On Thu, Jan 10, 2019 at 01:41:23PM +0100, Peter Zijlstra wrote:
> On Tue, Jan 08, 2019 at 11:37:46PM +0100, Florian Westphal wrote:
> > Anatol Pomozov <anatol.pomo...@gmail.com> wrote:
> > > Or maybe xt_replace_table() can be enhanced? When I hear that
> > > something waits until an event happens on all CPUs I think about
> > > wait_event() function. Would it be better for xt_replace_table() to
> > > introduce an atomic counter that is decremented by CPUs, and the main
> > > CPU waits until the counter gets zero?
> >
> > That would mean placing an additional atomic op into the
> > iptables evaluation path (ipt_do_table and friends).
> >
>
> For:
>
> /*
> * Ensure contents of newinfo are visible before assigning to
> * private.
> */
> smp_wmb();
> table->private = newinfo;
>
> we have:
>
> smp_store_release(&table->private, newinfo);
>
> But what store does that second smp_wmb() order against? The comment:
>
> /* make sure all cpus see new ->private value */
> smp_wmb();
>
> makes no sense what so ever, no smp_*() barrier can provide such
> guarantees.
Agreed, this would require something like synchronize_rcu() or some
sort of IPI-based sys_membarrier() lookalike.
Thanx, Paul
> > Only alternative I see that might work is synchronize_rcu (the
> > _do_table functions are called with rcu read lock held).
> >
> > I guess current scheme is cheaper though.
>
> Is performance a concern in this path? There is no comment justifying
> this 'creative' stuff.
>
