Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2111666imu; Thu, 10 Jan 2019 08:27:51 -0800 (PST) X-Google-Smtp-Source: ALg8bN4GM1gNdrOMSTZNtufEP1m6DHatISioswJcAiICeXmLPRhoM31GNm68Xqu5BJP1QsygRfNA X-Received: by 2002:a17:902:20c8:: with SMTP id v8mr11063010plg.319.1547137671639; Thu, 10 Jan 2019 08:27:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547137671; cv=none; d=google.com; s=arc-20160816; b=XghJpnxV0OATqUKKFYsqwem45DTng7CigX7g6hjsVBfz1ChgC00zrn4/qpUVDzCTkA TtB9w9cAVnWyLuy/a3X+cCTbKGtk/nd5T9XbZH1D6CwC58z5lzUKJMJvVZhlSfc8jSPl 2quC7WNCh+NJF4hhjbttugC7eFlX0UdOxiXbCKpYI0ge5IgWrwfG2DIs/Xu9sFxcBlQW kUP7GTY3DDwqOq6+xnsfBG78PTng0n8DKdYnRQ9a4L/hknHMNlUEjbmyCjFkY8Oscth3 7VzyK0cJVyr4lfys77jVtwOOmjdOHwVsr/2fiIxp2xrBDZem0Pkrzoq4tz4kemtIfU76 jsrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Mx3EmJcwPxnVbZhYNRmFUkIvmllHi7IWRRufQAXih48=; b=CubsIur0xoAARLNV//10IFzZkMrgqQ1q1HtKOMS7wfyMMzRaNQRpSWkt7jsNTc3NGj 7t+r6iHytWOOB9rJL4pMAVGDNKTKEJCm8UAIhpSlHPj5UUBcVKNHraXIoCEglpjIpRPH c4rUfsASvFuTC0J0EKGfw27vHGMtpocRC/Nou74XiHqDQqGOTFW9kmRA7hGpxzaAUiPK pftlvkI5zl+zKh3xBtGGmCxqcP/PeOjHaCy1ZeZJPoBmj8RobpRYqEBD6D5xNuxCbZeJ dm1QCoN5tBgr+pkn+rGeFcmwXKpxB8whd+VN6MxiG8YjPYzbsYeyBHFCfi5SCfWtBzPB 4LwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u9si19079175plk.61.2019.01.10.08.27.36; Thu, 10 Jan 2019 08:27:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729265AbfAJOsT (ORCPT + 99 others); Thu, 10 Jan 2019 09:48:19 -0500 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:53116 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728125AbfAJOsT (ORCPT ); Thu, 10 Jan 2019 09:48:19 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.89) (envelope-from ) id 1ghbcy-0006Lj-1R; Thu, 10 Jan 2019 15:48:12 +0100 Date: Thu, 10 Jan 2019 15:48:12 +0100 From: Florian Westphal To: Peter Zijlstra Cc: Florian Westphal , Anatol Pomozov , Dmitry Vyukov , paulmck@linux.ibm.com, LKML Subject: Re: seqcount usage in xt_replace_table() Message-ID: <20190110144812.mkbokbj2iyryj6lv@breakpoint.cc> References: <20190108223746.shuwx3ro7cgwz7hh@breakpoint.cc> <20190110124123.GA21224@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190110124123.GA21224@hirez.programming.kicks-ass.net> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Peter Zijlstra wrote: > /* > * Ensure contents of newinfo are visible before assigning to > * private. > */ > smp_wmb(); > table->private = newinfo; > > we have: > > smp_store_release(&table->private, newinfo); > > But what store does that second smp_wmb() order against? The comment: > > /* make sure all cpus see new ->private value */ > smp_wmb(); > > makes no sense what so ever, no smp_*() barrier can provide such > guarantees. IIRC I added this at the request of a reviewer of an earlier iteration of that patch. IIRC the concern was that compiler/hw could re-order smb_wmb(); table->private = newinfo; /* wait until all cpus are done with old table */ into: smb_wmb(); /* wait until all cpus are done with old table */ ... table->private = newinfo; and that (obviously) makes the wait-loop useless. > > Only alternative I see that might work is synchronize_rcu (the > > _do_table functions are called with rcu read lock held). > > > > I guess current scheme is cheaper though. > > Is performance a concern in this path? There is no comment justifying > this 'creative' stuff. We have to wait until all cpus are done with current iptables ruleset. Before this 'creative' change, this relied on get_counters synchronization. And that caused wait times of 30 seconds or more on busy systems. I have no objections swapping this with a synchronize_rcu() if that makes it easier. (synchronize_rcu might be confusing though, as we don't use rcu for table->private), and one 'has to know' that all the netfilter hooks, including the iptables eval loop, run with rcu_read_lock held).