git.ipfire.org Git - thirdparty/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 15 Aug 2025 14:36:58 +0000 (16:36 +0200)
committer	Florian Westphal <fw@strlen.de>
	Wed, 20 Aug 2025 11:52:37 +0000 (13:52 +0200)
commit	84c1da7b38d9ad8fadd5b0b76034a41f7761e404
tree	7de2a4ef6aaebf54ca687f31e83c31c1ad001d2c	tree \| snapshot
parent	416e53e39516714057d7d06d561e49d1a89fa524	commit \| diff

netfilter: nft_set_pipapo: use avx2 algorithm for insertions too

Always prefer the avx2 implementation if its available.
This greatly improves insertion performance (each insertion
checks if the new element would overlap with an existing one):

time nft -f - <<EOF
table ip pipapo {
set s {
typeof ip saddr . tcp dport
flags interval
size 800000
elements = { 10.1.1.1 - 10.1.1.4 . 3996,
[.. 800k entries elided .. ]

before:
real    1m55.993s
user    0m2.505s
sys     1m53.296s

after:
real    0m42.586s
user    0m2.554s
sys     0m39.811s

Fold patch from Sebastian:

kernel_fpu_begin_mask()/ _end() remains in pipapo_get_avx2() where it is
required.

A followup patch will add local_lock_t to struct nft_pipapo_scratch in
order to protect the map pointer. The lock can not be acquired in
preemption disabled context which is what kernel_fpu_begin*() does.

Link: https://lore.kernel.org/netfilter-devel/20250818110213.1319982-2-bigeasy@linutronix.de/
Co-developed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Florian Westphal <fw@strlen.de>

net/netfilter/nft_set_pipapo.c		diff \| blob \| blame \| history
net/netfilter/nft_set_pipapo_avx2.c		diff \| blob \| blame \| history
net/netfilter/nft_set_pipapo_avx2.h		diff \| blob \| blame \| history