Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
[ CC Hannes ]
> On Mon, Apr 18, 2016 at 04:17:00PM +0200, Florian Westphal wrote:
> > Use a private seed and init it using get_random_once.
> >
> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> > ---
> > net/netfilter/nf_conntrack_expect.c | 7 +++----
> > net/netfilter/nf_nat_core.c | 6 ++++--
> > 2 files changed, 7 insertions(+), 6 deletions(-)
> >
> > diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
> > index 278927a..c2f7c4f 100644
> > --- a/net/netfilter/nf_conntrack_expect.c
> > +++ b/net/netfilter/nf_conntrack_expect.c
> > @@ -38,6 +38,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
> > unsigned int nf_ct_expect_max __read_mostly;
> >
> > static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
> > +static unsigned int nf_ct_expect_hashrnd __read_mostly;
> >
> > /* nf_conntrack_expect helper functions */
> > void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
> > @@ -76,13 +77,11 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
> > {
> > unsigned int hash;
> >
> > - if (unlikely(!nf_conntrack_hash_rnd)) {
> > - init_nf_conntrack_hash_rnd();
> > - }
> > + get_random_once(&nf_ct_expect_hashrnd, sizeof(nf_ct_expect_hashrnd));
>
> Not related to your patch, but to the underlying infrastructure: I can
> see get_random_once() implementation uses static_key_true() branch
> check.
>
> Shouldn't this be static_key_false() instead? On architectures with
> not jump_labels support, this will translate to unlikely().
Yes, looks like it. Hannes?
> If so, I can send a patch for this. I can see this DO_ONCE() API is
> also using the deprecated interfaces.
I think it just predates the new api.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
