From nobody Wed Apr 19 07:51:35 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q1Xzq4hwzz457p5;
	Wed, 19 Apr 2023 07:51:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Q1Xzq1lXPz3CPP;
	Wed, 19 Apr 2023 07:51:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1681890695;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NjFJW1239OVhTSHe34F29+8UMNOguu52hl1viv4dIs4=;
	b=tbjYsaNtCx951oYDYKLdbYDW+Qffuq98mIxXMFRiSzRNo7eTBUFN+lgXCF/FQU2SDjdv2J
	OSDGH5CkKkTeO8Fe79veKkynqLVhlQ3V/lKAteGAqBNTR9DftqwjBQPK2JxGoiVl88Bo3w
	435CC8qlltjZ2BOxOsALgQ2JRelTBsakYmqnybk5+5TIi2rVI2G+zn4xc5Z1hxhkJk0nbd
	egMWs560OISWtETFYHWSAjGm01QA2vDPnCazYrVZ0/irWVflT5rmbMJpDo2UMKUNGK0inl
	5DGy2H8DDvpop8LDF0EOIjZjGr9qavTvD0vrGYAxq8oB2bERu1vH2hbYIbnoCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1681890695;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NjFJW1239OVhTSHe34F29+8UMNOguu52hl1viv4dIs4=;
	b=xAeh0ZlHgSMPpmhWwJ3wqu6lbr80kcH9M41uak9nxxUkp7C6E6e+W7tgdNxPKVDYb4jsEd
	4MAuKNekjw+CYI/oBL7g9ZhLNtLxtD1Lh/g/9ylcP0ooAiawXh1bKsadDm4PqPTP5I0k4q
	vLv2VJp1fYBj2Nix7SAJBLa57JdW4wqeNUFm2wKatfCoTlNgAeHKIx94Vhbje+G+mW17x7
	2joLqsEve8/K40llNWcrd4OLVgWUfx8MlRSxr/AwiHi3ydlG1jm9Sn3mB/aIz0YDylVWXT
	J8OLoV6tw7kR6T01gyM1jKjlytFEAaniE06HPn3XVJN1ilIeeRNMh6C4eJb4qg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1681890695; a=rsa-sha256; cv=none;
	b=FDH8OTC7UN8JMj57WZvOo6sjBQ+vmubt1e9FR7AmII3zoRs2EtnhVfLDWXqjNaLoaeFq7w
	tR6eL9CZLj0LYJG1t7UPsOV5QqiImeGZ++r7/ftUM7XLbLibo1Z5tqb0PpzH60JdPSMZdh
	z9TxDg8W8jAYL0lm+f7OsNVySE7pc9c43/f5n8K3Yb70/lBLKLn2EqvPmzY+E+UTQyUIRy
	YLOxubJ3jWiCr5OcqLCgAxGziNcNb/FaDrZiKaZITTQiMm5pQGseEQ9BovfCGHnLytfwWZ
	43GbSw7OhkqAZZyKRPMKDzGSfXndvt7V9JgQemn9kVVhlEjgEuv0qv2BZ5eRaQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q1Xzq0nb7zmJR;
	Wed, 19 Apr 2023 07:51:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33J7pZ8Q043986;
	Wed, 19 Apr 2023 07:51:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33J7pZ4e043985;
	Wed, 19 Apr 2023 07:51:35 GMT
	(envelope-from git)
Date: Wed, 19 Apr 2023 07:51:35 GMT
Message-Id: <202304190751.33J7pZ4e043985@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 2e6cdfe29355 - main - pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 2e6cdfe29355cd81a4e2299d61e6ed57f6798a99
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=2e6cdfe29355cd81a4e2299d61e6ed57f6798a99

commit 2e6cdfe29355cd81a4e2299d61e6ed57f6798a99
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-04-18 14:06:36 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-04-19 07:50:52 +0000

    pf: change pf_rules_lock and pf_ioctl_lock to per-vnet locks
    
    Both pf_rules_lock and pf_ioctl_lock only ever affect one vnet, so
    there's no point in having these locks affect other vnets.
    (In fact, the only lock in pf that can affect multiple vnets is
    pf_end_lock.)
    
    That's especially important for the rules lock, because taking the write
    lock suspends all network traffic until it's released. This will reduce
    the impact a vnet running pf can have on other vnets, and improve
    concurrency on machines running multiple pf-enabled vnets.
    
    Reviewed by:    zlei
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D39658
---
 sys/net/pfvar.h           | 20 +++++++++++---------
 sys/netpfil/pf/pf_ioctl.c | 23 +++++++++++++----------
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index e9e23d985cfa..2f017923afa1 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -385,16 +385,18 @@ extern struct sx pf_config_lock;
 #define	PF_CONFIG_UNLOCK()	sx_xunlock(&pf_config_lock)
 #define	PF_CONFIG_ASSERT()	sx_assert(&pf_config_lock, SA_XLOCKED)
 
-extern struct rmlock pf_rules_lock;
+VNET_DECLARE(struct rmlock, pf_rules_lock);
+#define	V_pf_rules_lock		VNET(pf_rules_lock)
+
 #define	PF_RULES_RLOCK_TRACKER	struct rm_priotracker _pf_rules_tracker
-#define	PF_RULES_RLOCK()	rm_rlock(&pf_rules_lock, &_pf_rules_tracker)
-#define	PF_RULES_RUNLOCK()	rm_runlock(&pf_rules_lock, &_pf_rules_tracker)
-#define	PF_RULES_WLOCK()	rm_wlock(&pf_rules_lock)
-#define	PF_RULES_WUNLOCK()	rm_wunlock(&pf_rules_lock)
-#define	PF_RULES_WOWNED()	rm_wowned(&pf_rules_lock)
-#define	PF_RULES_ASSERT()	rm_assert(&pf_rules_lock, RA_LOCKED)
-#define	PF_RULES_RASSERT()	rm_assert(&pf_rules_lock, RA_RLOCKED)
-#define	PF_RULES_WASSERT()	rm_assert(&pf_rules_lock, RA_WLOCKED)
+#define	PF_RULES_RLOCK()	rm_rlock(&V_pf_rules_lock, &_pf_rules_tracker)
+#define	PF_RULES_RUNLOCK()	rm_runlock(&V_pf_rules_lock, &_pf_rules_tracker)
+#define	PF_RULES_WLOCK()	rm_wlock(&V_pf_rules_lock)
+#define	PF_RULES_WUNLOCK()	rm_wunlock(&V_pf_rules_lock)
+#define	PF_RULES_WOWNED()	rm_wowned(&V_pf_rules_lock)
+#define	PF_RULES_ASSERT()	rm_assert(&V_pf_rules_lock, RA_LOCKED)
+#define	PF_RULES_RASSERT()	rm_assert(&V_pf_rules_lock, RA_RLOCKED)
+#define	PF_RULES_WASSERT()	rm_assert(&V_pf_rules_lock, RA_WLOCKED)
 
 extern struct mtx_padalign pf_table_stats_lock;
 #define	PF_TABLE_STATS_LOCK()	mtx_lock(&pf_table_stats_lock)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 5dc0072451a7..c800d2048547 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -277,8 +277,9 @@ VNET_DEFINE(int, pf_vnet_active);
 int pf_end_threads;
 struct proc *pf_purge_proc;
 
-struct rmlock			pf_rules_lock;
-struct sx			pf_ioctl_lock;
+VNET_DEFINE(struct rmlock, pf_rules_lock);
+VNET_DEFINE_STATIC(struct sx, pf_ioctl_lock);
+#define	V_pf_ioctl_lock		VNET(pf_ioctl_lock)
 struct sx			pf_end_lock;
 
 /* pfsync */
@@ -2606,7 +2607,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
 
 	switch (cmd) {
 	case DIOCSTART:
-		sx_xlock(&pf_ioctl_lock);
+		sx_xlock(&V_pf_ioctl_lock);
 		if (V_pf_status.running)
 			error = EEXIST;
 		else {
@@ -2622,7 +2623,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td
 		break;
 
 	case DIOCSTOP:
-		sx_xlock(&pf_ioctl_lock);
+		sx_xlock(&V_pf_ioctl_lock);
 		if (!V_pf_status.running)
 			error = ENOENT;
 		else {
@@ -5652,8 +5653,8 @@ DIOCCHANGEADDR_error:
 		break;
 	}
 fail:
-	if (sx_xlocked(&pf_ioctl_lock))
-		sx_xunlock(&pf_ioctl_lock);
+	if (sx_xlocked(&V_pf_ioctl_lock))
+		sx_xunlock(&V_pf_ioctl_lock);
 	CURVNET_RESTORE();
 
 #undef ERROUT_IOCTL
@@ -6692,6 +6693,9 @@ pf_load_vnet(void)
 	V_pf_tag_z = uma_zcreate("pf tags", sizeof(struct pf_tagname),
 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
 
+	rm_init_flags(&V_pf_rules_lock, "pf rulesets", RM_RECURSE);
+	sx_init(&V_pf_ioctl_lock, "pf ioctl");
+
 	pf_init_tagset(&V_pf_tags, &pf_rule_tag_hashsize,
 	    PF_RULE_TAG_HASH_SIZE_DEFAULT);
 #ifdef ALTQ
@@ -6710,8 +6714,6 @@ pf_load(void)
 {
 	int error;
 
-	rm_init_flags(&pf_rules_lock, "pf rulesets", RM_RECURSE);
-	sx_init(&pf_ioctl_lock, "pf ioctl");
 	sx_init(&pf_end_lock, "pf end thread");
 
 	pf_mtag_initialize();
@@ -6815,6 +6817,9 @@ pf_unload_vnet(void)
 		pf_counter_u64_deinit(&V_pf_status.fcounters[i]);
 	for (int i = 0; i < SCNT_MAX; i++)
 		counter_u64_free(V_pf_status.scounters[i]);
+
+	rm_destroy(&V_pf_rules_lock);
+	sx_destroy(&V_pf_ioctl_lock);
 }
 
 static void
@@ -6834,8 +6839,6 @@ pf_unload(void)
 
 	pfi_cleanup();
 
-	rm_destroy(&pf_rules_lock);
-	sx_destroy(&pf_ioctl_lock);
 	sx_destroy(&pf_end_lock);
 }