netfilter: nf_tables: free base chain counters from worker

No need to use synchronize_rcu() here, just swap the two pointers and have the release occur from work queue after commit has completed. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_tables: free base chain counters from worker
No need to use synchronize_rcu() here, just swap the two pointers and have the release occur from work queue after commit has completed. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
53315ac6 · Florian Westphal · Pablo Neira Ayuso · 5e2ad02e · 53315ac6
Commit 53315ac6 authored May 22, 2019 by Florian Westphal Committed by Pablo Neira Ayuso May 31, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 16 deletions

net/netfilter/nf_tables_api.c net/netfilter/nf_tables_api.c +10 -16

No files found.
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1449,25 +1449,18 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
 	return newstats;
 }
-static void nft_chain_stats_replace(struct net *net,
+static void nft_chain_stats_replace(struct nft_trans *trans)
-				    struct nft_base_chain *chain,
-				    struct nft_stats __percpu *newstats)
 {
-	struct nft_stats __percpu *oldstats;
+	struct nft_base_chain *chain = nft_base_chain(trans->ctx.chain);
-	if (newstats == NULL)
+	if (!nft_trans_chain_stats(trans))
 		return;
-	if (rcu_access_pointer(chain->stats)) {
+	rcu_swap_protected(chain->stats, nft_trans_chain_stats(trans),
-		oldstats = rcu_dereference_protected(chain->stats,
+			   lockdep_commit_lock_is_held(trans->ctx.net));
-					lockdep_commit_lock_is_held(net));
-		rcu_assign_pointer(chain->stats, newstats);
+	if (!nft_trans_chain_stats(trans))
-		synchronize_rcu();
-		free_percpu(oldstats);
-	} else {
-		rcu_assign_pointer(chain->stats, newstats);
 		static_branch_inc(&nft_counters_enabled);
-	}
 }
 static void nf_tables_chain_free_chain_rules(struct nft_chain *chain)
@@ -6360,9 +6353,9 @@ static void nft_chain_commit_update(struct nft_trans *trans)
 	if (!nft_is_base_chain(trans->ctx.chain))
 		return;
+	nft_chain_stats_replace(trans);
 	basechain = nft_base_chain(trans->ctx.chain);
-	nft_chain_stats_replace(trans->ctx.net, basechain,
-				nft_trans_chain_stats(trans));
 	switch (nft_trans_chain_policy(trans)) {
 	case NF_DROP:
@@ -6379,6 +6372,7 @@ static void nft_commit_release(struct nft_trans *trans)
 		nf_tables_table_destroy(&trans->ctx);
 		break;
 	case NFT_MSG_NEWCHAIN:
+		free_percpu(nft_trans_chain_stats(trans));
 		kfree(nft_trans_chain_name(trans));
 		break;
 	case NFT_MSG_DELCHAIN: