From patchwork Wed Apr 30 12:47:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sebastian Andrzej Siewior X-Patchwork-Id: 2079460 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=linutronix.de header.i=@linutronix.de header.a=rsa-sha256 header.s=2020 header.b=oj3yLrJI; dkim=pass header.d=linutronix.de header.i=@linutronix.de header.a=ed25519-sha256 header.s=2020e header.b=2R447asm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2604:1380:4601:e00::3; helo=am.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-6999-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [IPv6:2604:1380:4601:e00::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZncTK4X38z1yNM for ; Wed, 30 Apr 2025 22:49:41 +1000 (AEST) Received: from smtp.subspace.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C31A91C043C2 for ; Wed, 30 Apr 2025 12:49:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A668425DD17; Wed, 30 Apr 2025 12:48:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="oj3yLrJI"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="2R447asm" X-Original-To: netfilter-devel@vger.kernel.org Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6EF225D534; Wed, 30 Apr 2025 12:48:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746017298; cv=none; b=oJ7N4AbkD4pfBg2/7TYc31bomV+9GTc8s9JpP7QsLKzfGY/V0hvFNCZPxjNZb+i0JI1ojdnQkLwFiMzmy9nb5qpa3VXbUQlYicFjqy+gTbfMYaBfRcNrwP76kNWhSK66i9XuKHTapIGHNDWMaNjK6AsEwtMddBxZR3vwIn4Ywgk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746017298; c=relaxed/simple; bh=Uk33jFZKOfaMLGhcGn8nbFMZJr4Y+ka3dnevkCrTwvs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KUwsRUl4+3lZtj3MwJIVGx5LcfKGX5Hhas/JxSEKNTd7hfSymP3kc6z14XS2bumQMIJTyPj+aH5qqSW5lOzMK1Vzqdvj4fEEHcAxPoz7FZumZaVgv4QRNXfO05kBIiRmva5cPaGlg+5F6pePkmztWEPJ5CwW9+lADWVABr9Bppg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=oj3yLrJI; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=2R447asm; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1746017292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jIoZaVO5iMo/IzztrbNw0WYdjKIA8wg/j9DCE9fgn3Q=; b=oj3yLrJIh7cRRbaLsVYaypLtbVfUJgkQT3JlDuXaI67NY7ww/3qZFf9cB/ioYMN7t6pCzN vce++F0KvYQGdsSVRLOW4ZrgJb0ONZtBl5fBIucUgPicZjlfYKBS44HgUDqu5LQYqMUKwi xE9h2PAUMN3oSGN4Za1F7TxgFWTtH0pr9YMLJ4RpHQyAc1mIiv+PKXgNv1ENv/nynF6QU6 6jEX5gGvblIqGYBgjGCSQbssjOR8tfCS4HAbW9mowJps5pOfeQ1++k9/lyYfIxj+LZUIOE 50zyaRKZGojd0vJmbXdcdPGkpmZ1pmAxyiazfYZLeiqFbdjQINrodzjywmkGvw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1746017292; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jIoZaVO5iMo/IzztrbNw0WYdjKIA8wg/j9DCE9fgn3Q=; b=2R447asmWdSG9TNMbT768jrNV/pqxMbV4Bko1ucK3HaIEld86U5kQZRIMArEVcs8vWmuCU RAdMm1NLPkXpaZBA== To: netdev@vger.kernel.org, linux-rt-devel@lists.linux.dev Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Thomas Gleixner , Sebastian Andrzej Siewior , Pablo Neira Ayuso , Jozsef Kadlecsik , netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH net-next v3 07/18] netfilter: nft_inner: Use nested-BH locking for nft_pcpu_tun_ctx Date: Wed, 30 Apr 2025 14:47:47 +0200 Message-ID: <20250430124758.1159480-8-bigeasy@linutronix.de> In-Reply-To: <20250430124758.1159480-1-bigeasy@linutronix.de> References: <20250430124758.1159480-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 nft_pcpu_tun_ctx is a per-CPU variable and relies on disabled BH for its locking. Without per-CPU locking in local_bh_disable() on PREEMPT_RT this data structure requires explicit locking. Make a struct with a nft_inner_tun_ctx member (original nft_pcpu_tun_ctx) and a local_lock_t and use local_lock_nested_bh() for locking. This change adds only lockdep coverage and does not alter the functional behaviour for !PREEMPT_RT. Cc: Pablo Neira Ayuso Cc: Jozsef Kadlecsik Cc: netfilter-devel@vger.kernel.org Cc: coreteam@netfilter.org Signed-off-by: Sebastian Andrzej Siewior --- net/netfilter/nft_inner.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_inner.c b/net/netfilter/nft_inner.c index 817ab978d24a1..c4569d4b92285 100644 --- a/net/netfilter/nft_inner.c +++ b/net/netfilter/nft_inner.c @@ -23,7 +23,14 @@ #include #include -static DEFINE_PER_CPU(struct nft_inner_tun_ctx, nft_pcpu_tun_ctx); +struct nft_inner_tun_ctx_locked { + struct nft_inner_tun_ctx ctx; + local_lock_t bh_lock; +}; + +static DEFINE_PER_CPU(struct nft_inner_tun_ctx_locked, nft_pcpu_tun_ctx) = { + .bh_lock = INIT_LOCAL_LOCK(bh_lock), +}; /* Same layout as nft_expr but it embeds the private expression data area. */ struct __nft_expr { @@ -237,12 +244,15 @@ static bool nft_inner_restore_tun_ctx(const struct nft_pktinfo *pkt, struct nft_inner_tun_ctx *this_cpu_tun_ctx; local_bh_disable(); - this_cpu_tun_ctx = this_cpu_ptr(&nft_pcpu_tun_ctx); + local_lock_nested_bh(&nft_pcpu_tun_ctx.bh_lock); + this_cpu_tun_ctx = this_cpu_ptr(&nft_pcpu_tun_ctx.ctx); if (this_cpu_tun_ctx->cookie != (unsigned long)pkt->skb) { local_bh_enable(); + local_unlock_nested_bh(&nft_pcpu_tun_ctx.bh_lock); return false; } *tun_ctx = *this_cpu_tun_ctx; + local_unlock_nested_bh(&nft_pcpu_tun_ctx.bh_lock); local_bh_enable(); return true; @@ -254,9 +264,11 @@ static void nft_inner_save_tun_ctx(const struct nft_pktinfo *pkt, struct nft_inner_tun_ctx *this_cpu_tun_ctx; local_bh_disable(); - this_cpu_tun_ctx = this_cpu_ptr(&nft_pcpu_tun_ctx); + local_lock_nested_bh(&nft_pcpu_tun_ctx.bh_lock); + this_cpu_tun_ctx = this_cpu_ptr(&nft_pcpu_tun_ctx.ctx); if (this_cpu_tun_ctx->cookie != tun_ctx->cookie) *this_cpu_tun_ctx = *tun_ctx; + local_unlock_nested_bh(&nft_pcpu_tun_ctx.bh_lock); local_bh_enable(); } From patchwork Wed Apr 30 12:47:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sebastian Andrzej Siewior X-Patchwork-Id: 2079461 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=linutronix.de header.i=@linutronix.de header.a=rsa-sha256 header.s=2020 header.b=bLksMYne; dkim=pass header.d=linutronix.de header.i=@linutronix.de header.a=ed25519-sha256 header.s=2020e header.b=cI4dcskP; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2604:1380:45d1:ec00::1; helo=ny.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-6998-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [IPv6:2604:1380:45d1:ec00::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZncTS108qz1yNM for ; Wed, 30 Apr 2025 22:49:48 +1000 (AEST) Received: from smtp.subspace.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A143817B249 for ; Wed, 30 Apr 2025 12:49:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DAC8325C805; Wed, 30 Apr 2025 12:48:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="bLksMYne"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="cI4dcskP" X-Original-To: netfilter-devel@vger.kernel.org Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6E6725D530; Wed, 30 Apr 2025 12:48:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746017296; cv=none; b=ktHEwG3whekugPO5TTEY90x1UWNMeGdoOiN2F/25hBQKHuNqNYM7Cve+IHhIuhp5mHDR63tpDwnHLKBqKs1P6vZUGW3GcwqRnLJOBaCrdBX4MI/WUpCiB39gkiJZtU2HBcpnyIJ0DI2535bzuC1VqlQCUcssvVda2WTl9/yphA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1746017296; c=relaxed/simple; bh=+yUG2D3x0f/Lb3r8qmXUpqYLXPdCSQNal+JN1/Z1Rlg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fP0ywAytGYTvPvAoZJkT0WwIVmLKlo+fGZQm/ENH0XWbPpmqdc/hcWAJl8ZcczzcXqzxDUa2FDhyYOaLMq5Vp9RkHoTeC84LXbIMBXMjY9wmDjrUBV7JdR6CnfSw6dUTg4AV6LJ2/I4SJ+YbUXr7s+3MSpufpvc6N9SH4P26Hrg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=bLksMYne; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=cI4dcskP; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de From: Sebastian Andrzej Siewior DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1746017293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=djPsrCEsKPBGPRhoXMSMVZb2su0XXVQRwBuY2cKpTg8=; b=bLksMYneXNpdanuvuUhxK88Lp+jG1sAqj+SpE0TattwH/p/7wpYhTdNm/Zuv/lzaiRJwQK c1jNArz160CylmYrZc4kk+uzmqkZSZy4BJAAClykLRpBeCo9v1o1B5KNxfzpTb5EEosJYm q/kFJeMbeiKU1XHq6E5bzqK1zNuSKY//WlsH14VAowv/PUPyS5dmu0hE9GtgvFIc33uKMt cgrRJe7kGNtDcua+qtIs/w7VijzJ39ZEOdOzUByT9ARg7kx8mqoyZnOgVnfWQKVhii8k47 CPhfIvBBEjgqmunfmjzyv+mb+L2EcqsfRXA+ajE8Y2XVeMIpAna74kysF4TVGQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1746017293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=djPsrCEsKPBGPRhoXMSMVZb2su0XXVQRwBuY2cKpTg8=; b=cI4dcskPEjmiQyCDywrNBKvUcNmrTLVeQmjskjdIzfwqj4xTzMOOGUT32YZyOwtmaX5ASh +HPy96f7Lfe2S3Dw== To: netdev@vger.kernel.org, linux-rt-devel@lists.linux.dev Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Thomas Gleixner , Sebastian Andrzej Siewior , Pablo Neira Ayuso , Jozsef Kadlecsik , netfilter-devel@vger.kernel.org, coreteam@netfilter.org Subject: [PATCH net-next v3 08/18] netfilter: nf_dup_netdev: Move the recursion counter struct netdev_xmit Date: Wed, 30 Apr 2025 14:47:48 +0200 Message-ID: <20250430124758.1159480-9-bigeasy@linutronix.de> In-Reply-To: <20250430124758.1159480-1-bigeasy@linutronix.de> References: <20250430124758.1159480-1-bigeasy@linutronix.de> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 nf_dup_skb_recursion is a per-CPU variable and relies on disabled BH for its locking. Without per-CPU locking in local_bh_disable() on PREEMPT_RT this data structure requires explicit locking. Move nf_dup_skb_recursion to struct netdev_xmit, provide wrappers. Cc: Pablo Neira Ayuso Cc: Jozsef Kadlecsik Cc: netfilter-devel@vger.kernel.org Cc: coreteam@netfilter.org Signed-off-by: Sebastian Andrzej Siewior --- include/linux/netdevice_xmit.h | 3 +++ net/netfilter/nf_dup_netdev.c | 22 ++++++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/include/linux/netdevice_xmit.h b/include/linux/netdevice_xmit.h index 38325e0702968..3bbbc1a9860a3 100644 --- a/include/linux/netdevice_xmit.h +++ b/include/linux/netdevice_xmit.h @@ -8,6 +8,9 @@ struct netdev_xmit { #ifdef CONFIG_NET_EGRESS u8 skip_txqueue; #endif +#if IS_ENABLED(CONFIG_NF_DUP_NETDEV) + u8 nf_dup_skb_recursion; +#endif }; #endif diff --git a/net/netfilter/nf_dup_netdev.c b/net/netfilter/nf_dup_netdev.c index a8e2425e43b0d..fab8b9011098f 100644 --- a/net/netfilter/nf_dup_netdev.c +++ b/net/netfilter/nf_dup_netdev.c @@ -15,12 +15,26 @@ #define NF_RECURSION_LIMIT 2 -static DEFINE_PER_CPU(u8, nf_dup_skb_recursion); +#ifndef CONFIG_PREEMPT_RT +static u8 *nf_get_nf_dup_skb_recursion(void) +{ + return this_cpu_ptr(&softnet_data.xmit.nf_dup_skb_recursion); +} +#else + +static u8 *nf_get_nf_dup_skb_recursion(void) +{ + return ¤t->net_xmit.nf_dup_skb_recursion; +} + +#endif static void nf_do_netdev_egress(struct sk_buff *skb, struct net_device *dev, enum nf_dev_hooks hook) { - if (__this_cpu_read(nf_dup_skb_recursion) > NF_RECURSION_LIMIT) + u8 *nf_dup_skb_recursion = nf_get_nf_dup_skb_recursion(); + + if (*nf_dup_skb_recursion > NF_RECURSION_LIMIT) goto err; if (hook == NF_NETDEV_INGRESS && skb_mac_header_was_set(skb)) { @@ -32,9 +46,9 @@ static void nf_do_netdev_egress(struct sk_buff *skb, struct net_device *dev, skb->dev = dev; skb_clear_tstamp(skb); - __this_cpu_inc(nf_dup_skb_recursion); + (*nf_dup_skb_recursion)++; dev_queue_xmit(skb); - __this_cpu_dec(nf_dup_skb_recursion); + (*nf_dup_skb_recursion)--; return; err: kfree_skb(skb);