netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention

commit 96b33300fba880ec0eafcf3d82486f3463b4b6da upstream. rbtree GC does not modify the datastructure, instead it collects expired elements and it enqueues a GC transaction. Use a read spinlock instead to avoid data contention while GC worker is running. Fixes: f6c383b8c31a ("netfilter: nf_tables: adapt set backend to use GC transaction API") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-06-13 03:01:47 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-06-16 13:23:41 +0200
commit: b3558703731028be2aee61baf341e53a3734e2a9 (patch)
tree: e5dc04665e99d427be9d19d2dec9178044fe32e0
parent: 9db9feb841f7449772f9393c16b9ef4536d8c127 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 8bda3f25360b..69fb57f6a23f 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -629,8 +629,7 @@ static void nft_rbtree_gc(struct work_struct *work)
 	if (!gc)
 		goto done;
 
-	write_lock_bh(&priv->lock);
-	write_seqcount_begin(&priv->count);
+	read_lock_bh(&priv->lock);
 	for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) {
 
 		/* Ruleset has been updated, try later. */
@@ -679,8 +678,7 @@ dead_elem:
 	}
 
 try_later:
-	write_seqcount_end(&priv->count);
-	write_unlock_bh(&priv->lock);
+	read_unlock_bh(&priv->lock);
 
 	if (gc)
 		nft_trans_gc_queue_async_done(gc);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-06-13 03:01:47 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-06-16 13:23:41 +0200
commit	b3558703731028be2aee61baf341e53a3734e2a9 (patch)
tree	e5dc04665e99d427be9d19d2dec9178044fe32e0
parent	9db9feb841f7449772f9393c16b9ef4536d8c127 (diff)