[openwrt/openwrt.git] /

From: Oz Shlomo <ozsh@nvidia.com>
Date: Tue, 23 Mar 2021 00:56:19 +0100
Subject: [PATCH] netfilter: flowtable: separate replace, destroy and
 stats to different workqueues

Currently the flow table offload replace, destroy and stats work items are
executed on a single workqueue. As such, DESTROY and STATS commands may
be backloged after a burst of REPLACE work items. This scenario can bloat
up memory and may cause active connections to age.

Instatiate add, del and stats workqueues to avoid backlogs of non-dependent
actions. Provide sysfs control over the workqueue attributes, allowing
userspace applications to control the workqueue cpumask.

Signed-off-by: Oz Shlomo <ozsh@nvidia.com>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -13,7 +13,9 @@
 #include <net/netfilter/nf_conntrack_core.h>
 #include <net/netfilter/nf_conntrack_tuple.h>
 
-static struct workqueue_struct *nf_flow_offload_wq;
+static struct workqueue_struct *nf_flow_offload_add_wq;
+static struct workqueue_struct *nf_flow_offload_del_wq;
+static struct workqueue_struct *nf_flow_offload_stats_wq;
 
 struct flow_offload_work {
        struct list_head        list;
@@ -826,7 +828,12 @@ static void flow_offload_work_handler(st
 
 static void flow_offload_queue_work(struct flow_offload_work *offload)
 {
-       queue_work(nf_flow_offload_wq, &offload->work);
+       if (offload->cmd == FLOW_CLS_REPLACE)
+               queue_work(nf_flow_offload_add_wq, &offload->work);
+       else if (offload->cmd == FLOW_CLS_DESTROY)
+               queue_work(nf_flow_offload_del_wq, &offload->work);
+       else
+               queue_work(nf_flow_offload_stats_wq, &offload->work);
 }
 
 static struct flow_offload_work *
@@ -898,8 +905,11 @@ void nf_flow_offload_stats(struct nf_flo
 
 void nf_flow_table_offload_flush(struct nf_flowtable *flowtable)
 {
-       if (nf_flowtable_hw_offload(flowtable))
-               flush_workqueue(nf_flow_offload_wq);
+       if (nf_flowtable_hw_offload(flowtable)) {
+               flush_workqueue(nf_flow_offload_add_wq);
+               flush_workqueue(nf_flow_offload_del_wq);
+               flush_workqueue(nf_flow_offload_stats_wq);
+       }
 }
 
 static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
@@ -1011,15 +1021,33 @@ EXPORT_SYMBOL_GPL(nf_flow_table_offload_
 
 int nf_flow_table_offload_init(void)
 {
-       nf_flow_offload_wq  = alloc_workqueue("nf_flow_table_offload",
-                                             WQ_UNBOUND, 0);
-       if (!nf_flow_offload_wq)
+       nf_flow_offload_add_wq  = alloc_workqueue("nf_ft_offload_add",
+                                                 WQ_UNBOUND | WQ_SYSFS, 0);
+       if (!nf_flow_offload_add_wq)
                return -ENOMEM;
 
+       nf_flow_offload_del_wq  = alloc_workqueue("nf_ft_offload_del",
+                                                 WQ_UNBOUND | WQ_SYSFS, 0);
+       if (!nf_flow_offload_del_wq)
+               goto err_del_wq;
+
+       nf_flow_offload_stats_wq  = alloc_workqueue("nf_ft_offload_stats",
+                                                   WQ_UNBOUND | WQ_SYSFS, 0);
+       if (!nf_flow_offload_stats_wq)
+               goto err_stats_wq;
+
        return 0;
+
+err_stats_wq:
+       destroy_workqueue(nf_flow_offload_del_wq);
+err_del_wq:
+       destroy_workqueue(nf_flow_offload_add_wq);
+       return -ENOMEM;
 }
 
 void nf_flow_table_offload_exit(void)
 {
-       destroy_workqueue(nf_flow_offload_wq);
+       destroy_workqueue(nf_flow_offload_add_wq);
+       destroy_workqueue(nf_flow_offload_del_wq);
+       destroy_workqueue(nf_flow_offload_stats_wq);
 }