tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: MP-safe IPsec SPD



Hi,

Thank you for your reviewing! I think I handled all your suggestions.
Let me know if I missed or misunderstood something.

BTW can we have an API to assert that we are in a pserialize critical
section? Sometimes I want to write something like:
  KASSERT(pserialize_in_read_critical_section());
rather than writing the constraint in a comment.

Thanks,
  ozaki-r


On Fri, Aug 4, 2017 at 12:02 AM, Taylor R Campbell
<campbell+netbsd-tech-kern%mumble.net@localhost> wrote:
>> Date: Fri, 28 Jul 2017 16:47:15 +0900
>> From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
>>
>> This is a patch to make IPsec SPD MP-safe:
>>   http://www.netbsd.org/~ozaki-r/mpsafe-ipsec-spd.diff
>>
>> Please check the locking notes in the patch to know
>> how I MP-ify SPD.
>>
>> This is the first time for me to use localcount(9)
>> so please comment/suggest me on it.
>
> Sorry, haven't had time for a detailed review!  Some brief comments:
>
> General approach looks reasonable.  Haven't had time to digest it all,
> but nothing leaps out at me as wrong about your use of localcount.
>
> Glad to see the detailed locking notes.  That will be helpful for
> proper review.
> - One typo: `pstree' should be `sptree'.  (Aside: Why `tree', if list?)
> - Can you say how key_mtx fits into it too?
> - Can you add to that comment that you must KEY_SP_REF during psz
>   read, and KEY_SP_UNREF after use?  (Rather than saying `incrementing
>   reference count', just to make it easier to cross-reference comment
>   with API.)
> - Can you put a comment over key_sp_ref saying what the caller's
>   responsibilities are?  (Must be in psz read section, must release
>   with key_sp_unref outside psz read section later.)
>
>     /*
>      * Protect regtree, acqtree and items stored in the lists.
>      */
>     static kmutex_t key_mtx __cacheline_aligned;
>    +static pserialize_t key_psz;
>    +static kmutex_t key_sp_mtx __cacheline_aligned;
>    +static kcondvar_t key_sp_cv __cacheline_aligned;
>
> Consider gathering these into a cacheline-aligned struct along with
> the lists they cover?  And/or split the two locks up with a comment
> saying what each one is for?
>
>    +void
>    +key_sp_unref(struct secpolicy *sp, const char* where, int tag)
>    +{
>    +
>    +       KASSERT(mutex_ownable(&key_sp_mtx));
>
> I suggest using KDASSERT for mutex_ownable, so that it happens only
> when you've enabled DEBUG *and* LOCKDEBUG -- it is a very expensive
> check, moreso than LOCKDEBUG normally is, since it acquires and
> releases a lock, and it is normally used in a path where we expect
> *not* to acquire and release a lock in a fast path.
>
>    @@ -279,7 +295,6 @@ ipsec_fillpcbcache(struct inpcbpolicy *pcbsp, struct mbuf *m,
>            }
>            pcbsp->sp_cache[dir].cachesp = sp;
>            if (pcbsp->sp_cache[dir].cachesp) {
>    -               KEY_SP_REF(pcbsp->sp_cache[dir].cachesp);
>                    KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
>                        "DP cause refcnt++:%d SP:%p\n",
>                        key_sp_refcnt(pcbsp->sp_cache[dir].cachesp),
>
> It looks like this debug message doesn't make sense any more?  (Aside
> from the stub definition of key_sp_refcnt.)


Home | Main Index | Thread Index | Old Index