On 25.4.2023. 22:57, Vitaliy Makkoveev wrote: > On Tue, Apr 25, 2023 at 11:44:34AM +0200, Alexander Bluhm wrote: >> Hi, >> >> Mutex arp_mtx protects the llinfo_arp la_... fields. So kernel >> lock is only needed for changing the route rt_flags. >> >> Of course there is a race between checking and setting rt_flags. >> But the other checks of the RTF_REJECT flags were without kernel >> lock before. This does not cause trouble, the worst thing that may >> happen is to wait another exprire time for ARP retry. My diff does >> not make it worse, reading rt_flags and rt_expire is done without >> lock anyway. >> >> The kernel lock is needed to change rt_flags. Testing without >> KERNEL_LOCK() caused crashes. >> > Hi, > > I'm interesting is the system stable with the diff below? If so, we > could avoid kernel lock in the arpresolve().
Hi, I've put that diff on production boxes and in lab and for now firewalls are stable. Let's see after few more hours.
