From patchwork Tue Jan 10 13:32:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Desrochers X-Patchwork-Id: 713260 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3tyXy74ZMsz9sf9; Wed, 11 Jan 2017 00:32:31 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical-com.20150623.gappssmtp.com header.i=@canonical-com.20150623.gappssmtp.com header.b="PDfcImKh"; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1cQwXM-0000z8-Hk; Tue, 10 Jan 2017 13:32:28 +0000 Received: from mail-it0-f53.google.com ([209.85.214.53]) by huckleberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1cQwXG-0000uk-Mr for kernel-team@lists.ubuntu.com; Tue, 10 Jan 2017 13:32:22 +0000 Received: by mail-it0-f53.google.com with SMTP id r185so47654413ita.0 for ; Tue, 10 Jan 2017 05:32:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=LuW97EYsQdEf802owZCYJTnOk9u1t2pvEycIhsOzHT8=; b=PDfcImKhG/YN7hb+niThX/5iAWvLfYAKnXs8N3A1JCkofbQh9uZNCVIPpR7t3arsNF IitvL6xUgmncg5wKG+fpfTS1pg9GHQftO1TN8Gh5ZfCPTznXJ1AVYYYN8cs4fk9ixKWk XOEm1jKJfDPjBwGhG01gy+afChJd0q71/WkT/q6HqycTw80Cdk15CxFckTcmcEj8mKry Hwn3ncbPbQ0ltfjxJw/q3UQJn5V6ICn3+RiQEfKRSa05zXfJDtIXoAQ+h6VclK7BgKie 8Po/DF53iwmCnLVl35RMuu3I2++uE4jX09FerwjQJaVL3NKs7S778BOjsL4mYfSnwOlk CLGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=LuW97EYsQdEf802owZCYJTnOk9u1t2pvEycIhsOzHT8=; b=VGBW5b9fcwOU9x8yK4pgNKm1yKXIigyIEIKwa10p9c/IV+ljzGVwtSpmcayQ/BKN78 d05JMN+uh2yl0zvGwAuNvl14i+klZ2R4XGK2g/eDiuGkmAJj/+jCEs/+ss1EIY49rIgT WiuUGvnV8FterLuO2baD9JKcYQkk7YwPz9pp/HNX9Keuui+IkTDr4fxS206gYxoEfGuQ ETKu9EXWgglka+NGrFTXKmvVL2eAPFReIW1j1NMiJqBGt2V2kYTsjGqYJM1nON/e+ktL hOBbf5bYexD9hQzmoWVCGIq4LgQuqOq24y4kndkZh4aXhzVD+OZmM9TdVBLDVRNZiJt5 6ODA== X-Gm-Message-State: AIkVDXJwxR4Vuw56Yh0bJAPjF5/heupCFjkCWO3sCncN/CB+JvGBIxUuhiYzsnU2+flApTKu X-Received: by 10.36.55.137 with SMTP id r131mr8615029itr.86.1484055141371; Tue, 10 Jan 2017 05:32:21 -0800 (PST) Received: from macbuntu.slashd.local (modemcable057.191-130-66.mc.videotron.ca. [66.130.191.57]) by smtp.gmail.com with ESMTPSA id 184sm307290itx.0.2017.01.10.05.32.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 10 Jan 2017 05:32:20 -0800 (PST) From: Eric Desrochers To: kernel-team@lists.ubuntu.com Subject: [PATCH 2/3][SRU][X] netfilter: x_tables: pass xt_counters struct to counter allocator Date: Tue, 10 Jan 2017 08:32:16 -0500 Message-Id: <1484055137-5488-3-git-send-email-eric.desrochers@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1484055137-5488-1-git-send-email-eric.desrochers@canonical.com> References: <1484055137-5488-1-git-send-email-eric.desrochers@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com From: Florian Westphal BugLink: https://bugs.launchpad.net/bugs/1640786 Keeps some noise away from a followup patch. Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso (backported from commit f28e15bacedd444608e25421c72eb2cf4527c9ca) Signed-off-by: Eric Desrochers --- include/linux/netfilter/x_tables.h | 27 +-------------------------- net/ipv4/netfilter/arp_tables.c | 3 +-- net/ipv4/netfilter/ip_tables.c | 3 +-- net/ipv6/netfilter/ip6_tables.c | 3 +-- net/netfilter/x_tables.c | 30 ++++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 32 deletions(-) diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index b923cc7..2b9d09a 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -365,32 +365,7 @@ static inline unsigned long ifname_compare_aligned(const char *_a, } -/* On SMP, ip(6)t_entry->counters.pcnt holds address of the - * real (percpu) counter. On !SMP, its just the packet count, - * so nothing needs to be done there. - * - * xt_percpu_counter_alloc returns the address of the percpu - * counter, or 0 on !SMP. We force an alignment of 16 bytes - * so that bytes/packets share a common cache line. - * - * Hence caller must use IS_ERR_VALUE to check for error, this - * allows us to return 0 for single core systems without forcing - * callers to deal with SMP vs. NONSMP issues. - */ -static inline u64 xt_percpu_counter_alloc(void) -{ - if (nr_cpu_ids > 1) { - void __percpu *res = __alloc_percpu(sizeof(struct xt_counters), - sizeof(struct xt_counters)); - - if (res == NULL) - return (u64) -ENOMEM; - - return (u64) (__force unsigned long) res; - } - - return 0; -} +bool xt_percpu_counter_alloc(struct xt_counters *counters); void xt_percpu_counter_free(struct xt_counters *cnt); static inline struct xt_counters * diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 6219e80..dd71c88 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -532,8 +532,7 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) struct xt_target *target; int ret; - e->counters.pcnt = xt_percpu_counter_alloc(); - if (IS_ERR_VALUE(e->counters.pcnt)) + if (!xt_percpu_counter_alloc(&e->counters)) return -ENOMEM; t = arpt_get_target(e); diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index e6e3499..3630a15 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -674,8 +674,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, struct xt_mtchk_param mtpar; struct xt_entry_match *ematch; - e->counters.pcnt = xt_percpu_counter_alloc(); - if (IS_ERR_VALUE(e->counters.pcnt)) + if (!xt_percpu_counter_alloc(&e->counters)) return -ENOMEM; j = 0; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index e1d2b64..2b0d757 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -687,8 +687,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, struct xt_mtchk_param mtpar; struct xt_entry_match *ematch; - e->counters.pcnt = xt_percpu_counter_alloc(); - if (IS_ERR_VALUE(e->counters.pcnt)) + if (!xt_percpu_counter_alloc(&e->counters)) return -ENOMEM; j = 0; diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 847063c..1e6ef6a 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1550,6 +1550,36 @@ void xt_proto_fini(struct net *net, u_int8_t af) } EXPORT_SYMBOL_GPL(xt_proto_fini); +/** + * xt_percpu_counter_alloc - allocate x_tables rule counter + * + * @counter: pointer to counter struct inside the ip(6)/arpt_entry struct + * + * On SMP, the packet counter [ ip(6)t_entry->counters.pcnt ] will then + * contain the address of the real (percpu) counter. + * + * Rule evaluation needs to use xt_get_this_cpu_counter() helper + * to fetch the real percpu counter. + * + * returns false on error. + */ +bool xt_percpu_counter_alloc(struct xt_counters *counter) +{ + void __percpu *res; + + if (nr_cpu_ids <= 1) + return true; + + res = __alloc_percpu(sizeof(struct xt_counters), + sizeof(struct xt_counters)); + if (!res) + return false; + + counter->pcnt = (__force unsigned long)res; + return true; +} +EXPORT_SYMBOL_GPL(xt_percpu_counter_alloc); + void xt_percpu_counter_free(struct xt_counters *counters) { unsigned long pcnt = counters->pcnt;