From owner-svn-src-head@freebsd.org  Sun Sep 16 00:44:24 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2922A108ED05;
 Sun, 16 Sep 2018 00:44:24 +0000 (UTC) (envelope-from jmg@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C39737724D;
 Sun, 16 Sep 2018 00:44:23 +0000 (UTC) (envelope-from jmg@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B22D61AE4A;
 Sun, 16 Sep 2018 00:44:23 +0000 (UTC) (envelope-from jmg@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w8G0iN7J051482;
 Sun, 16 Sep 2018 00:44:23 GMT (envelope-from jmg@FreeBSD.org)
Received: (from jmg@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w8G0iNBn051481;
 Sun, 16 Sep 2018 00:44:23 GMT (envelope-from jmg@FreeBSD.org)
Message-Id: <201809160044.w8G0iNBn051481@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jmg set sender to jmg@FreeBSD.org
 using -f
From: John-Mark Gurney <jmg@FreeBSD.org>
Date: Sun, 16 Sep 2018 00:44:23 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r338698 - head/sys/netpfil/pf
X-SVN-Group: head
X-SVN-Commit-Author: jmg
X-SVN-Commit-Paths: head/sys/netpfil/pf
X-SVN-Commit-Revision: 338698
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2018 00:44:24 -0000

Author: jmg
Date: Sun Sep 16 00:44:23 2018
New Revision: 338698
URL: https://svnweb.freebsd.org/changeset/base/338698

Log:
  Significantly improve pf purge cpu usage by only taking locks
  when there is work to do.  This reduces CPU consumption to one
  third on systems.  This will help keep the thread CPU usage under
  control now that the default hash size has increased.
  
  Reviewed by:	kp
  Approved by:	re (kib)
  Differential Revision:	https://reviews.freebsd.org/D17097

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Sat Sep 15 21:22:50 2018	(r338697)
+++ head/sys/netpfil/pf/pf.c	Sun Sep 16 00:44:23 2018	(r338698)
@@ -1719,24 +1719,28 @@ pf_purge_expired_states(u_int i, int maxcheck)
 	while (maxcheck > 0) {
 
 		ih = &V_pf_idhash[i];
+
+		/* only take the lock if we expect to do work */
+		if (!LIST_EMPTY(&ih->states)) {
 relock:
-		PF_HASHROW_LOCK(ih);
-		LIST_FOREACH(s, &ih->states, entry) {
-			if (pf_state_expires(s) <= time_uptime) {
-				V_pf_status.states -=
-				    pf_unlink_state(s, PF_ENTER_LOCKED);
-				goto relock;
+			PF_HASHROW_LOCK(ih);
+			LIST_FOREACH(s, &ih->states, entry) {
+				if (pf_state_expires(s) <= time_uptime) {
+					V_pf_status.states -=
+					    pf_unlink_state(s, PF_ENTER_LOCKED);
+					goto relock;
+				}
+				s->rule.ptr->rule_flag |= PFRULE_REFS;
+				if (s->nat_rule.ptr != NULL)
+					s->nat_rule.ptr->rule_flag |= PFRULE_REFS;
+				if (s->anchor.ptr != NULL)
+					s->anchor.ptr->rule_flag |= PFRULE_REFS;
+				s->kif->pfik_flags |= PFI_IFLAG_REFS;
+				if (s->rt_kif)
+					s->rt_kif->pfik_flags |= PFI_IFLAG_REFS;
 			}
-			s->rule.ptr->rule_flag |= PFRULE_REFS;
-			if (s->nat_rule.ptr != NULL)
-				s->nat_rule.ptr->rule_flag |= PFRULE_REFS;
-			if (s->anchor.ptr != NULL)
-				s->anchor.ptr->rule_flag |= PFRULE_REFS;
-			s->kif->pfik_flags |= PFI_IFLAG_REFS;
-			if (s->rt_kif)
-				s->rt_kif->pfik_flags |= PFI_IFLAG_REFS;
+			PF_HASHROW_UNLOCK(ih);
 		}
-		PF_HASHROW_UNLOCK(ih);
 
 		/* Return when we hit end of hash. */
 		if (++i > pf_hashmask) {