvr4evtX9CIM9suSSgW6W/XYiH2x1w2AIW9yQ3\n\tdoXIRjGsvAGJBdeJE=", "X-Virus-Scanned": "Debian amavis at smtp2.kfki.hu", "From": "Jozsef Kadlecsik <kadlec@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Cc": "Pablo Neira Ayuso <pablo@netfilter.org>", "Subject": "[PATCH 3/5] netfilter: ipset: annotate \"pos\" for concurrent\n readers/writers", "Date": "Tue, 28 Apr 2026 17:19:11 +0200", "Message-Id": "<20260428151913.584739-4-kadlec@netfilter.org>", "X-Mailer": "git-send-email 2.39.5", "In-Reply-To": "<20260428151913.584739-1-kadlec@netfilter.org>", "References": "<20260428151913.584739-1-kadlec@netfilter.org>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "quoted-printable" }, "content": "The \"pos\" structure member of struct hbucket stores the first\nfree slot in the hash bucket of a hash type of set and there\nare concurrent readers/writers. Annotate accesses properly.\n\nSigned-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>\n---\n net/netfilter/ipset/ip_set_hash_gen.h | 62 ++++++++++++++++-----------\n 1 file changed, 38 insertions(+), 24 deletions(-)", "diff": "diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h\nindex 133ce4611eed..04e4627ddfc1 100644\n--- a/net/netfilter/ipset/ip_set_hash_gen.h\n+++ b/net/netfilter/ipset/ip_set_hash_gen.h\n@@ -386,8 +386,9 @@ static void\n mtype_ext_cleanup(struct ip_set *set, struct hbucket *n)\n {\n \tint i;\n+\tu8 pos = smp_load_acquire(&n->pos);\n \n-\tfor (i = 0; i < n->pos; i++)\n+\tfor (i = 0; i < pos; i++)\n \t\tif (test_bit(i, n->used))\n \t\t\tip_set_ext_destroy(set, ahash_data(n, i, set->dsize));\n }\n@@ -490,7 +491,7 @@ mtype_gc_do(struct ip_set *set, struct htype *h, struct htable *t, u32 r)\n #ifdef IP_SET_HASH_WITH_NETS\n \tu8 k;\n #endif\n-\tu8 htable_bits = t->htable_bits;\n+\tu8 pos, htable_bits = t->htable_bits;\n \n \tspin_lock_bh(&t->hregion[r].lock);\n \tfor (i = ahash_bucket_start(r, htable_bits);\n@@ -498,7 +499,8 @@ mtype_gc_do(struct ip_set *set, struct htype *h, struct htable *t, u32 r)\n \t\tn = __ipset_dereference(hbucket(t, i));\n \t\tif (!n)\n \t\t\tcontinue;\n-\t\tfor (j = 0, d = 0; j < n->pos; j++) {\n+\t\tpos = smp_load_acquire(&n->pos);\n+\t\tfor (j = 0, d = 0; j < pos; j++) {\n \t\t\tif (!test_bit(j, n->used)) {\n \t\t\t\td++;\n \t\t\t\tcontinue;\n@@ -534,7 +536,7 @@ mtype_gc_do(struct ip_set *set, struct htype *h, struct htable *t, u32 r)\n \t\t\t\t/* Still try to delete expired elements. */\n \t\t\t\tcontinue;\n \t\t\ttmp->size = n->size - AHASH_INIT_SIZE;\n-\t\t\tfor (j = 0, d = 0; j < n->pos; j++) {\n+\t\t\tfor (j = 0, d = 0; j < pos; j++) {\n \t\t\t\tif (!test_bit(j, n->used))\n \t\t\t\t\tcontinue;\n \t\t\t\tdata = ahash_data(n, j, dsize);\n@@ -623,7 +625,7 @@ mtype_resize(struct ip_set *set, bool retried)\n {\n \tstruct htype *h = set->data;\n \tstruct htable *t, *orig;\n-\tu8 htable_bits;\n+\tu8 pos, htable_bits;\n \tsize_t hsize, dsize = set->dsize;\n #ifdef IP_SET_HASH_WITH_NETS\n \tu8 flags;\n@@ -685,7 +687,8 @@ mtype_resize(struct ip_set *set, bool retried)\n \t\t\tn = __ipset_dereference(hbucket(orig, i));\n \t\t\tif (!n)\n \t\t\t\tcontinue;\n-\t\t\tfor (j = 0; j < n->pos; j++) {\n+\t\t\tpos = smp_load_acquire(&n->pos);\n+\t\t\tfor (j = 0; j < pos; j++) {\n \t\t\t\tif (!test_bit(j, n->used))\n \t\t\t\t\tcontinue;\n \t\t\t\tdata = ahash_data(n, j, dsize);\n@@ -809,9 +812,10 @@ mtype_ext_size(struct ip_set *set, u32 *elements, size_t *ext_size)\n {\n \tstruct htype *h = set->data;\n \tconst struct htable *t;\n-\tu32 i, j, r;\n \tstruct hbucket *n;\n \tstruct mtype_elem *data;\n+\tu32 i, j, r;\n+\tu8 pos;\n \n \tt = rcu_dereference_bh(h->table);\n \tfor (r = 0; r < ahash_numof_locks(t->htable_bits); r++) {\n@@ -820,7 +824,8 @@ mtype_ext_size(struct ip_set *set, u32 *elements, size_t *ext_size)\n \t\t\tn = rcu_dereference_bh(hbucket(t, i));\n \t\t\tif (!n)\n \t\t\t\tcontinue;\n-\t\t\tfor (j = 0; j < n->pos; j++) {\n+\t\t\tpos = smp_load_acquire(&n->pos);\n+\t\t\tfor (j = 0; j < pos; j++) {\n \t\t\t\tif (!test_bit(j, n->used))\n \t\t\t\t\tcontinue;\n \t\t\t\tdata = ahash_data(n, j, set->dsize);\n@@ -844,10 +849,11 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tconst struct mtype_elem *d = value;\n \tstruct mtype_elem *data;\n \tstruct hbucket *n, *old = ERR_PTR(-ENOENT);\n-\tint i, j = -1, npos = 0, ret;\n+\tint i, j = -1, ret;\n \tbool flag_exist = flags & IPSET_FLAG_EXIST;\n \tbool deleted = false, forceadd = false, reuse = false;\n \tu32 r, key, multi = 0, elements, maxelem;\n+\tu8 npos = 0;\n \n \trcu_read_lock_bh();\n \tt = rcu_dereference_bh(h->table);\n@@ -889,8 +895,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\t\text_size(AHASH_INIT_SIZE, set->dsize);\n \t\tgoto copy_elem;\n \t}\n-\tnpos = n->pos;\n-\tfor (i = 0; i < n->pos; i++) {\n+\tnpos = smp_load_acquire(&n->pos);\n+\tfor (i = 0; i < npos; i++) {\n \t\tif (!test_bit(i, n->used)) {\n \t\t\t/* Reuse first deleted entry */\n \t\t\tif (j == -1) {\n@@ -934,7 +940,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tif (elements >= maxelem)\n \t\tgoto set_full;\n \t/* Create a new slot */\n-\tif (n->pos >= n->size) {\n+\tif (npos >= n->size) {\n #ifdef IP_SET_HASH_WITH_MULTI\n \t\tif (h->bucketsize >= AHASH_MAX_TUNED)\n \t\t\tgoto set_full;\n@@ -963,8 +969,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t}\n \n copy_elem:\n-\tj = npos;\n-\tnpos = n->pos + 1;\n+\tj = npos++;\n \tdata = ahash_data(n, j, set->dsize);\n copy_data:\n \tt->hregion[r].elements++;\n@@ -987,7 +992,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tif (SET_WITH_TIMEOUT(set))\n \t\tip_set_timeout_set(ext_timeout(data, set), ext->timeout);\n \tsmp_mb__before_atomic();\n-\tn->pos = npos;\n+\t/* Ensure all data writes are visible before updating position */\n+\tsmp_store_release(&n->pos, npos);\n \tset_bit(j, n->used);\n \tif (old != ERR_PTR(-ENOENT)) {\n \t\trcu_assign_pointer(hbucket(t, key), n);\n@@ -1046,6 +1052,7 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tint i, j, k, r, ret = -IPSET_ERR_EXIST;\n \tu32 key, multi = 0;\n \tsize_t dsize = set->dsize;\n+\tu8 pos;\n \n \t/* Userspace add and resize is excluded by the mutex.\n \t * Kernespace add does not trigger resize.\n@@ -1061,7 +1068,8 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tn = rcu_dereference_bh(hbucket(t, key));\n \tif (!n)\n \t\tgoto out;\n-\tfor (i = 0, k = 0; i < n->pos; i++) {\n+\tpos = smp_load_acquire(&n->pos);\n+\tfor (i = 0, k = 0; i < pos; i++) {\n \t\tif (!test_bit(i, n->used)) {\n \t\t\tk++;\n \t\t\tcontinue;\n@@ -1075,8 +1083,8 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\tret = 0;\n \t\tclear_bit(i, n->used);\n \t\tsmp_mb__after_atomic();\n-\t\tif (i + 1 == n->pos)\n-\t\t\tn->pos--;\n+\t\tif (i + 1 == pos)\n+\t\t\tsmp_store_release(&n->pos, --pos);\n \t\tt->hregion[r].elements--;\n #ifdef IP_SET_HASH_WITH_NETS\n \t\tfor (j = 0; j < IPSET_NET_COUNT; j++)\n@@ -1097,11 +1105,11 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\t\t\tx->flags = flags;\n \t\t\t}\n \t\t}\n-\t\tfor (; i < n->pos; i++) {\n+\t\tfor (; i < pos; i++) {\n \t\t\tif (!test_bit(i, n->used))\n \t\t\t\tk++;\n \t\t}\n-\t\tif (k == n->pos) {\n+\t\tif (k == pos) {\n \t\t\tt->hregion[r].ext_size -= ext_size(n->size, dsize);\n \t\t\trcu_assign_pointer(hbucket(t, key), NULL);\n \t\t\tkfree_rcu(n, rcu);\n@@ -1112,7 +1120,7 @@ mtype_del(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\t\tif (!tmp)\n \t\t\t\tgoto out;\n \t\t\ttmp->size = n->size - AHASH_INIT_SIZE;\n-\t\t\tfor (j = 0, k = 0; j < n->pos; j++) {\n+\t\t\tfor (j = 0, k = 0; j < pos; j++) {\n \t\t\t\tif (!test_bit(j, n->used))\n \t\t\t\t\tcontinue;\n \t\t\t\tdata = ahash_data(n, j, dsize);\n@@ -1173,6 +1181,7 @@ mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,\n \tint ret, i, j = 0;\n #endif\n \tu32 key, multi = 0;\n+\tu8 pos;\n \n \tpr_debug(\"test by nets\\n\");\n \tfor (; j < NLEN && h->nets[j].cidr[0] && !multi; j++) {\n@@ -1190,7 +1199,8 @@ mtype_test_cidrs(struct ip_set *set, struct mtype_elem *d,\n \t\tn = rcu_dereference_bh(hbucket(t, key));\n \t\tif (!n)\n \t\t\tcontinue;\n-\t\tfor (i = 0; i < n->pos; i++) {\n+\t\tpos = smp_load_acquire(&n->pos);\n+\t\tfor (i = 0; i < pos; i++) {\n \t\t\tif (!test_bit(i, n->used))\n \t\t\t\tcontinue;\n \t\t\tdata = ahash_data(n, i, set->dsize);\n@@ -1224,6 +1234,7 @@ mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tstruct mtype_elem *data;\n \tint i, ret = 0;\n \tu32 key, multi = 0;\n+\tu8 pos;\n \n \trcu_read_lock_bh();\n \tt = rcu_dereference_bh(h->table);\n@@ -1246,7 +1257,8 @@ mtype_test(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\tret = 0;\n \t\tgoto out;\n \t}\n-\tfor (i = 0; i < n->pos; i++) {\n+\tpos = smp_load_acquire(&n->pos);\n+\tfor (i = 0; i < pos; i++) {\n \t\tif (!test_bit(i, n->used))\n \t\t\tcontinue;\n \t\tdata = ahash_data(n, i, set->dsize);\n@@ -1363,6 +1375,7 @@ mtype_list(const struct ip_set *set,\n \t/* We assume that one hash bucket fills into one page */\n \tvoid *incomplete;\n \tint i, ret = 0;\n+\tu8 pos;\n \n \tatd = nla_nest_start(skb, IPSET_ATTR_ADT);\n \tif (!atd)\n@@ -1381,7 +1394,8 @@ mtype_list(const struct ip_set *set,\n \t\t\t cb->args[IPSET_CB_ARG0], t, n);\n \t\tif (!n)\n \t\t\tcontinue;\n-\t\tfor (i = 0; i < n->pos; i++) {\n+\t\tpos = smp_load_acquire(&n->pos);\n+\t\tfor (i = 0; i < pos; i++) {\n \t\t\tif (!test_bit(i, n->used))\n \t\t\t\tcontinue;\n \t\t\te = ahash_data(n, i, set->dsize);\n", "prefixes": [ "3/5" ] }