From 889a9acc54758922b3529ea473a2dac159d85fd5 Mon Sep 17 00:00:00 2001
From: Mateusz Guzik <mjg@FreeBSD.org>
Date: Wed, 8 Feb 2023 09:53:05 +0000
Subject: [PATCH] ipsec: only update lastused when it changes

to limit cache-line bouncing.

Note that as there is no atomic_store we are hoping the compiler wont
speculatively do the store. It is not employed because the size depends
on target arch.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D38433
---
 sys/netipsec/key.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 345c302c2a8..62aa9901943 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -917,6 +917,7 @@ key_allocsp(struct secpolicyindex *spidx, u_int dir)
 	struct spdcache_entry *entry, *lastentry, *tmpentry;
 	struct secpolicy *sp;
 	uint32_t hashv;
+	time_t ts;
 	int nb_entries;
 
 	if (!SPDCACHE_ACTIVE()) {
@@ -969,7 +970,9 @@ key_allocsp(struct secpolicyindex *spidx, u_int dir)
 
 out:
 	if (sp != NULL) {	/* found a SPD entry */
-		sp->lastused = time_second;
+		ts = time_second;
+		if (__predict_false(sp->lastused != ts))
+			sp->lastused = ts;
 		KEYDBG(IPSEC_STAMP,
 		    printf("%s: return SP(%p)\n", __func__, sp));
 		KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp));