1900565 – Further improve performance of JSON echo functionality

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1900565 - Further improve performance of JSON echo functionality

Summary: Further improve performance of JSON echo functionality

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	nftables
Sub Component:
Version:	8.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.4
Assignee:	Phil Sutter
QA Contact:	Tomas Dolezal
Docs Contact:
URL:
Whiteboard:
Depends On:	1835300
Blocks:
TreeView+	depends on / blocked

Reported:	2020-11-23 11:56 UTC by Phil Sutter
Modified:	2021-05-18 15:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:	nftables-0.9.3-17.el8
Doc Type:	Enhancement
Doc Text:	Feature: Performance of 'nft --echo --json' has been improved. The required mapping from kernel response containing assigned handles to user input was slow if user input was huge, e.g. when restoring a set with many elements. Via introduction of a hash table for this purpose, the delay is avoided entirely. Reason: Firewalld is a user of libnftables' JSON API, maintaining blacklists in there could lead to significant startup delay depending on list size. Result: No slowdown in firewalld anymore.
Clone Of:	1835300
Environment:
Last Closed:	2021-05-18 15:10:15 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Comment 3 Phil Sutter 2020-12-07 14:54:11 UTC

There's a required follow-up, above improvement by itself does not work and breaks JSON echo functionality:

commit 299ec575faa6b070940b483dc517ecd883b9f1a4
Author: Phil Sutter <phil>
Date:   Wed Dec 2 23:07:11 2020 +0100

    json: Fix seqnum_to_json() functionality
    
    Introduction of json_cmd_assoc_hash missed that by the time the hash
    table insert happens, the struct cmd object's 'seqnum' field which is
    used as key is not initialized yet. This doesn't happen until
    nft_netlink() prepares the batch object which records the lowest seqnum.
    Therefore push all json_cmd_assoc objects into a temporary list until
    the first lookup happens. At this time, all referenced cmd objects have
    their seqnum set and the list entries can be moved into the hash table
    for fast lookups.
    
    To expose such problems in the future, make json_events_cb() emit an
    error message if the passed message has a handle but no assoc entry is
    found for its seqnum.
    
    Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
    Cc: Derek Dai <daiderek>
    Signed-off-by: Phil Sutter <phil>

Comment 4 Phil Sutter 2021-01-12 14:49:01 UTC

And one more follow-up to the original backport:

commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date:   Mon Dec 14 16:53:29 2020 +0100

    json: don't leave dangling pointers on hlist
    
    unshare -n tests/json_echo/run-test.py
    [..]
    Adding chain c
    free(): double free detected in tcache 2
    Aborted (core dumped)
    
    The element must be deleted from the hlist prior to freeing it.
    
    Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
    Signed-off-by: Florian Westphal <fw>

Comment 6 Phil Sutter 2021-01-21 15:59:53 UTC

One more follow-up to the original backport:

commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date:   Mon Dec 14 16:53:29 2020 +0100

    json: don't leave dangling pointers on hlist
    
    unshare -n tests/json_echo/run-test.py
    [..]
    Adding chain c
    free(): double free detected in tcache 2
    Aborted (core dumped)
    
    The element must be deleted from the hlist prior to freeing it.
    
    Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
    Signed-off-by: Florian Westphal <fw>

Comment 14 errata-xmlrpc 2021-05-18 15:10:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nftables bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1722

Note You need to log in before you can comment on or make changes to this bug.