ACK/Cmnt: [SRU][F:linux-bluefield][PATCH 0/2] CT offload fix for crash on stress
Tim Gardner
tim.gardner at canonical.com
Mon Apr 12 11:38:35 UTC 2021
Acked-by: Tim Gardner <tim.gardner at canonical.com>
Just noticing your S-O-B email addresses are different.
On 4/11/21 5:45 AM, Roi Dayan wrote:
> BugLink: https://bugs.launchpad.net/bugs/1922672
>
>
> SRU Justification:
>
> There is a race between netfilter GC updating ct conn timeout and other events
> reading the timeout, potentially crashing the kernel.
>
>
> * brief explanation of fixes
>
> The fix is setting the offload timeout early and not relying on gc.
> The fix is already upstream and cherry picked here.
>
> * How to test
>
> Testing was done with stress http traffic opening conns, short data, close conns.
> different 5-tuple each time.
>
>
> * What it could break.
>
> Potentially crash the kernel.
>
>
>
> Roi Dayan (2):
> netfilter: conntrack: Move nf_ct_offload_timeout to header file
> netfilter: flowtable: Set offload timeout when adding flow
>
> include/net/netfilter/nf_conntrack.h | 12 ++++++++++++
> net/netfilter/nf_conntrack_core.c | 12 ------------
> net/netfilter/nf_flow_table_core.c | 2 ++
> 3 files changed, 14 insertions(+), 12 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list