git: 133935d26f20 - main - pf: atomically increment state ids
Date: Sat, 08 Oct 2022 16:41:29 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=133935d26f20c0b9c433da9a2b32bcbe562bc2c5
commit 133935d26f20c0b9c433da9a2b32bcbe562bc2c5
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-10-07 17:17:06 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-10-08 16:27:29 +0000
pf: atomically increment state ids
Rather than using a per-cpu state counter, and adding in the CPU id we
can atomically increment the number.
This has the advantage of removing the assumption that the CPU ID fits
in 8 bits.
Event: Aberdeen Hackathon 2022
Reviewed by: mjg
Differential Revision: https://reviews.freebsd.org/D36915
---
sys/net/pfvar.h | 2 +-
sys/netpfil/pf/pf.c | 12 ++----------
sys/netpfil/pf/pf_ioctl.c | 6 +-----
3 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 16ee0b55e2e8..3773a797776d 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1987,7 +1987,7 @@ VNET_DECLARE(void *, pf_swi_cookie);
VNET_DECLARE(struct intr_event *, pf_swi_ie);
#define V_pf_swi_ie VNET(pf_swi_ie)
-VNET_DECLARE(uint64_t, pf_stateid[MAXCPU]);
+VNET_DECLARE(struct unrhdr64, pf_stateid);
#define V_pf_stateid VNET(pf_stateid)
TAILQ_HEAD(pf_altqqueue, pf_altq);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 33ef5119ee3c..2a6efbfe6e7d 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -249,12 +249,7 @@ uma_zone_t pf_mtag_z;
VNET_DEFINE(uma_zone_t, pf_state_z);
VNET_DEFINE(uma_zone_t, pf_state_key_z);
-VNET_DEFINE(uint64_t, pf_stateid[MAXCPU]);
-#define PFID_CPUBITS 8
-#define PFID_CPUSHIFT (sizeof(uint64_t) * NBBY - PFID_CPUBITS)
-#define PFID_CPUMASK ((uint64_t)((1 << PFID_CPUBITS) - 1) << PFID_CPUSHIFT)
-#define PFID_MAXID (~PFID_CPUMASK)
-CTASSERT((1 << PFID_CPUBITS) >= MAXCPU);
+VNET_DEFINE(struct unrhdr64, pf_stateid);
static void pf_src_tree_remove_state(struct pf_kstate *);
static void pf_init_threshold(struct pf_threshold *, u_int32_t,
@@ -1416,10 +1411,7 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
s->orig_kif = orig_kif;
if (s->id == 0 && s->creatorid == 0) {
- /* XXX: should be atomic, but probability of collision low */
- if ((s->id = V_pf_stateid[curcpu]++) == PFID_MAXID)
- V_pf_stateid[curcpu] = 1;
- s->id |= (uint64_t )curcpu << PFID_CPUSHIFT;
+ s->id = alloc_unr64(&V_pf_stateid);
s->id = htobe64(s->id);
s->creatorid = V_pf_status.hostid;
}
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 67422cc43997..e7a5bb084ee5 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2595,16 +2595,12 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
if (V_pf_status.running)
error = EEXIST;
else {
- int cpu;
-
hook_pf();
if (! TAILQ_EMPTY(V_pf_keth->active.rules))
hook_pf_eth();
V_pf_status.running = 1;
V_pf_status.since = time_second;
-
- CPU_FOREACH(cpu)
- V_pf_stateid[cpu] = time_second;
+ new_unrhdr64(&V_pf_stateid, time_second);
DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n"));
}