Hi Florian,
On Mon, Apr 18, 2016 at 04:17:00PM +0200, Florian Westphal wrote:
> Use a private seed and init it using get_random_once.
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> net/netfilter/nf_conntrack_expect.c | 7 +++----
> net/netfilter/nf_nat_core.c | 6 ++++--
> 2 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
> index 278927a..c2f7c4f 100644
> --- a/net/netfilter/nf_conntrack_expect.c
> +++ b/net/netfilter/nf_conntrack_expect.c
> @@ -38,6 +38,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
> unsigned int nf_ct_expect_max __read_mostly;
>
> static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
> +static unsigned int nf_ct_expect_hashrnd __read_mostly;
>
> /* nf_conntrack_expect helper functions */
> void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
> @@ -76,13 +77,11 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
> {
> unsigned int hash;
>
> - if (unlikely(!nf_conntrack_hash_rnd)) {
> - init_nf_conntrack_hash_rnd();
> - }
> + get_random_once(&nf_ct_expect_hashrnd, sizeof(nf_ct_expect_hashrnd));
Not related to your patch, but to the underlying infrastructure: I can
see get_random_once() implementation uses static_key_true() branch
check.
Shouldn't this be static_key_false() instead? On architectures with
not jump_labels support, this will translate to unlikely().
If so, I can send a patch for this. I can see this DO_ONCE() API is
also using the deprecated interfaces.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
