[SRU][F:linux-bluefield][PATCH 0/9] CT offload fixes

Roi Dayan roid at nvidia.com
Tue Apr 6 17:52:00 UTC 2021 

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922682
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922678
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672


SRU Justification:

1. The first 2 patches are fixing a race, potentially crashing the kernel.
2. The next 2 patches are fixing a possible memory hog and aging active
   ct conns.
3. The last patches are adding offload support for ct_state invalid and
   ct_state reply.

* Explain the bug(s)

1. The kernel crash can happen on stress tcp traffic opening and closing
   the conns fast.

2. The memory hog and aging active ct conns can happen from any stress test
   as we have a single workqueue for handling the ct offload conns
   for add/del/stats.

* brief explanation of fixes

The fix for #1 is setting the offload timeout early and not relying on gc.

The fix for #2 is splitting add/del/stats for diff workqueue and also
we set a limit for add work entries.

* How to test

Testing #1 was done with stress http traffic opening conns, short data, close conns.
different 5-tuple each time.

Testing #2 was done with just stress traffic with lots of conns different 5-tuple.

* What it could break.

Issue #1 could potentially crash the kernel.

Issue #2 can take a lot of memory for a long time and also causing active conns to
age out when not necessary.


 include/linux/skbuff.h                |  5 ++-
 include/net/flow_offload.h            |  1 +
 include/net/netfilter/nf_conntrack.h  | 12 ++++++
 include/net/sch_generic.h             |  1 +
 include/uapi/linux/pkt_cls.h          |  2 +
 net/core/dev.c                        |  2 +
 net/core/flow_dissector.c             | 13 +++++--
 net/netfilter/nf_conntrack_core.c     | 12 ------
 net/netfilter/nf_flow_table_core.c    |  2 +
 net/netfilter/nf_flow_table_offload.c | 56 +++++++++++++++++++++++----
 net/openvswitch/conntrack.c           |  8 ++--
 net/openvswitch/conntrack.h           |  6 ++-
 net/openvswitch/flow.c                |  4 +-
 net/sched/act_ct.c                    |  6 ++-
 net/sched/cls_api.c                   |  1 +
 net/sched/cls_flower.c                | 10 +++--
 16 files changed, 105 insertions(+), 36 deletions(-)

-- 
2.26.2

More information about the kernel-team mailing list