From patchwork Thu Aug 3 15:49:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1816532 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=fBETqwEJ; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RGtZn2dkwz1yYC for ; Fri, 4 Aug 2023 01:49:52 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1qRaa7-0006AA-09; Thu, 03 Aug 2023 15:49:43 +0000 Received: from mail-dm6nam11on2088.outbound.protection.outlook.com ([40.107.223.88] helo=NAM11-DM6-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1qRaa4-0006A3-6N for kernel-team@lists.ubuntu.com; Thu, 03 Aug 2023 15:49:40 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W8sbQF3vNPmG3nVXnuR1n6Drw84rj2rJlTsf3IiJnY0MT/cMcsejOIRHKcC+LyOfCMK0Yhtxxgv+Dc4H10y5urQRlpFRLoQ7RBxfFax6VE5n/jquRbBa1CB5q6v/VzcFwaFXNsjF3FE2EL/I8y217Ef0vw4iAPvWDoLXf9tgCI9hQQP6HC8oRwtCb0o5drIQoaB9hYnpQiBOqnCN6waMOhV7LI8LbrlqqVUkv4EoQQHRd1gWaZE6SNcRe+hw91G25BJyy4CNNHtwe4otlC/RZYu+eSU78mx9dRiXS7e/GCaF+b2j3R3yYLjgfP02maXjm7yYUCbkgBZbruYagm8JmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K4MHNvuAjZnj8UmbMstyTc8dFdmuIClX87RqHmgeL10=; b=P6JCE16xERyPFlViy+s/KFz3rU3kHdUEpHxNLq4VdLhX28X05BOQ4kNYCm2yKFaE8ks698PoI9m9SjN+AjBDVnTVPoczyFuiKn1pLx3d4AsfluNHnvaR5bmMswZJyF/hKZoy5BG2dFrWY3eSAp+BPjo/Sj2Uq6bogR7BrQ5NNM0695tX25f1eHwKNDZeaHxHv5YNKybZysHhFFv6IqFU7m8ArmTNv7qTjVuduXl3Ii/lLaAvmW2OOAjHqcd23XzeLxVy7HptH0kmz9eRks2x7pPHXtONU4NuS9Ho/2Fsew+oedBjSt0gv19B9YsTghYknJlhrcp5MVuMnZdgdiFEMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K4MHNvuAjZnj8UmbMstyTc8dFdmuIClX87RqHmgeL10=; b=fBETqwEJl4ZfGrtOc5mI5pLqHIxNz5JTJdcsnETLYXSeT6sIaiZi9cUkpGkhBS4K1cXd5HLitPiMkwAawOUJ2JjsuC/ZIGscxIU8j3m4i3NjTRv2CV4MmdPpl8eGzG/7PkVJYFkkAhlLML12yjHgdG9DXUCmf86tTVDh/IfzPx1To+w+a/8vMrMGUFrKtIY64x8Y13c3r6q/lAWGRYxMQMAooT1OV28VH+/xNQIqXNK36Lapzn/ffASIqGf/oNHezMeRG1HvRW2GayOYFsULhfhg/PFMqSMQKXQFNBEDXwqBk07W/yXooG5hJWCcpbU4xxdb8qFFNckdmv13kJQnRQ== Received: from MW2PR16CA0001.namprd16.prod.outlook.com (2603:10b6:907::14) by MN2PR12MB4360.namprd12.prod.outlook.com (2603:10b6:208:266::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.20; Thu, 3 Aug 2023 15:49:36 +0000 Received: from CO1PEPF000044F9.namprd21.prod.outlook.com (2603:10b6:907:0:cafe::21) by MW2PR16CA0001.outlook.office365.com (2603:10b6:907::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.20 via Frontend Transport; Thu, 3 Aug 2023 15:49:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CO1PEPF000044F9.mail.protection.outlook.com (10.167.241.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.20 via Frontend Transport; Thu, 3 Aug 2023 15:49:36 +0000 Received: from rnnvmail203.nvidia.com (10.129.68.9) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Thu, 3 Aug 2023 08:49:21 -0700 Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail203.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Thu, 3 Aug 2023 08:49:20 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37 via Frontend Transport; Thu, 3 Aug 2023 08:49:20 -0700 Received: from sw-mtx-061.mtx.labs.mlnx (sw-mtx-061.mtx.labs.mlnx [10.9.153.25]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 373FnHSJ006011; Thu, 3 Aug 2023 18:49:17 +0300 From: Bodong Wang To: Subject: [SRU][J:linux-bluefield][PATCH] UBUNTU: SAUCE: netfilter: flowtable: additional checks for outdated flows Date: Thu, 3 Aug 2023 10:49:16 -0500 Message-ID: <20230803154916.1447090-1-bodong@nvidia.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-NV-OnPremToCloud: ExternallySecured X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000044F9:EE_|MN2PR12MB4360:EE_ X-MS-Office365-Filtering-Correlation-Id: 8232b77f-5151-4e7a-8892-08db94393d0e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ufpE6ums1gmzmI8NU4rrCj6sqR7xMLPx1z9fQYVVwZXG3hu1o4tnkSLoE6nh4fWF0OVjvCFKtr1uvbQcQZEFSSHFKTbIUySZw5+z2UcEExsF+g7BlSM8YWCpRSD/jzr8tbUME+T+BRubERrCSUk24lPQWR/xWpaJzye/LlPoLBudvwnDtc3yhfMLd3zuxjdkgCSxAg/2yjkh1mvunZD1hWVX6j/KJZVCcmxZHs/ArtruOLghRcU5NcSucgv5f1qEn8oc1BXLevLySfi/46wU65gE8kbdC+BZ72d1bmOsqTtID4wRLbEERtu9BqAEd7uhFhaRDeWTD492K9qPJ6dLP+p3HbEXE1GoWFP02qB7ULFmUA3eDLboXwHuqJasqOJ4byDUoSF+8tOgeSluqoqXtCE97XeVY10oFLxhnlZJk9/XNdR4ea/6TI38/vN00B6agLrQE57oPPPZuGovuLkEiGFBcIvceASzilQZimyKSL0sNvZx/f4o+4ce/C3WMg4BGgpUSTksqM3epKnmGw2p8pcv+5M17EIeMMAQdot7SwP0eal4URPt3KQQz32ZFUsjSgT1kJJaLqg5YVxBB/k1w0toQi+yHj1QK+jw3JBLxVbiMr3dONe7rtMKvcFrClzdxTOTCtVDWr4UJxvd5zACIcTZ1mItBVhwaBFDCG/TIrLfK5OM1Y1lxYAK4h1dm833CeCpXP2Lg7OhKjBrWLYEZxZZzasPN1u0z9TG2DrMYMDtqV0mgAvM5CF9vjD3sUudRY0LoV5ajc6ZshgIKiSYPw== X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230028)(4636009)(396003)(376002)(346002)(136003)(39860400002)(451199021)(82310400008)(46966006)(36840700001)(40470700004)(40480700001)(40460700003)(41300700001)(966005)(54906003)(82740400003)(70206006)(6916009)(70586007)(4326008)(316002)(5660300002)(478600001)(26005)(83380400001)(1076003)(36860700001)(186003)(107886003)(336012)(2616005)(7636003)(356005)(47076005)(36756003)(8676002)(8936002)(86362001)(2906002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2023 15:49:36.0060 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8232b77f-5151-4e7a-8892-08db94393d0e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044F9.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4360 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, vladbu@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Vlad Buslov BugLink: https://bugs.launchpad.net/bugs/2029497 Current nf_flow_is_outdated() implementation considers any flow table flow which state diverged from its underlying CT connection status for teardown which can be problematic in the following cases: - Flow has never been offloaded to hardware in the first place either because flow table has hardware offload disabled (flag NF_FLOWTABLE_HW_OFFLOAD is not set) or because it is still pending on 'add' workqueue to be offloaded for the first time. The former is incorrect, the later generates excessive deletions and additions of flows. - Flow is already pending to be updated on the workqueue. Tearing down such flows will also generate excessive removals from the flow table, especially on highly loaded system where the latency to re-offload a flow via 'add' workqueue can be quite high. When considering a flow for teardown as outdated verify that it is both offloaded to hardware and doesn't have any pending updates. Fixes: 41f2c7c342d3 ("net/sched: act_ct: Fix promotion of offloaded unreplied tuple") Signed-off-by: Vlad Buslov Signed-off-by: Bodong Wang Acked-by: Tim Gardner Acked-by: Bartlomiej Zolnierkiewicz --- net/netfilter/nf_flow_table_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index d35f3f8d9841..d8f0f924b574 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -342,6 +342,8 @@ EXPORT_SYMBOL_GPL(flow_offload_refresh); static bool nf_flow_is_outdated(const struct flow_offload *flow) { return test_bit(IPS_SEEN_REPLY_BIT, &flow->ct->status) && + test_bit(IPS_HW_OFFLOAD_BIT, &flow->ct->status) && + !test_bit(NF_FLOW_HW_PENDING, &flow->flags) && !test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags); }