From owner-svn-src-head@freebsd.org  Thu Dec 19 10:22:17 2019
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 396841DC310;
 Thu, 19 Dec 2019 10:22:17 +0000 (UTC)
 (envelope-from melifaro@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47dnxP0lxxz4WFW;
 Thu, 19 Dec 2019 10:22:17 +0000 (UTC)
 (envelope-from melifaro@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1545AD478;
 Thu, 19 Dec 2019 10:22:17 +0000 (UTC)
 (envelope-from melifaro@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xBJAMGFG055642;
 Thu, 19 Dec 2019 10:22:16 GMT (envelope-from melifaro@FreeBSD.org)
Received: (from melifaro@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id xBJAMGOm055640;
 Thu, 19 Dec 2019 10:22:16 GMT (envelope-from melifaro@FreeBSD.org)
Message-Id: <201912191022.xBJAMGOm055640@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: melifaro set sender to
 melifaro@FreeBSD.org using -f
From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
Date: Thu, 19 Dec 2019 10:22:16 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r355910 - head/sys/netpfil/ipfw
X-SVN-Group: head
X-SVN-Commit-Author: melifaro
X-SVN-Commit-Paths: head/sys/netpfil/ipfw
X-SVN-Commit-Revision: 355910
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 10:22:17 -0000

Author: melifaro
Date: Thu Dec 19 10:22:16 2019
New Revision: 355910
URL: https://svnweb.freebsd.org/changeset/base/355910

Log:
  ipfw: Don't rollback state in alloc_table_vidx() if atomicity is not required.
  
  Submitted by:	Neel Chauhan <neel AT neelc DOT org>
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D22662

Modified:
  head/sys/netpfil/ipfw/ip_fw_table.c
  head/sys/netpfil/ipfw/ip_fw_table.h
  head/sys/netpfil/ipfw/ip_fw_table_value.c

Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c	Thu Dec 19 10:20:38 2019	(r355909)
+++ head/sys/netpfil/ipfw/ip_fw_table.c	Thu Dec 19 10:22:16 2019	(r355910)
@@ -623,7 +623,7 @@ restart:
 	 *
 	 * May release/reacquire UH_WLOCK.
 	 */
-	error = ipfw_link_table_values(ch, &ts);
+	error = ipfw_link_table_values(ch, &ts, flags);
 	if (error != 0)
 		goto cleanup;
 	if (ts.modified != 0)
@@ -654,6 +654,14 @@ restart:
 		num = 0;
 		/* check limit before adding */
 		if ((error = check_table_limit(tc, ptei)) == 0) {
+			/*
+			 * It should be safe to insert a record w/o
+			 * a properly-linked value if atomicity is
+			 * not required.
+			 *
+			 * If the added item does not have a valid value
+			 * index, it would get rejected by ta->add().
+			 * */
 			error = ta->add(tc->astate, KIDX_TO_TI(ch, kidx),
 			    ptei, v, &num);
 			/* Set status flag to inform userland */

Modified: head/sys/netpfil/ipfw/ip_fw_table.h
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.h	Thu Dec 19 10:20:38 2019	(r355909)
+++ head/sys/netpfil/ipfw/ip_fw_table.h	Thu Dec 19 10:22:16 2019	(r355910)
@@ -168,7 +168,8 @@ struct table_config;
 struct tableop_state;
 void ipfw_table_value_init(struct ip_fw_chain *ch, int first);
 void ipfw_table_value_destroy(struct ip_fw_chain *ch, int last);
-int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts);
+int ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts,
+    uint8_t flags);
 void ipfw_garbage_table_values(struct ip_fw_chain *ch, struct table_config *tc,
     struct tentry_info *tei, uint32_t count, int rollback);
 void ipfw_import_table_value_v1(ipfw_table_value *iv);

Modified: head/sys/netpfil/ipfw/ip_fw_table_value.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table_value.c	Thu Dec 19 10:20:38 2019	(r355909)
+++ head/sys/netpfil/ipfw/ip_fw_table_value.c	Thu Dec 19 10:22:16 2019	(r355910)
@@ -363,7 +363,7 @@ rollback_table_values(struct tableop_state *ts)
  */
 static int
 alloc_table_vidx(struct ip_fw_chain *ch, struct tableop_state *ts,
-    struct namedobj_instance *vi, uint16_t *pvidx)
+    struct namedobj_instance *vi, uint16_t *pvidx, uint8_t flags)
 {
 	int error, vlimit;
 	uint16_t vidx;
@@ -384,16 +384,13 @@ alloc_table_vidx(struct ip_fw_chain *ch, struct tableo
 	}
 
 	vlimit = ts->ta->vlimit;
-	if (vlimit != 0 && vidx >= vlimit) {
+	if (vlimit != 0 && vidx >= vlimit && !(flags & IPFW_CTF_ATOMIC)) {
 
 		/*
 		 * Algorithm is not able to store given index.
 		 * We have to rollback state, start using
 		 * per-table value array or return error
 		 * if we're already using it.
-		 *
-		 * TODO: do not rollback state if
-		 * atomicity is not required.
 		 */
 		if (ts->vshared != 0) {
 			/* shared -> per-table  */
@@ -426,9 +423,10 @@ ipfw_garbage_table_values(struct ip_fw_chain *ch, stru
 	 * either (1) we are successful / partially successful,
 	 * in that case we need
 	 * * to ignore ADDED entries values
-	 * * rollback every other values (either UPDATED since
-	 *   old value has been stored there, or some failure like
-	 *   EXISTS or LIMIT or simply "ignored" case.
+	 * * rollback every other values if atomicity is not
+	 * * required (either UPDATED since old value has been
+	 *   stored there, or some failure like EXISTS or LIMIT
+	 *   or simply "ignored" case.
 	 *
 	 * (2): atomic rollback of partially successful operation
 	 * in that case we simply need to unref all entries.
@@ -473,7 +471,8 @@ ipfw_garbage_table_values(struct ip_fw_chain *ch, stru
  * Success: return 0.
  */
 int
-ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts)
+ipfw_link_table_values(struct ip_fw_chain *ch, struct tableop_state *ts,
+    uint8_t flags)
 {
 	int error, i, found;
 	struct namedobj_instance *vi;
@@ -577,7 +576,7 @@ ipfw_link_table_values(struct ip_fw_chain *ch, struct 
 		}
 
 		/* May perform UH unlock/lock */
-		error = alloc_table_vidx(ch, ts, vi, &vidx);
+		error = alloc_table_vidx(ch, ts, vi, &vidx, flags);
 		if (error != 0) {
 			ts->opstate.func(ts->tc, &ts->opstate);
 			return (error);