ACK: [SRU][F:linux-bluefield][PATCH] netfilter: flowtable: Use rw sem as flow block lock

Wed May 19 13:25:30 UTC 2021

On 19.05.21 15:15, Kleber Souza wrote:
> On 18.05.21 23:43, Daniel Jurgens wrote:
>> From: Paul Blakey <paulb at mellanox.com>
>>
>> BugLink: https://bugs.launchpad.net/bugs/1927251
>>
>> Currently flow offload threads are synchronized by the flow block mutex.
>> Use rw lock instead to increase flow insertion (read) concurrency.
>>
>> Signed-off-by: Paul Blakey <paulb at mellanox.com>
>> Reviewed-by: Oz Shlomo <ozsh at mellanox.com>
>> Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
>> (backported from commit 422c032afcf57d5e8109a54912e22ffc53d99068)
>> Signed-off-by: Daniel Jurgens <danielj at nvidia.com>
> 
> Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> 
> Thanks
> 
>>
>> ---
>>    include/net/netfilter/nf_flow_table.h |  2 +-
>>    net/netfilter/nf_flow_table_core.c    | 11 +++++------
>>    net/netfilter/nf_flow_table_offload.c |  4 ++--
>>    3 files changed, 8 insertions(+), 9 deletions(-)
>>
>> diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
>> index 3a46b3c..e27b73f 100644
>> --- a/include/net/netfilter/nf_flow_table.h
>> +++ b/include/net/netfilter/nf_flow_table.h
>> @@ -73,7 +73,7 @@ struct nf_flowtable {
>>    	struct delayed_work		gc_work;
>>    	unsigned int			flags;
>>    	struct flow_block		flow_block;
>> -	struct mutex			flow_block_lock; /* Guards flow_block */
>> +	struct rw_semaphore		flow_block_lock; /* Guards flow_block */
>>    	u32				flow_timeout;
>>    	possible_net_t			net;
>>    };
>> diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
>> index 5144e31..0c409aa 100644
>> --- a/net/netfilter/nf_flow_table_core.c
>> +++ b/net/netfilter/nf_flow_table_core.c
>> @@ -398,7 +398,7 @@ int nf_flow_table_offload_add_cb(struct nf_flowtable *flow_table,
>>    	struct flow_block_cb *block_cb;
>>    	int err = 0;
>>    
>> -	mutex_lock(&flow_table->flow_block_lock);
>> +	down_write(&flow_table->flow_block_lock);
>>    	block_cb = flow_block_cb_lookup(block, cb, cb_priv);
>>    	if (block_cb) {
>>    		err = -EEXIST;
>> @@ -414,7 +414,7 @@ int nf_flow_table_offload_add_cb(struct nf_flowtable *flow_table,
>>    	list_add_tail(&block_cb->list, &block->cb_list);
>>    
>>    unlock:
>> -	mutex_unlock(&flow_table->flow_block_lock);
>> +	up_write(&flow_table->flow_block_lock);
>>    	return err;
>>    }
>>    EXPORT_SYMBOL_GPL(nf_flow_table_offload_add_cb);
>> @@ -425,13 +425,13 @@ void nf_flow_table_offload_del_cb(struct nf_flowtable *flow_table,
>>    	struct flow_block *block = &flow_table->flow_block;
>>    	struct flow_block_cb *block_cb;
>>    
>> -	mutex_lock(&flow_table->flow_block_lock);
>> +	down_write(&flow_table->flow_block_lock);
>>    	block_cb = flow_block_cb_lookup(block, cb, cb_priv);
>>    	if (block_cb)
>>    		list_del(&block_cb->list);
>>    	else
>>    		WARN_ON(true);
>> -	mutex_unlock(&flow_table->flow_block_lock);
>> +	up_write(&flow_table->flow_block_lock);

Please note that there is another patch submitted ("netfilter: flowtable: Free block_cb
when being deleted") touching the same block above but still using mutex_lock. So some
context adjustments will be needed when applying them.

This patch doesn't need to be resubmitted, this is just a note for whoever will be
applying these patches.

Kleber