Message ID | 4A3A5599.4080906@trash.net |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
* Patrick McHardy <kaber@trash.net> wrote: > Ingo, could you please try whether this patch (combined with the > last one) makes any difference? Enabling CONFIG_NETFILTER_DEBUG > could also help. Mind pushing it upstream, and i'll keep things monitored over the week following when it hits upstream? The reason is, the crash ratio is worse than 1:1000, it took a day and a 1000 tests to trigger that one. I havent seen it after that. So it's going to be a very slow observation and you shouldnt serialize on me - giving you a 'it works' positive result will take 10,000 random bootp tests or so - that's a week or longer. (it can take a long time to hit that especially in the merge window when there's a lot of various test failures that cause hickups in the test stream.) ( Mailing me an upstream sha1 when all fixes in this area have hit upstream would certainly be welcome - i can use that as a 'no crashes expected in that area from that point on' flag day. ) Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Ingo Molnar wrote: > * Patrick McHardy <kaber@trash.net> wrote: > >> Ingo, could you please try whether this patch (combined with the >> last one) makes any difference? Enabling CONFIG_NETFILTER_DEBUG >> could also help. > > Mind pushing it upstream, and i'll keep things monitored over the > week following when it hits upstream? > > The reason is, the crash ratio is worse than 1:1000, it took a day > and a 1000 tests to trigger that one. I havent seen it after that. > > So it's going to be a very slow observation and you shouldnt > serialize on me - giving you a 'it works' positive result will take > 10,000 random bootp tests or so - that's a week or longer. (it can > take a long time to hit that especially in the merge window when > there's a lot of various test failures that cause hickups in the > test stream.) OK thanks, I'll push it upstream soon. > ( Mailing me an upstream sha1 when all fixes in this area have hit > upstream would certainly be welcome - i can use that as a 'no > crashes expected in that area from that point on' flag day. ) Sure, will do. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 5f72b94..ce17a69 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -335,7 +335,8 @@ begin: h = __nf_conntrack_find(net, tuple); if (h) { ct = nf_ct_tuplehash_to_ctrack(h); - if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) + if (unlikely(nf_ct_is_dying(ct) || + !atomic_inc_not_zero(&ct->ct_general.use))) h = NULL; else { if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple))) { @@ -503,7 +504,8 @@ static noinline int early_drop(struct net *net, unsigned int hash) cnt++; } - if (ct && unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) + if (ct && unlikely(nf_ct_is_dying(ct) || + !atomic_inc_not_zero(&ct->ct_general.use))) ct = NULL; if (ct || cnt >= NF_CT_EVICTION_RANGE) break;