The commit is pushed to "branch-rh7-3.10.0-1160.99.1.vz7.211.x-ovz" and will
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.99.1.vz7.211.2
------>
commit e188c6567a0803c1223450f2f5b6ac221b528ca2
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date: Wed Nov 1 18:46:55 2023 +0800
netfilter: nf_tables: use list_entry_rcu in nft_do_chain
We already use list_for_each_entry_continue_rcu two lines below, it is
thus logical to also use list_entry_rcu there.
https://virtuozzo.atlassian.net/browse/PSBM-150147
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
=================
Patchset description:
netfilter: nf_tables: switch read path to rcu
We have a customer claiming that iptables-nft takes too long to list
rules from container on big systems. So we remove global nfnl_lock from
read code paths and replace it with rcu to improve perfomane for that
case.
https://virtuozzo.atlassian.net/browse/PSBM-150147
Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Florian Westphal (2):
netfilter: nf_tables: use call_rcu in netlink dumps
netfilter: nf_tables: fix oops during rule dump
Pavel Tikhomirov (1):
netfilter: nf_tables: use list_entry_rcu in nft_do_chain
---
net/netfilter/nf_tables_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 81ccbca32fa8..2fc814445af1 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -141,7 +141,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct
nf_hook_ops *ops)
nft_trace_init(&info, pkt, ®s.verdict, basechain);
do_chain:
rulenum = 0;
- rule = list_entry(&chain->rules, struct nft_rule, list);
+ rule = list_entry_rcu(&chain->rules, struct nft_rule, list);
next_rule:
regs.verdict.code = NFT_CONTINUE;
list_for_each_entry_continue_rcu(rule, &chain->rules, list) {
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
