diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch deleted file mode 100644 index 35800c4acf..0000000000 --- a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 4e645b47c4f000a503b9c90163ad905786b9bc1d Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Fri, 1 Dec 2017 00:21:02 +0100 -Subject: [PATCH 02/11] netfilter: core: make nf_unregister_net_hooks simple - wrapper again - -This reverts commit d3ad2c17b4047 -("netfilter: core: batch nf_unregister_net_hooks synchronize_net calls"). - -Nothing wrong with it. However, followup patch will delay freeing of hooks -with call_rcu, so all synchronize_net() calls become obsolete and there -is no need anymore for this batching. - -This revert causes a temporary performance degradation when destroying -network namespace, but its resolved with the upcoming call_rcu conversion. - -Signed-off-by: Florian Westphal <fw@strlen.de> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - net/netfilter/core.c | 59 +++------------------------------------------------- - 1 file changed, 3 insertions(+), 56 deletions(-) - ---- a/net/netfilter/core.c -+++ b/net/netfilter/core.c -@@ -395,63 +395,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); - void nf_unregister_net_hooks(struct net *net, const struct nf_hook_ops *reg, - unsigned int hookcount) - { -- struct nf_hook_entries *to_free[16], *p; -- struct nf_hook_entries __rcu **pp; -- unsigned int i, j, n; -+ unsigned int i; - -- mutex_lock(&nf_hook_mutex); -- for (i = 0; i < hookcount; i++) { -- pp = nf_hook_entry_head(net, ®[i]); -- if (!pp) -- continue; -- -- p = nf_entry_dereference(*pp); -- if (WARN_ON_ONCE(!p)) -- continue; -- __nf_unregister_net_hook(p, ®[i]); -- } -- mutex_unlock(&nf_hook_mutex); -- -- do { -- n = min_t(unsigned int, hookcount, ARRAY_SIZE(to_free)); -- -- mutex_lock(&nf_hook_mutex); -- -- for (i = 0, j = 0; i < hookcount && j < n; i++) { -- pp = nf_hook_entry_head(net, ®[i]); -- if (!pp) -- continue; -- -- p = nf_entry_dereference(*pp); -- if (!p) -- continue; -- -- to_free[j] = __nf_hook_entries_try_shrink(pp); -- if (to_free[j]) -- ++j; -- } -- -- mutex_unlock(&nf_hook_mutex); -- -- if (j) { -- unsigned int nfq; -- -- synchronize_net(); -- -- /* need 2nd synchronize_net() if nfqueue is used, skb -- * can get reinjected right before nf_queue_hook_drop() -- */ -- nfq = nf_queue_nf_hook_drop(net); -- if (nfq) -- synchronize_net(); -- -- for (i = 0; i < j; i++) -- kvfree(to_free[i]); -- } -- -- reg += n; -- hookcount -= n; -- } while (hookcount > 0); -+ for (i = 0; i < hookcount; i++) -+ nf_unregister_net_hook(net, ®[i]); - } - EXPORT_SYMBOL(nf_unregister_net_hooks); - |