ACK/Cmnt: [SRU][F:linux-bluefield][PATCH 0/2] CT offload fix for crash on stress
Stefan Bader
stefan.bader at canonical.com
Tue Apr 20 14:04:24 UTC 2021
On 11.04.21 13:45, Roi Dayan wrote:
> BugLink: https://bugs.launchpad.net/bugs/1922672
>
>
> SRU Justification:
>
> There is a race between netfilter GC updating ct conn timeout and other events
> reading the timeout, potentially crashing the kernel.
>
>
> * brief explanation of fixes
>
> The fix is setting the offload timeout early and not relying on gc.
> The fix is already upstream and cherry picked here.
>
> * How to test
>
> Testing was done with stress http traffic opening conns, short data, close conns.
> different 5-tuple each time.
>
>
> * What it could break.
>
> Potentially crash the kernel.
>
>
>
> Roi Dayan (2):
> netfilter: conntrack: Move nf_ct_offload_timeout to header file
> netfilter: flowtable: Set offload timeout when adding flow
>
> include/net/netfilter/nf_conntrack.h | 12 ++++++++++++
> net/netfilter/nf_conntrack_core.c | 12 ------------
> net/netfilter/nf_flow_table_core.c | 2 ++
> 3 files changed, 14 insertions(+), 12 deletions(-)
>
The bug report still seemed to have no justification. There was a lot of
description which felt a bit too extensive for that purpose. So I tried to make
up a more streamlined version of that as justification.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210420/e79b7baf/attachment.sig>
More information about the kernel-team
mailing list