APPLIED: [SRU][F:linux-bluefield][PATCH 0/2] CT offload fix for crash on stress
Stefan Bader
stefan.bader at canonical.com
Tue Apr 20 14:34:55 UTC 2021
On 11.04.21 13:45, Roi Dayan wrote:
> BugLink: https://bugs.launchpad.net/bugs/1922672
>
>
> SRU Justification:
>
> There is a race between netfilter GC updating ct conn timeout and other events
> reading the timeout, potentially crashing the kernel.
>
>
> * brief explanation of fixes
>
> The fix is setting the offload timeout early and not relying on gc.
> The fix is already upstream and cherry picked here.
>
> * How to test
>
> Testing was done with stress http traffic opening conns, short data, close conns.
> different 5-tuple each time.
>
>
> * What it could break.
>
> Potentially crash the kernel.
>
>
>
> Roi Dayan (2):
> netfilter: conntrack: Move nf_ct_offload_timeout to header file
> netfilter: flowtable: Set offload timeout when adding flow
>
> include/net/netfilter/nf_conntrack.h | 12 ++++++++++++
> net/netfilter/nf_conntrack_core.c | 12 ------------
> net/netfilter/nf_flow_table_core.c | 2 ++
> 3 files changed, 14 insertions(+), 12 deletions(-)
>
Applied to focal:linux-bluefield/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210420/dcd45e20/attachment.sig>
More information about the kernel-team
mailing list