git.baikalelectronics.ru Git - kernel.git/commit

author	Sasha Levin <sasha.levin@oracle.com>
	Tue, 19 Jan 2016 00:23:51 +0000 (19:23 -0500)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 20 Jan 2016 13:15:31 +0000 (14:15 +0100)
commit	f17f1c7101518c7b48215d2c12531af779ac92fd
tree	4f8e1b54e5f4ec83b20c5a01eaee489a21394c3d	tree \| snapshot
parent	31d8a2e7855b2d20d66abb4bf3d95e03bca49d14	commit \| diff

netfilter: nf_conntrack: use safer way to lock all buckets

When we need to lock all buckets in the connection hashtable we'd attempt to
lock 1024 spinlocks, which is way more preemption levels than supported by
the kernel. Furthermore, this behavior was hidden by checking if lockdep is
enabled, and if it was - use only 8 buckets(!).

Fix this by using a global lock and synchronize all buckets on it when we
need to lock them all. This is pretty heavyweight, but is only done when we
need to resize the hashtable, and that doesn't happen often enough (or at all).

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_core.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_helper.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/nfnetlink_cttimeout.c		diff \| blob \| history