From: Florian Westphal <f...@strlen.de> nf_ct_put() results in a usesless indirection:
nf_ct_put -> nf_conntrack_put -> nf_conntrack_destroy -> rcu readlock + indirect call of ct_hooks->destroy(). There are two _put helpers: nf_ct_put and nf_conntrack_put. The latter is what should be used in code that MUST NOT cause a linker dependency on the conntrack module (e.g. calls from core network stack). Everyone else should call nf_ct_put() instead. A followup patch will convert a few nf_conntrack_put() calls to nf_ct_put(), in particular from modules that already have a conntrack dependency such as act_ct or even nf_conntrack itself. Signed-off-by: Florian Westphal <f...@strlen.de> Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org> Backport 6ae7989c9af0 ("netfilter: conntrack: avoid useless indirection during") which is not going to stable tree from mainline to fix the following warning, with some necessary context tweaks. root@intel-x86-64:~# ovs-vsctl add-br br0 device ovs-system entered promiscuous mode ------------[ cut here ]------------ WARNING: CPU: 2 PID: 711 at include/net/netfilter/nf_conntrack.h:175 __ovs_ct_lookup+0x819/0x920 [openvswitch] CPU: 2 PID: 711 Comm: ovs-vswitchd Not tainted 5.15.33-rt34-yocto-preempt-rt #1 Hardware name: Intel(R) Client Systems NUC7i5DNKE/NUC7i5DNB, BIOS DNKBLi5v.86A.0064.2019.0523.1933 05/23/2019 RIP: 0010:__ovs_ct_lookup+0x819/0x920 [openvswitch] Code: b8 fe ff ff ff e9 69 f9 ff ff 41 0f b7 84 24 b0 00 00 00 49 8b 94 24 c0 00 00 00 0f b6 1c 02 83 e3 0f c1 e3 02 e9 c5 fc ff ff <0f> 0b e9 86 f8 ff ff 4c 89 f7 44 89 95 40 ff ff ff e8 61 30 fc ff RSP: 0018:ffff914c80a77638 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff903b139fa528 RCX: 0000000000000000 RDX: 0000000000000002 RSI: ffff914c80a77660 RDI: 0000000000000000 RBP: ffff914c80a77710 R08: ffff903b04819128 R09: ffffffffaa605c40 R10: ffff914c80a779c0 R11: 0000000000000000 R12: ffff903b05dd7000 R13: 0000000000000001 R14: ffff903b0a603c00 R15: ffff903b04819120 FS: 00007f9256c9ba80(0000) GS:ffff903c65d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe2fad9008 CR3: 000000010a5e0002 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? nf_ct_get_tuple+0x144/0x1f0 [nf_conntrack] ? nf_ct_get_tuplepr+0x5f/0x90 [nf_conntrack] ovs_ct_execute+0x3e1/0x5e0 [openvswitch] do_execute_actions+0xed/0x1ab0 [openvswitch] ? ovs_ct_copy_action+0x17b/0x8a0 [openvswitch] ? __ovs_nla_copy_actions+0x884/0xf30 [openvswitch] ? migrate_enable+0xd3/0x150 ovs_execute_actions+0x62/0x140 [openvswitch] ? ovs_execute_actions+0x62/0x140 [openvswitch] ovs_packet_cmd_execute+0x294/0x310 [openvswitch] genl_family_rcv_msg_doit+0xe6/0x140 genl_rcv_msg+0xde/0x1d0 ? ovs_vport_cmd_del+0x200/0x200 [openvswitch] ? genl_get_cmd+0xd0/0xd0 netlink_rcv_skb+0x55/0x100 genl_rcv+0x29/0x40 netlink_unicast+0x234/0x340 netlink_sendmsg+0x226/0x470 ? netlink_unicast+0x340/0x340 ____sys_sendmsg+0x273/0x2b0 ? sendmsg_copy_msghdr+0x7b/0xa0 ___sys_sendmsg+0x81/0xc0 ? do_futex+0x1c4/0xb70 ? rt_spin_unlock+0x18/0x40 ? __fget_light+0xa3/0x120 __sys_sendmsg+0x62/0xb0 ? fpregs_assert_state_consistent+0x27/0x50 __x64_sys_sendmsg+0x1d/0x20 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9256dab82d Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 1a 97 f7 ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 5e 97 f7 ff 48 RSP: 002b:00007ffe2fae90a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9256dab82d RDX: 0000000000000000 RSI: 00007ffe2fae9130 RDI: 0000000000000011 RBP: 00007ffe2fae9f30 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000006 R11: 0000000000000293 R12: 000055fab0216e90 R13: 0000000000000000 R14: 000055fab0216e90 R15: 00007ffe2fae9130 </TASK> ---[ end trace 0000000000000002 ]--- Signed-off-by: He Zhe <zhe...@windriver.com> --- include/linux/netfilter/nf_conntrack_common.h | 2 ++ include/net/netfilter/nf_conntrack.h | 8 ++++++-- net/netfilter/nf_conntrack_core.c | 12 ++++++------ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 700ea077ce2d..a0a587ffa021 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -29,6 +29,8 @@ struct nf_conntrack { }; void nf_conntrack_destroy(struct nf_conntrack *nfct); + +/* like nf_ct_put, but without module dependency on nf_conntrack */ static inline void nf_conntrack_put(struct nf_conntrack *nfct) { if (nfct && atomic_dec_and_test(&nfct->use)) diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index d24b0a34c8f0..8fc256af3df2 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -76,6 +76,8 @@ struct nf_conn { * Hint, SKB address this struct and refcnt via skb->_nfct and * helpers nf_conntrack_get() and nf_conntrack_put(). * Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt, + * except that the latter uses internal indirection and does not + * result in a conntrack module dependency. * beware nf_ct_get() is different and don't inc refcnt. */ struct nf_conntrack ct_general; @@ -169,11 +171,13 @@ nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo) return (struct nf_conn *)(nfct & NFCT_PTRMASK); } +void nf_ct_destroy(struct nf_conntrack *nfct); + /* decrement reference count on a conntrack */ static inline void nf_ct_put(struct nf_conn *ct) { - WARN_ON(!ct); - nf_conntrack_put(&ct->ct_general); + if (ct && atomic_dec_and_test(&ct->ct_general.use)) + nf_ct_destroy(&ct->ct_general); } /* Protocol module loading */ diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 917e708a4561..b3c61705bdea 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -558,7 +558,7 @@ static void nf_ct_del_from_dying_or_unconfirmed_list(struct nf_conn *ct) #define NFCT_ALIGN(len) (((len) + NFCT_INFOMASK) & ~NFCT_INFOMASK) -/* Released via destroy_conntrack() */ +/* Released via nf_ct_destroy() */ struct nf_conn *nf_ct_tmpl_alloc(struct net *net, const struct nf_conntrack_zone *zone, gfp_t flags) @@ -612,12 +612,11 @@ static void destroy_gre_conntrack(struct nf_conn *ct) #endif } -static void -destroy_conntrack(struct nf_conntrack *nfct) +void nf_ct_destroy(struct nf_conntrack *nfct) { struct nf_conn *ct = (struct nf_conn *)nfct; - pr_debug("destroy_conntrack(%p)\n", ct); + pr_debug("%s(%p)\n", __func__, ct); WARN_ON(atomic_read(&nfct->use) != 0); if (unlikely(nf_ct_is_template(ct))) { @@ -643,9 +642,10 @@ destroy_conntrack(struct nf_conntrack *nfct) if (ct->master) nf_ct_put(ct->master); - pr_debug("destroy_conntrack: returning ct=%p to slab\n", ct); + pr_debug("%s: returning ct=%p to slab\n", __func__, ct); nf_conntrack_free(ct); } +EXPORT_SYMBOL(nf_ct_destroy); static void nf_ct_delete_from_lists(struct nf_conn *ct) { @@ -2774,7 +2774,7 @@ int nf_conntrack_init_start(void) static struct nf_ct_hook nf_conntrack_hook = { .update = nf_conntrack_update, - .destroy = destroy_conntrack, + .destroy = nf_ct_destroy, .get_tuple_skb = nf_conntrack_get_tuple_skb, }; -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11203): https://lists.yoctoproject.org/g/linux-yocto/message/11203 Mute This Topic: https://lists.yoctoproject.org/mt/90535883/21656 Group Owner: linux-yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-