Re: [PATCH] netfilter: nf_conntrack: use safer way to lock all buckets

[Pablo Neira Ayuso]

On Sun, Jan 10, 2016 at 02:06:37AM +0100, Florian Westphal wrote:
> Sasha Levin <sasha.levin@xxxxxxxxxx> wrote:
> > Fix this by using a global lock and synchronize all buckets on it when we
> > need to lock them all. This is pretty heavyweight, but is only done when we
> > need to resize the hashtable, and that doesn't happen often enough (or at all).
> 
> > diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> > index 3cb3cb8..3c008ce 100644
> > --- a/net/netfilter/nf_conntrack_core.c
> > +++ b/net/netfilter/nf_conntrack_core.c
> > @@ -66,6 +66,32 @@ EXPORT_SYMBOL_GPL(nf_conntrack_locks);
> >  __cacheline_aligned_in_smp DEFINE_SPINLOCK(nf_conntrack_expect_lock);
> >  EXPORT_SYMBOL_GPL(nf_conntrack_expect_lock);
> >  
> > +spinlock_t nf_conntrack_locks_all_lock;
> > +bool nf_conntrack_locks_all;
> 
> Seems both of these can be static and __read_mostly too --
> as you already note resizing virtually never happens.
>
> Otherwise:
> Reviewed-by: Florian Westphal <fw@xxxxxxxxx>

Sasha, would you resubmit addressing Florian's feedback?

Thanks.