Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: [ CC Hannes ] > On Mon, Apr 18, 2016 at 04:17:00PM +0200, Florian Westphal wrote: > > Use a private seed and init it using get_random_once. > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > net/netfilter/nf_conntrack_expect.c | 7 +++---- > > net/netfilter/nf_nat_core.c | 6 ++++-- > > 2 files changed, 7 insertions(+), 6 deletions(-) > > > > diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c > > index 278927a..c2f7c4f 100644 > > --- a/net/netfilter/nf_conntrack_expect.c > > +++ b/net/netfilter/nf_conntrack_expect.c > > @@ -38,6 +38,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize); > > unsigned int nf_ct_expect_max __read_mostly; > > > > static struct kmem_cache *nf_ct_expect_cachep __read_mostly; > > +static unsigned int nf_ct_expect_hashrnd __read_mostly; > > > > /* nf_conntrack_expect helper functions */ > > void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp, > > @@ -76,13 +77,11 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple > > { > > unsigned int hash; > > > > - if (unlikely(!nf_conntrack_hash_rnd)) { > > - init_nf_conntrack_hash_rnd(); > > - } > > + get_random_once(&nf_ct_expect_hashrnd, sizeof(nf_ct_expect_hashrnd)); > > Not related to your patch, but to the underlying infrastructure: I can > see get_random_once() implementation uses static_key_true() branch > check. > > Shouldn't this be static_key_false() instead? On architectures with > not jump_labels support, this will translate to unlikely(). Yes, looks like it. Hannes? > If so, I can send a patch for this. I can see this DO_ONCE() API is > also using the deprecated interfaces. I think it just predates the new api. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html