Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> On 02/16/2016 02:19 PM, Florian Westphal wrote:
> >Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> >>>+ case NFT_META_PRANDOM:
> >>>+ if (!prand_inited) {
> >>>+ prandom_seed_full_state(&nft_prandom_state);
> >>>+ prand_inited = true;
> >>>+ }
> >>
> >>Should this be: prandom_init_once() ?
> >
> >Thought about that but this is slowpath so I considered
> >the use of static key magic a bit overkill....
> >
> >I don't mind, if you think prandom_init_once is prefereable I'll respin.
>
> You'd have the benefit that the prng init would be race free. nft_meta_get_init()
> could be called in parallel from multiple CPUs, right?
We're serialized by nftables' nfnetlink mutex.
I guess I'll just send a V2 and use prandom_init_once after all.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
