diff mbox series

[v4,1/2] ipvs: add READ_ONCE barrier for ipvs->sysctl_amemthresh

Message ID 20240506141444.145946-1-aleksandr.mikhalitsyn@canonical.com (mailing list archive)
State Accepted
Commit 643bb5dbaef7d01f9bcf2a495bef855e81fd5714
Delegated to: Netdev Maintainers
Headers show
Series [v4,1/2] ipvs: add READ_ONCE barrier for ipvs->sysctl_amemthresh | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 927 this patch: 927
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 4 maintainers not CCed: pabeni@redhat.com kuba@kernel.org coreteam@netfilter.org edumazet@google.com
netdev/build_clang success Errors and warnings before: 937 this patch: 937
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 938 this patch: 938
netdev/checkpatch warning WARNING: line length of 82 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-05-08--03-00 (tests: 1005)

Commit Message

Aleksandr Mikhalitsyn May 6, 2024, 2:14 p.m. UTC 
Cc: Julian Anastasov <ja@ssi.bg>
Cc: Simon Horman <horms@verge.net.au>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Suggested-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---
 net/netfilter/ipvs/ip_vs_ctl.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Julian Anastasov May 6, 2024, 3:09 p.m. UTC | #1 
Hello,

On Mon, 6 May 2024, Alexander Mikhalitsyn wrote:

> Cc: Julian Anastasov <ja@ssi.bg>
> Cc: Simon Horman <horms@verge.net.au>
> Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
> Cc: Florian Westphal <fw@strlen.de>
> Suggested-by: Julian Anastasov <ja@ssi.bg>
> Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

	Looks good to me for net-next, thanks!

Acked-by: Julian Anastasov <ja@ssi.bg>

> ---
>  net/netfilter/ipvs/ip_vs_ctl.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 50b5dbe40eb8..e122fa367b81 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -94,6 +94,7 @@ static void update_defense_level(struct netns_ipvs *ipvs)
>  {
>  	struct sysinfo i;
>  	int availmem;
> +	int amemthresh;
>  	int nomem;
>  	int to_change = -1;
>  
> @@ -105,7 +106,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
>  	/* si_swapinfo(&i); */
>  	/* availmem = availmem - (i.totalswap - i.freeswap); */
>  
> -	nomem = (availmem < ipvs->sysctl_amemthresh);
> +	amemthresh = max(READ_ONCE(ipvs->sysctl_amemthresh), 0);
> +	nomem = (availmem < amemthresh);
>  
>  	local_bh_disable();
>  
> @@ -145,9 +147,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
>  		break;
>  	case 1:
>  		if (nomem) {
> -			ipvs->drop_rate = ipvs->drop_counter
> -				= ipvs->sysctl_amemthresh /
> -				(ipvs->sysctl_amemthresh-availmem);
> +			ipvs->drop_counter = amemthresh / (amemthresh - availmem);
> +			ipvs->drop_rate = ipvs->drop_counter;
>  			ipvs->sysctl_drop_packet = 2;
>  		} else {
>  			ipvs->drop_rate = 0;
> @@ -155,9 +156,8 @@ static void update_defense_level(struct netns_ipvs *ipvs)
>  		break;
>  	case 2:
>  		if (nomem) {
> -			ipvs->drop_rate = ipvs->drop_counter
> -				= ipvs->sysctl_amemthresh /
> -				(ipvs->sysctl_amemthresh-availmem);
> +			ipvs->drop_counter = amemthresh / (amemthresh - availmem);
> +			ipvs->drop_rate = ipvs->drop_counter;
>  		} else {
>  			ipvs->drop_rate = 0;
>  			ipvs->sysctl_drop_packet = 1;
> -- 
> 2.34.1

Regards

--
Julian Anastasov <ja@ssi.bg>
patchwork-bot+netdevbpf@kernel.org May 8, 2024, 11:30 a.m. UTC | #2 
Hello:

This series was applied to netdev/net-next.git (main)
by David S. Miller <davem@davemloft.net>:

On Mon,  6 May 2024 16:14:43 +0200 you wrote:
> Cc: Julian Anastasov <ja@ssi.bg>
> Cc: Simon Horman <horms@verge.net.au>
> Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
> Cc: Florian Westphal <fw@strlen.de>
> Suggested-by: Julian Anastasov <ja@ssi.bg>
> Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
> 
> [...]

Here is the summary with links:
  - [v4,1/2] ipvs: add READ_ONCE barrier for ipvs->sysctl_amemthresh
    https://git.kernel.org/netdev/net-next/c/643bb5dbaef7
  - [v4,2/2] ipvs: allow some sysctls in non-init user namespaces
    https://git.kernel.org/netdev/net-next/c/2b696a2a101d

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 50b5dbe40eb8..e122fa367b81 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -94,6 +94,7 @@  static void update_defense_level(struct netns_ipvs *ipvs)
 {
 	struct sysinfo i;
 	int availmem;
+	int amemthresh;
 	int nomem;
 	int to_change = -1;
 
@@ -105,7 +106,8 @@  static void update_defense_level(struct netns_ipvs *ipvs)
 	/* si_swapinfo(&i); */
 	/* availmem = availmem - (i.totalswap - i.freeswap); */
 
-	nomem = (availmem < ipvs->sysctl_amemthresh);
+	amemthresh = max(READ_ONCE(ipvs->sysctl_amemthresh), 0);
+	nomem = (availmem < amemthresh);
 
 	local_bh_disable();
 
@@ -145,9 +147,8 @@  static void update_defense_level(struct netns_ipvs *ipvs)
 		break;
 	case 1:
 		if (nomem) {
-			ipvs->drop_rate = ipvs->drop_counter
-				= ipvs->sysctl_amemthresh /
-				(ipvs->sysctl_amemthresh-availmem);
+			ipvs->drop_counter = amemthresh / (amemthresh - availmem);
+			ipvs->drop_rate = ipvs->drop_counter;
 			ipvs->sysctl_drop_packet = 2;
 		} else {
 			ipvs->drop_rate = 0;
@@ -155,9 +156,8 @@  static void update_defense_level(struct netns_ipvs *ipvs)
 		break;
 	case 2:
 		if (nomem) {
-			ipvs->drop_rate = ipvs->drop_counter
-				= ipvs->sysctl_amemthresh /
-				(ipvs->sysctl_amemthresh-availmem);
+			ipvs->drop_counter = amemthresh / (amemthresh - availmem);
+			ipvs->drop_rate = ipvs->drop_counter;
 		} else {
 			ipvs->drop_rate = 0;
 			ipvs->sysctl_drop_packet = 1;