Hi Pablo,
Please consider to apply the next patch to your nf tree. It should be applied
to all stable branches to which the patch "netfilter: ipset: fix race condition
between swap/destroy and kernel side add/del/test", commit 28628fa9 was added.
* The synchronize_rcu() call added to the swap function to prevent the race
condition makes it too slow. The race can be prevented by using call_rcu()
in the destroy function instead. However those function calls cannot wait,
so cancelling garbage collectors are separated to individual function calls
to execute them first, outside of the call_rcu() functions.
Best regards,
Jozsef
The following changes since commit ac631873c9e7a50d2a8de457cfc4b9f86666403e:
net: ethernet: cortina: Drop TSO support (2024-01-07 16:05:00 +0000)
are available in the Git repository at:
git://blackhole.kfki.hu/nf fdb8e12cc2ccb5e06a
for you to fetch changes up to fdb8e12cc2ccb5e06af6bcd68ba578b60807bcf6:
netfilter: ipset: fix performance regression in swap operation (2024-01-29 10:47:14 +0100)
----------------------------------------------------------------
Jozsef Kadlecsik (1):
netfilter: ipset: fix performance regression in swap operation
include/linux/netfilter/ipset/ip_set.h | 4 ++++
net/netfilter/ipset/ip_set_bitmap_gen.h | 14 ++++++++++---
net/netfilter/ipset/ip_set_core.c | 37 +++++++++++++++++++++++++--------
net/netfilter/ipset/ip_set_hash_gen.h | 15 ++++++++++---
net/netfilter/ipset/ip_set_list_set.c | 13 +++++++++---
5 files changed, 65 insertions(+), 18 deletions(-)
