Re: [PATCH 41/47] netfilter: convert hook list to an array

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 09/10/2017 12:31 PM, Florian Westphal wrote:
Tariq Toukan <tariqt@xxxxxxxxxxxx> wrote:
On 04/09/2017 1:42 AM, Pablo Neira Ayuso wrote:
From: Aaron Conole <aconole@xxxxxxxxxx>

This converts the storage and layout of netfilter hook entries from a
linked list to an array.  After this commit, hook entries will be
stored adjacent in memory.  The next pointer is no longer required.

The ops pointers are stored at the end of the array as they are only
used in the register/unregister path and in the legacy br_netfilter code.

nf_unregister_net_hooks() is slower than needed as it just calls
nf_unregister_net_hook in a loop (i.e. at least n synchronize_net()
calls), this will be addressed in followup patch.

Test setup:
  - ixgbe 10gbit
  - netperf UDP_STREAM, 64 byte packets
  - 5 hooks: (raw + mangle prerouting, mangle+filter input, inet filter):
empty mangle and raw prerouting, mangle and filter input hooks:
353.9
this patch:
364.2

Signed-off-by: Aaron Conole <aconole@xxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---

Hi,

We experience a regression in server with iommu enabled.
After installing kernel and rebooting the server, it crashes during boot.
Please see trace below.

Bisecting points to this patch.

Hmm, strange because

[   25.907811] BUG: unable to handle kernel NULL pointer dereference at
000000000000003c
[   25.907828] IP: _raw_read_lock_bh+0x15/0x40

... this says that ebt_table is NULL (0x3c is the offset of the rwlock).

If you don't have that fix already, does

No, didn't have it.

https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=e6b72ee88a56bcfe63f72e9c30766484c45bec72

netfilter: ebtables: fix race condition in frame_filter_net_init()

resolve this bug for you?


Now I applied the fix and bug is resolved.

Many thanks!
Tariq
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux