From patchwork Fri Oct 28 13:57:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696135 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=rUKS4MEn; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJp2j5Sz23kY for ; Sat, 29 Oct 2022 00:58:18 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPs8-0000dF-KY; Fri, 28 Oct 2022 13:58:08 +0000 Received: from mail-bn7nam10on2056.outbound.protection.outlook.com ([40.107.92.56] helo=NAM10-BN7-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrd-00007U-5w for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:37 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IcqcCi34YKraItN9mYBdJSLhgNkN3wKvPsyjkiKvlucLWqp9n39aRk59KOPCgpKM+lVKmJWqFMe02le9EyFgfT5TR3NLgC5TErWRd7ejG9EieQl/mkDUW+LMGbjAQ48McGAd822aGuCYotjGjt+8F+ZZTgHB/FpRDoMU9+iBq5H1TV2VuE+aqPXzLQ3Fl5fMEHyJk6le/HAdPEycyruscLJH5AW/QEjTQ14bQARUV7j1UX/XUFR2KX5JG3t/YeyjiWqSm25DWnYyWLiMNGhd6bYATsV9aCmHCuQHiM5dyEFl9obHUBVMz+phHYPtLSXN77I+2O1sWEEup8cw7hMCiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2zV+hIt2r33bV1o7g3aylko4YascYaNPBzf10i6xBqU=; b=R2d5Bh61bLjQ0Gc15sLxo4W7eYrn1/BbZelltWI2NrKq0a9iVGyBOdc6QXqEjyI/JSMww1BUIVAqw7WDGxCJPmF18RRnFU2xTXnmp9L+CERZhHpPLhR+tQcj4KNsmAFEq0vu5uZEm63C7sTUO3gkwp3/tkgEpmeDqimObKrHaYWLdW/6i9IymwJLLi3gmChDtirzqEPvK/QEkaXt0M0v3H2bD0FVm6JTpWGVOOLgcqbe2bkowEIsJukEOxLitB4r80X67jqR/Lxba4KZkSN4lz9Qh+9LMah9YKkTeTZwz6Dlcph2QkfAZ21Fj0OZ92DUDUzpiDgB+7Oy7wxQVeZg5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2zV+hIt2r33bV1o7g3aylko4YascYaNPBzf10i6xBqU=; b=rUKS4MEnVbFtUUEJVngpidLzjkyugef7QKf1KodR371AhquSpvlujQD5uiuQoW9QIesKs1CTEvMeANSi7BsnFukFMlQBUbY9Gw82DVqBneTjk0v12dRRVfIGNWFMSi4OPT9aOCFQxgnt4QI6KX85nuNijswxrCmx82dUb60MfujDe//+ickYzo28dg+uUphAxSFlwceVKSfh6ukbGrvce+IEcxPQPC1jOOLWle2gC65uqUePGg+mfr6HcKL7AQCaYv9Ji/MUBP+XiOLOh1DloeROL/sstVv+igilUGulneJeawrPVw3bfH6avyqUV6WlBIBZw+rp74/ujTYTT2O0kA== Received: from MW4P223CA0010.NAMP223.PROD.OUTLOOK.COM (2603:10b6:303:80::15) by IA1PR12MB6212.namprd12.prod.outlook.com (2603:10b6:208:3e4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:34 +0000 Received: from CO1NAM11FT096.eop-nam11.prod.protection.outlook.com (2603:10b6:303:80:cafe::12) by MW4P223CA0010.outlook.office365.com (2603:10b6:303:80::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend Transport; Fri, 28 Oct 2022 13:57:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CO1NAM11FT096.mail.protection.outlook.com (10.13.175.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.16 via Frontend Transport; Fri, 28 Oct 2022 13:57:33 +0000 Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:25 -0700 Received: from rnnvmail203.nvidia.com (10.129.68.9) by rnnvmail202.nvidia.com (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:25 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:24 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXY024340; Fri, 28 Oct 2022 16:57:22 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 01/10] net: Fix return value of qdisc ingress handling on success Date: Fri, 28 Oct 2022 08:57:11 -0500 Message-ID: <1666965440-94070-2-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1NAM11FT096:EE_|IA1PR12MB6212:EE_ X-MS-Office365-Filtering-Correlation-Id: ab9926ba-295f-4d6c-db8d-08dab8ec5d20 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +xaHOIEF+C4bKZAKpZM3iP6Ao45STzesChcGOpM/4Q/6MVN7YGVs1ZCOguzfIz2EgoIoz5xykL8Oyoth80TgfxcHqo52MauX2LUdJJjGMg9eDRkdAQPhJAIuX5+IpbqfqtCz4cNKrIhDv+8MaK98xdLj9ZuZD/N5Ko8jsLfGw07tI1pQmDJqY82nWdoBAlpn2Tfv2G9mLeAn/ngrwYbElOQ1GwrMs6KcWdCGEx0ajBJtvQZOYEa6oDjZMy4nPwA9Mn+HNb8IG562iZhmlykKf56GEYjuNODp7/DW5GoBFuUR62u1nU0v2uiYfC4Xfzjd70I0roR0TzmQ7UUpb82Po3YLAwgnQWPJYzbTgyCarMAImVA6WCYmxME99WcUPIZP83hySjn1fxy647W8ML8M3RBfrkx/axO/dK2LOt381Jspb2OBygbbZeVbfKYbOPXfmPSwWy1ETB8g450WRnhtTJR/Ptp76DHAAfAvOpzQNmJ9GvIdNgnW1F9MjkZ+u06GpehSQ+sLzGQ3d9vszJp9MVSi2XMuSrcofpUKNfCXhY5k4cIlLgwFoSXk0uiGKSYkLhAnKdzLG9kiAW3VaOCJydNH1GXL/DoOBxw3UGtViu/mA3k/8x2rZ6nZ7KpdbECtGgrVKC9Lvrcq/MY4HU8t+TSwpbWWIttUoIyAhSDhsRFT1qQFbPOeHHUKRQR7OrsoWNzcvT28APuaXjFvTwhvIpOoff0M6F6l9+vVxFIjBV/b+TLQL6KmT6zYFmrx/jt8mRttwp2iJijseJifaKkPu95TPS6SOQqq2QwQu4Ajf10SKtsbtwjovawB+2sw9H8+2Vv6dajiMkNVKa8wP1eVRh2lc7F785rrAb7o1nyJ2CY= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(346002)(39860400002)(396003)(136003)(376002)(451199015)(46966006)(40470700004)(36840700001)(83380400001)(2906002)(47076005)(40460700003)(316002)(26005)(6916009)(54906003)(6666004)(107886003)(966005)(40480700001)(336012)(356005)(186003)(4326008)(8676002)(7636003)(36756003)(70586007)(70206006)(2616005)(478600001)(86362001)(36860700001)(8936002)(5660300002)(82740400003)(41300700001)(82310400005); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:33.9011 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ab9926ba-295f-4d6c-db8d-08dab8ec5d20 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT096.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6212 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Paul Blakey BugLink: https://bugs.launchpad.net/bugs/1995004 Currently qdisc ingress handling (sch_handle_ingress()) doesn't set a return value and it is left to the old return value of the caller (__netif_receive_skb_core()) which is RX drop, so if the packet is consumed, caller will stop and return this value as if the packet was dropped. This causes a problem in the kernel tcp stack when having a egress tc rule forwarding to a ingress tc rule. The tcp stack sending packets on the device having the egress rule will see the packets as not successfully transmitted (although they actually were), will not advance it's internal state of sent data, and packets returning on such tcp stream will be dropped by the tcp stack with reason ack-of-unsent-data. See reproduction in [0] below. Fix that by setting the return value to RX success if the packet was handled successfully. [0] Reproduction steps: $ ip link add veth1 type veth peer name peer1 $ ip link add veth2 type veth peer name peer2 $ ifconfig peer1 5.5.5.6/24 up $ ip netns add ns0 $ ip link set dev peer2 netns ns0 $ ip netns exec ns0 ifconfig peer2 5.5.5.5/24 up $ ifconfig veth2 0 up $ ifconfig veth1 0 up #ingress forwarding veth1 <-> veth2 $ tc qdisc add dev veth2 ingress $ tc qdisc add dev veth1 ingress $ tc filter add dev veth2 ingress prio 1 proto all flower \ action mirred egress redirect dev veth1 $ tc filter add dev veth1 ingress prio 1 proto all flower \ action mirred egress redirect dev veth2 #steal packet from peer1 egress to veth2 ingress, bypassing the veth pipe $ tc qdisc add dev peer1 clsact $ tc filter add dev peer1 egress prio 20 proto ip flower \ action mirred ingress redirect dev veth1 #run iperf and see connection not running $ iperf3 -s& $ ip netns exec ns0 iperf3 -c 5.5.5.6 -i 1 #delete egress rule, and run again, now should work $ tc filter del dev peer1 egress $ ip netns exec ns0 iperf3 -c 5.5.5.6 -i 1 Fixes: f697c3e8b35c ("[NET]: Avoid unnecessary cloning for ingress filtering") Change-Id: Id58956f315aef88399aa8ecd7ab29f545cb9465e Signed-off-by: Paul Blakey Signed-off-by: David S. Miller (Backported from upstream 672e97ef689a38cb20c2cc6a1814298fea34461e) Signed-off-by: Bodong Wang --- net/core/dev.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index d88558b..3cb38d0 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -4617,11 +4617,13 @@ static __latent_entropy void net_tx_action(struct softirq_action *h) case TC_ACT_SHOT: mini_qdisc_qstats_cpu_drop(miniq); kfree_skb(skb); + *ret = NET_RX_DROP; return NULL; case TC_ACT_STOLEN: case TC_ACT_QUEUED: case TC_ACT_TRAP: consume_skb(skb); + *ret = NET_RX_SUCCESS; return NULL; case TC_ACT_REDIRECT: /* skb_mac_header check was done by cls/act_bpf, so @@ -4630,8 +4632,10 @@ static __latent_entropy void net_tx_action(struct softirq_action *h) */ __skb_push(skb, skb->mac_len); skb_do_redirect(skb); + *ret = NET_RX_SUCCESS; return NULL; case TC_ACT_CONSUMED: + *ret = NET_RX_SUCCESS; return NULL; default: break; From patchwork Fri Oct 28 13:57:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696127 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=jymXytZw; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJ85H8Yz23lB for ; Sat, 29 Oct 2022 00:57:44 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPre-000082-2y; Fri, 28 Oct 2022 13:57:38 +0000 Received: from mail-dm3nam02on2049.outbound.protection.outlook.com ([40.107.95.49] helo=NAM02-DM3-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPra-00006s-QZ for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RtwSgr1ysdnBniA5WhJkbEjzX7vJklW5CZHXxOUzfe626FMldRt9//2NjKUAqlZeO4gG2bjiYQedarbJNy1ME75HMBPsIWpQwQ9PXGpOhGF35P6qJj6PsWzaVpXTZSf3qa1eiJPSXiK5rHWwZ/sc4GHHAJfq3Kgd9LR0L9jsAD+AOXhL8k7LWotmCDED1iu7Cls1dPXeMfBYBkQnUAm8ej4yBDCrx+r4Odt12gGTmXE5UvQVtMLbtgoWGjebtJ2xZP+G4L8isP30fDj/dY6FplDSRJvUIy5zSA3e5aGBTl9p0bphCDc/GoFKXTDz5gWoTzN7u+XFl15AM96sPXURYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TXX8nK5zrWIOoRPafoGFKBfvuuxzFpeELgmdca5A/bI=; b=Q5hygRjxRCiSgVe32zRsCZGRzghB2D3MJ9cRms0seSDV7ngjSm0SpFAlcG4MrgtiFt8Lo+DDDkbZ/maoS9Teo8aSoSI0sH2PqWN0oH9wH3UzHkvwooHNMHDqpaAAWGmZ2ggNmi+wLIPzFb4/OB2y1GaazogquR0V6Mg2qAxwSqb9VyMya6BxXI9PNcfjkw2AkZ6NzqB846IQYT4CnmEeg2S8RFtQWNcO9YHZyz5ZBgFS2I2bv1OUz7mcp0ID/CldePVIPQuZ4eEaAu3UVHNEf6lN8m2G7q1CXJYV5MrSBskjN5NwwezjxhysiQqs2dMK9WW6AxsrHB1sNzYp5FQV2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TXX8nK5zrWIOoRPafoGFKBfvuuxzFpeELgmdca5A/bI=; b=jymXytZw1U58XWiZkUKA6zNfhDu8f9RAGn2LKMzbSyd+byW4mazzgwlGRp8rM/ZtinAyKoC9UAWYnHjb3g+QzP+nr7/1aTsLl4c0lTX00JaxO91y7mvwccA77tjMrfDD/Yyc1JIea3a+j2hbrFJ7hiriDMyyOVyejHOEuaFhoQYYAWYcX40mm0dx57XGyaBxdx6PJTm+T6L0rT5Ve2F5ScfNrEkMD7NsCxa8wWS4alrKWTiiHtT1XRZaMFQkNvWsALRN7oVK/Qb9OrOqI2tZiMqArQ9n/h7jD4Ti9NX8eycQV4E8K7SXeoF6Y07nKMlPtHV7YBGwpjudPJJ76jLJzg== Received: from DS7PR03CA0107.namprd03.prod.outlook.com (2603:10b6:5:3b7::22) by CH0PR12MB5203.namprd12.prod.outlook.com (2603:10b6:610:ba::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.23; Fri, 28 Oct 2022 13:57:32 +0000 Received: from DM6NAM11FT037.eop-nam11.prod.protection.outlook.com (2603:10b6:5:3b7:cafe::52) by DS7PR03CA0107.outlook.office365.com (2603:10b6:5:3b7::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by DM6NAM11FT037.mail.protection.outlook.com (10.13.172.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:31 +0000 Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:27 -0700 Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail202.nvidia.com (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:26 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:26 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXZ024340; Fri, 28 Oct 2022 16:57:23 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 02/10] netfilter: conntrack: annotate data-races around ct->timeout Date: Fri, 28 Oct 2022 08:57:12 -0500 Message-ID: <1666965440-94070-3-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT037:EE_|CH0PR12MB5203:EE_ X-MS-Office365-Filtering-Correlation-Id: 704a395b-61c7-4b7f-1211-08dab8ec5bed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZCugx47z7NlqeHX8lt1HudJDqh7ictxBzNz0iR3C09+LzB2z5CUm783ItATYJTMck6/Wk9ewzyR+i1Wk72GHRLxmdqY2StbMEKvl1K6ZWvrWFOdnQZTm7bN+v2Yb3ubag5wYMuV5KYinXuqAgsFI4QyFgpC4H4H2XVNGtFx+Wcv9YfnWZIkd0IsOr1TfEYoobg1zcJqs4xoPSN9uePqWC+KRPsWQHjls5AjhzPfj0vqu/eV/4Sf+XA9NPEg9orzwhHp4c4FSQUbT5hAkJHxc8dmzgoNYBq1yNK7Dc7vpSlMfq4EdkmsUxdI1AYwiH4ZFJ1Q3UccoRVvsdfd3NP4yULI9wdL7QX3SELEcLGOshc5iVOzJn3dtGCBW0I8rmrYIgz/7lFhUJc4lVdmPlE8CohEVuizDTiocl57OqDEiRH0iqmpwznFqzPnJId/NxoCwkovo8NUc6D5TWoN76hTzqUg3+9du7NuBxmT+zHdSZ+YYsVeAdM3Tkl1ue8TpDOW0z6/kI8xRKKXSDn9p55jMJw0YV16pfPpHpXwJmmmmsZSGDDQENl/3qqUkhCjHl6CImKoe/ZcR8ChmrWqb7p5hxYfhuHptO2fidNOizJh8rlkESfD8+xxU3QKR9i5ag6OpXHwLOeN9zphWfieQBRvBjACvdVmJ54i/r/ruOgYLa4Tfs8cQwMkz7+AVbr21PfPwLspQ3NZmGVGEuy78UY9cRzp3VK5lo/MavCZM+bG3qf1aUjJBQiU6rAG5gAWIxXrlqRIZUIJDi0jqIwWlKdQnRm/5LOXPDJIJAW3rTphadTRcSjJqSbA7HiKoWpbG5C/2pMi5VGRE+zr6P/IndEDg0u+GRonXz39A+4GPVmbjUIM= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(346002)(396003)(136003)(39860400002)(376002)(451199015)(36840700001)(40470700004)(46966006)(36756003)(36860700001)(40460700003)(2616005)(336012)(83380400001)(2906002)(356005)(6666004)(47076005)(7636003)(4326008)(186003)(70586007)(107886003)(70206006)(26005)(6916009)(86362001)(316002)(478600001)(82740400003)(82310400005)(8936002)(5660300002)(8676002)(41300700001)(966005)(54906003)(40480700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:31.8840 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 704a395b-61c7-4b7f-1211-08dab8ec5bed X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT037.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5203 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Eric Dumazet BugLink: https://bugs.launchpad.net/bugs/1995004 (struct nf_conn)->timeout can be read/written locklessly, add READ_ONCE()/WRITE_ONCE() to prevent load/store tearing. BUG: KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get write to 0xffff888132e78c08 of 4 bytes by task 6029 on cpu 0: __nf_conntrack_alloc+0x158/0x280 net/netfilter/nf_conntrack_core.c:1563 init_conntrack+0x1da/0xb30 net/netfilter/nf_conntrack_core.c:1635 resolve_normal_ct+0x502/0x610 net/netfilter/nf_conntrack_core.c:1746 nf_conntrack_in+0x1c5/0x88f net/netfilter/nf_conntrack_core.c:1901 ipv6_conntrack_local+0x19/0x20 net/netfilter/nf_conntrack_proto.c:414 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0x72/0x170 net/netfilter/core.c:619 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip6_xmit+0xa3a/0xa60 net/ipv6/ip6_output.c:324 inet6_csk_xmit+0x1a2/0x1e0 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x132a/0x1840 net/ipv4/tcp_output.c:1402 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] tcp_write_xmit+0x1450/0x4460 net/ipv4/tcp_output.c:2680 __tcp_push_pending_frames+0x68/0x1c0 net/ipv4/tcp_output.c:2864 tcp_push_pending_frames include/net/tcp.h:1897 [inline] tcp_data_snd_check+0x62/0x2e0 net/ipv4/tcp_input.c:5452 tcp_rcv_established+0x880/0x10e0 net/ipv4/tcp_input.c:5947 tcp_v6_do_rcv+0x36e/0xa50 net/ipv6/tcp_ipv6.c:1521 sk_backlog_rcv include/net/sock.h:1030 [inline] __release_sock+0xf2/0x270 net/core/sock.c:2768 release_sock+0x40/0x110 net/core/sock.c:3300 sk_stream_wait_memory+0x435/0x700 net/core/stream.c:145 tcp_sendmsg_locked+0xb85/0x25a0 net/ipv4/tcp.c:1402 tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1440 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:644 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] __sys_sendto+0x21e/0x2c0 net/socket.c:2036 __do_sys_sendto net/socket.c:2048 [inline] __se_sys_sendto net/socket.c:2044 [inline] __x64_sys_sendto+0x74/0x90 net/socket.c:2044 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff888132e78c08 of 4 bytes by task 17446 on cpu 1: nf_ct_is_expired include/net/netfilter/nf_conntrack.h:286 [inline] ____nf_conntrack_find net/netfilter/nf_conntrack_core.c:776 [inline] __nf_conntrack_find_get+0x1c7/0xac0 net/netfilter/nf_conntrack_core.c:807 resolve_normal_ct+0x273/0x610 net/netfilter/nf_conntrack_core.c:1734 nf_conntrack_in+0x1c5/0x88f net/netfilter/nf_conntrack_core.c:1901 ipv6_conntrack_local+0x19/0x20 net/netfilter/nf_conntrack_proto.c:414 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0x72/0x170 net/netfilter/core.c:619 nf_hook include/linux/netfilter.h:262 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ip6_xmit+0xa3a/0xa60 net/ipv6/ip6_output.c:324 inet6_csk_xmit+0x1a2/0x1e0 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x132a/0x1840 net/ipv4/tcp_output.c:1402 __tcp_send_ack+0x1fd/0x300 net/ipv4/tcp_output.c:3956 tcp_send_ack+0x23/0x30 net/ipv4/tcp_output.c:3962 __tcp_ack_snd_check+0x2d8/0x510 net/ipv4/tcp_input.c:5478 tcp_ack_snd_check net/ipv4/tcp_input.c:5523 [inline] tcp_rcv_established+0x8c2/0x10e0 net/ipv4/tcp_input.c:5948 tcp_v6_do_rcv+0x36e/0xa50 net/ipv6/tcp_ipv6.c:1521 sk_backlog_rcv include/net/sock.h:1030 [inline] __release_sock+0xf2/0x270 net/core/sock.c:2768 release_sock+0x40/0x110 net/core/sock.c:3300 tcp_sendpage+0x94/0xb0 net/ipv4/tcp.c:1114 inet_sendpage+0x7f/0xc0 net/ipv4/af_inet.c:833 rds_tcp_xmit+0x376/0x5f0 net/rds/tcp_send.c:118 rds_send_xmit+0xbed/0x1500 net/rds/send.c:367 rds_send_worker+0x43/0x200 net/rds/threads.c:200 process_one_work+0x3fc/0x980 kernel/workqueue.c:2298 worker_thread+0x616/0xa70 kernel/workqueue.c:2445 kthread+0x2c7/0x2e0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 value changed: 0x00027cc2 -> 0x00000000 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 17446 Comm: kworker/u4:5 Tainted: G W 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: krdsd rds_send_worker Note: I chose an arbitrary commit for the Fixes: tag, because I do not think we need to backport this fix to very old kernels. Fixes: e37542ba111f ("netfilter: conntrack: avoid possible false sharing") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream 802a7dc5cf1bef06f7b290ce76d478138408d6b1) Signed-off-by: Bodong Wang --- include/net/netfilter/nf_conntrack.h | 6 +++--- net/netfilter/nf_conntrack_core.c | 6 +++--- net/netfilter/nf_conntrack_netlink.c | 2 +- net/netfilter/nf_flow_table_core.c | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 4f51b62..02c7d57 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -262,14 +262,14 @@ static inline bool nf_is_loopback_packet(const struct sk_buff *skb) /* jiffies until ct expires, 0 if already expired */ static inline unsigned long nf_ct_expires(const struct nf_conn *ct) { - s32 timeout = ct->timeout - nfct_time_stamp; + s32 timeout = READ_ONCE(ct->timeout) - nfct_time_stamp; return timeout > 0 ? timeout : 0; } static inline bool nf_ct_is_expired(const struct nf_conn *ct) { - return (__s32)(ct->timeout - nfct_time_stamp) <= 0; + return (__s32)(READ_ONCE(ct->timeout) - nfct_time_stamp) <= 0; } /* use after obtaining a reference count */ @@ -288,7 +288,7 @@ static inline bool nf_ct_should_gc(const struct nf_conn *ct) static inline void nf_ct_offload_timeout(struct nf_conn *ct) { if (nf_ct_expires(ct) < NF_CT_DAY / 2) - ct->timeout = nfct_time_stamp + NF_CT_DAY; + WRITE_ONCE(ct->timeout, nfct_time_stamp + NF_CT_DAY); } struct kernel_param; diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 376b047..6909c50 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -657,7 +657,7 @@ bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report) tstamp = nf_conn_tstamp_find(ct); if (tstamp) { - s32 timeout = ct->timeout - nfct_time_stamp; + s32 timeout = READ_ONCE(ct->timeout) - nfct_time_stamp; tstamp->stop = ktime_get_real_ns(); if (timeout < 0) @@ -979,7 +979,7 @@ static int nf_ct_resolve_clash_harder(struct sk_buff *skb, u32 repl_idx) } /* We want the clashing entry to go away real soon: 1 second timeout. */ - loser_ct->timeout = nfct_time_stamp + HZ; + WRITE_ONCE(loser_ct->timeout, nfct_time_stamp + HZ); /* IPS_NAT_CLASH removes the entry automatically on the first * reply. Also prevents UDP tracker from moving the entry to @@ -1484,7 +1484,7 @@ static void conntrack_gc_work_init(struct conntrack_gc_work *gc_work) /* save hash for reusing when confirming */ *(unsigned long *)(&ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev) = hash; ct->status = 0; - ct->timeout = 0; + WRITE_ONCE(ct->timeout, 0); write_pnet(&ct->ct_net, net); memset(&ct->__nfct_init_offset, 0, offsetof(struct nf_conn, proto) - diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index bc6f0c8..0a9dff3 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1694,7 +1694,7 @@ static int ctnetlink_change_timeout(struct nf_conn *ct, if (timeout > INT_MAX) timeout = INT_MAX; - ct->timeout = nfct_time_stamp + (u32)timeout; + WRITE_ONCE(ct->timeout, nfct_time_stamp + (u32)timeout); if (test_bit(IPS_DYING_BIT, &ct->status)) return -ETIME; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 3270bc3..c7d4416 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -160,8 +160,8 @@ static void flow_offload_fixup_ct(struct nf_conn *ct) if (timeout < 0) timeout = 0; - if (nf_flow_timeout_delta(ct->timeout) > (__s32)timeout) - ct->timeout = nfct_time_stamp + timeout; + if (nf_flow_timeout_delta(READ_ONCE(ct->timeout)) > (__s32)timeout) + WRITE_ONCE(ct->timeout, nfct_time_stamp + timeout); } static void flow_offload_route_release(struct flow_offload *flow) From patchwork Fri Oct 28 13:57:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696134 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=Vo+5HKoS; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJl2BkKz23kY for ; Sat, 29 Oct 2022 00:58:15 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPs3-0000Ym-RO; Fri, 28 Oct 2022 13:58:03 +0000 Received: from mail-dm6nam10on2075.outbound.protection.outlook.com ([40.107.93.75] helo=NAM10-DM6-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrc-000077-2F for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ET62ZmFpjGiY57fYXiGwmJ8+q+niW6+8FMYOtwQTQ5ompmgIMVnaPAs+9LKQISbF2rdrQX5uTOSfiWzatx7WyxO1nLAxjFzmzEMb6K6qZKTTOWOVs+7qy4e7af3WqjpOC5Hp3G1AnrrplB4CYn3Rg7TRSc81ytc8PAjyBoGs3/AJMv1T8wv/RX2ZfreWK/NKged4yrC1Flb474DBHxUiti3UmvOJBm4xB8zFggHl3eFxq965Tp/nT8vFYs7o/0uKZSHax1EfJo9QU3OK+rLFDK03WF1Q9vulAHo+4tRr7MvLP0ssHZF86X1md5xN8M70dfFt18mwH1Vh7FwxBsZIAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qtfx6mmv8t3gEiwfAkoyWX46YKm3XDhjoplqzT5d78o=; b=mA26t+494jhIN8GL850Nl7pHiwKo2I3PqRqyJgq5xN7afYLJWjStbYP3TWnF0jWmhT6XYLVJk3cs2iWjV1FgXwpRAzX0tJ9RPIu6jhLdxYVDgH2yg7LdVA5TtTfd6ODYe9+O05pBnJhI8FWFym78NWx2XwPTG47wouZqejiFtyy0v7dcESMMVvqIFEvANRJmds8wIKRjeuno63rUWRSNLedSiBrjclXO4cm3aDGc4XZKHsX8WyiajmIRVBz+D/mfQGSFBo+/TjisVIZRW+YBIgYQw0nD0MX/kTki9oPzDP+MdNWzPxUFqW233HAtdshn+5SxyKjDJGvNyNnJIvd+gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qtfx6mmv8t3gEiwfAkoyWX46YKm3XDhjoplqzT5d78o=; b=Vo+5HKoSbVUJIkM/ZAemAklrVFd0IFA2uL+vsqYHZAkZgc1boxtJOEO1VSb3lHMro6ZwWrxNOI9a6/QGjQ3OQFdacVVJwiW/xUBNAYYSbOfTyemk0IjcH6MYIMQ48pgwcQ8sKYKhD70bPP+/1RXMjRRTJyguFpPEsV9U6UXjbahWSIclMzNyUUyLX9fZkS0unyoUH0izDtlBtt+PdVX4/Ij0sjoRRm/uMw5Ys390McrDx2T0Xqm3GAFDyQH14+gkmIBSonwZQyyVYBTUEI8ZRfxUtIXIxlHae6eDX87ZZmKAX30pp7bzjWccY5j7u28ICujze0G1iPTiqMJHyZNT7g== Received: from DM6PR01CA0029.prod.exchangelabs.com (2603:10b6:5:296::34) by DS7PR12MB5838.namprd12.prod.outlook.com (2603:10b6:8:79::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:33 +0000 Received: from DM6NAM11FT077.eop-nam11.prod.protection.outlook.com (2603:10b6:5:296:cafe::66) by DM6PR01CA0029.outlook.office365.com (2603:10b6:5:296::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by DM6NAM11FT077.mail.protection.outlook.com (10.13.173.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:33 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:28 -0700 Received: from drhqmail201.nvidia.com (10.126.190.180) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:27 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:27 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXa024340; Fri, 28 Oct 2022 16:57:24 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 03/10] netfilter: conntrack: remove unneeded nf_ct_put Date: Fri, 28 Oct 2022 08:57:13 -0500 Message-ID: <1666965440-94070-4-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT077:EE_|DS7PR12MB5838:EE_ X-MS-Office365-Filtering-Correlation-Id: b2ffaf07-45b9-418b-3955-08dab8ec5c98 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K7YtGUrrfGFdBP8YXfJrKRzjuYLmipjzwoLbHFgYyOPWI9GJsQafFK1moaZQ5FnKGE5R3lemsFHeq/9MK2Ysflz11s+NVAJ3plmd1lPFAQU3ZfLjCN1bf9pwh1RDjv30pb7VrmumtTHZ+cw+vNKHRDosozagm3m4MV8g3nmJ5wIAD3EWn7W3dJn34hJndATw+YW6Ie/ZY2MMTMtXvskNI2W5LKtE8pe2UZXJiB8w/58caHmjtXGtZLqNFhcHUgg3chmRKEboFxIjHHkn2TDg5xMXJMwNfDRwrZRAkcB5T7DACfKdr7OXOmcp6qdI/uiLLtiGaSTJdFxe8PYfTdhKYdgQpW/khEFW8STGnYUFK0heIuli2vEnJ7vT2rYXu6beQPDPLrc6+Gef6fwk210dnpKSvsLtERfrbYaumnxMrT+TgekKhGJRHe8z3dcOkXjqErJcTAxlluSt3/Mm1Hja6Y8WZkokXfeWxQIhcJj8D8cPFd6G22oqR1EL4bEZc6cKCpk+1VSCYYX1MmLC0jfZOwi7QqhT78saUdWw81pttXThnyDiHGUneEszGbEhycK7ojnXn7KU807bcLpktC/ws2BFfiSSTUf0weq/vvzgrnI9dx/J/y1gsdAkBZlpqDDVZ+qOcmi/dSTpgRq9HYw8NcefDR8SqnmReE+udEpfpEtRBdFBXyyDdTKTHo450Sp4c4nuhCQMrzb0km4fBw158PH3ShAcEvmCktBhAMnAP/74zHmlKXA077X+AWoh5yXiXQnovaJq/5g79OqIh8n0RGg5dEAGhA6N+C2YbbqXV/U4g2HGZhW7Fvo64WPctQ629qezB9SrxMhBuFmXhKcZQS0SCUnl90HRte1JzVwyqCo= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(396003)(136003)(39860400002)(346002)(451199015)(36840700001)(40470700004)(46966006)(356005)(70206006)(70586007)(4326008)(7636003)(8676002)(5660300002)(2616005)(336012)(83380400001)(36756003)(41300700001)(186003)(40480700001)(8936002)(2906002)(47076005)(26005)(86362001)(82310400005)(36860700001)(966005)(40460700003)(478600001)(6916009)(54906003)(82740400003)(316002)(107886003)(6666004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:33.0212 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b2ffaf07-45b9-418b-3955-08dab8ec5c98 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT077.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5838 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Florian Westphal BugLink: https://bugs.launchpad.net/bugs/1995004 We can delay refcount increment until we reassign the existing entry to the current skb. A 0 refcount can't happen while the nf_conn object is still in the hash table and parallel mutations are impossible because we hold the bucket lock. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream ff73e7479b8eea594a985ca29f4b45d604dbcb2c) Signed-off-by: Bodong Wang --- net/netfilter/nf_conntrack_core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 6909c50..f8213dc 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -909,6 +909,7 @@ static void __nf_conntrack_insert_prepare(struct nf_conn *ct) tstamp->start = ktime_get_real_ns(); } +/* caller must hold locks to prevent concurrent changes */ static int __nf_ct_resolve_clash(struct sk_buff *skb, struct nf_conntrack_tuple_hash *h) { @@ -922,13 +923,12 @@ static int __nf_ct_resolve_clash(struct sk_buff *skb, if (nf_ct_is_dying(ct)) return NF_DROP; - if (!atomic_inc_not_zero(&ct->ct_general.use)) - return NF_DROP; - if (((ct->status & IPS_NAT_DONE_MASK) == 0) || nf_ct_match(ct, loser_ct)) { struct net *net = nf_ct_net(ct); + nf_conntrack_get(&ct->ct_general); + nf_ct_acct_merge(ct, ctinfo, loser_ct); nf_ct_add_to_dying_list(loser_ct); nf_conntrack_put(&loser_ct->ct_general); @@ -938,7 +938,6 @@ static int __nf_ct_resolve_clash(struct sk_buff *skb, return NF_ACCEPT; } - nf_ct_put(ct); return NF_DROP; } From patchwork Fri Oct 28 13:57:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696128 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=AKK+ZfNq; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJD3l94z23kY for ; Sat, 29 Oct 2022 00:57:48 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPrg-00009Q-Cr; Fri, 28 Oct 2022 13:57:40 +0000 Received: from mail-bn8nam12on2050.outbound.protection.outlook.com ([40.107.237.50] helo=NAM12-BN8-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPra-00006t-Vg for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eUfXO/lwuwjehcucELhI1miOY0f8UmDJTy3KBgL6OTvHgQqTe8nCTQCqMKHoDRLjEZHD89rLbW09kuRwDVWMUMLL3Whq0JaMJwhlj8C9k1Q1ngqNCwjuTDo9HDUHaTbZvGVaWUeVWF4p3Upee+PiplTBGGp/xDjrYfIelU8y7OfuZ/do+QR8isJBYkr2KpI4EierqhLTdr9PwLHXHS5C3MgtgaDjtJiBcNoRzh521qiLWy+1DxKv9ENvd61YdNppJiTlTQqEYIo2Zd6wBjmMWBU990EQlMpyTutT26HpoNwYslH2QDPQt/XFcDkQ4r9Qc17/xc66PXTXwLjeXV8tXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YmKs0c+HuEhtgpsem/gkQC+J8ImMhgU8T0UOZQBcUpc=; b=QrzCR7RcMoWhc5eLH/2xuvaARhqPIRI7X44wanpN8QkzRkTFI2qxV8eHi9nZ2kEFRsItKNZZ4qoJ+Td8wBTrKZgzwyAt7qzA2stUzpc01jCSYWi2VzDa+nrG4+lg5PeQb1O/f2//EedCavgO4k8Dm68Z/6PPxWz97Bsg6CI51DbuQSXuxn7G8dZCn+3ioFw/GVViHeABUJ5rkhluJCnHlaJBQbINhHaaxRhGLVVea22cGpGDFcpjeroc3DAHKU0O8oU/5AjgBjpAFVxl4Q3npYvOurg8TyXhWa6kCG/+u91yDye0WrvacdHaeFbnyTgPGm56B1cLQoQ9dZilM2BBig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.233) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YmKs0c+HuEhtgpsem/gkQC+J8ImMhgU8T0UOZQBcUpc=; b=AKK+ZfNq6v9KCM+WmdPbcof2zhJve0QiY7luRmxGFEN0Ykj3FwyhfxkVPXQpc0bTSZzrIm9Ksar+9Vu0+D0lMpeUVTJPLFtqIjmJwrHrH36TGj/j/S1lezJHjK3G40EW9ykHPIKN9VbXhOiyEnMnG3tM8zwwZ27P4r/hQyL31EZ7JQOgjjlpOhI4umaB6hmShJoe+vip+sSL27DOUxRq86QBqRERgujfwHCBc8AeHfjbd5zCRbM66MbqcfqQO0wGZbRpaxWdnLzVhnFQwYIyLazMI7yD1Rk9EzO6ysOzDNB2CoHU2axeMkAyVEadFuXO5JJ1UIk4ElJkUU6Tc5yksw== Received: from DM6PR17CA0010.namprd17.prod.outlook.com (2603:10b6:5:1b3::23) by DS7PR12MB6214.namprd12.prod.outlook.com (2603:10b6:8:96::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:31 +0000 Received: from DM6NAM11FT082.eop-nam11.prod.protection.outlook.com (2603:10b6:5:1b3:cafe::ca) by DM6PR17CA0010.outlook.office365.com (2603:10b6:5:1b3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.233 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.233) by DM6NAM11FT082.mail.protection.outlook.com (10.13.173.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:30 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:29 -0700 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:29 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:28 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXb024340; Fri, 28 Oct 2022 16:57:26 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 04/10] netfilter: conntrack: convert to refcount_t api Date: Fri, 28 Oct 2022 08:57:14 -0500 Message-ID: <1666965440-94070-5-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT082:EE_|DS7PR12MB6214:EE_ X-MS-Office365-Filtering-Correlation-Id: 21b2a083-6e7a-4a90-e57e-08dab8ec5afc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cGESMO/TayF+jK2iI0by+1eWpP/+cNHvdrpiOGpQhJVaYhUA6p/nWx7x0B5b/sRysDm+tLhV9R4soIn+e5qejwRISUvA0Dw4QIClSsI+6JsSzzw5Nhf2RV2yV2m680NZ7G+/uLlnta7+cE0bBYfW5ZAoW8m8MtbGUTes8uorL+PIlCO6VUBw7XNH7NdDW0rCu+vvtSAimRxsIOwsgICqJIingkMuLRo2QXtNb/VxtIX3dhe3qAMF1i3B6Sgsbd8EwE7WFvYOqG5qtPfEC0ll+p+zRoB15QMMs3NDXG4PU8BDcbgcJDd7g/QRD1YGnHswPqGUJWg6NcBXYU8EMK3cjC/00PXt45q/4UnT5pPR2UqRQr8csKuOqpMLPBVDEdKbGh5E2eq0GnR0xmO305qKtrAnG9BjkFE/c3mllRC8udquB8ZCRMTq+PNgB+pg8vOwsiVdeFXdu/wTM6tnLNmXibo0Bt7pcIqdg8vehhTe1VWg3ZOC6Yk+aktHLR55kXrFhPTV6/xErhUMr0YlGnC5pK8UhluAyw64+zt8hbHjBenG57UmSjmw24SMBRX5fL3wEgauNJgjaONokisQpJ07151O9SsnvaruHvIZGumtV2J1XJyZCTObvjW1IHVv/2I8FFTXtbjWrMfO6d9eouUIeshk/sO3dlx+H/aRVYdt1ru7SJJjXnGcHYMrwMd8NOUFRzWk8hDipLNBETwiK1lF5LbKL/ycvr6p9bTrDYJ6TDHQM8/4w+EFV4g4+OkGpAkeuGN9d8jxWrCIdSOlK9PRZyQttQQso+8UfUB65VvMMft6p0NOIORx1CKF97xvwYE9hfCLapedT/fQIVBp1Uf7t+COYfstrD0zbqiiTVx6FX4= X-Forefront-Antispam-Report: CIP:216.228.118.233; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge2.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(346002)(396003)(39860400002)(451199015)(40470700004)(46966006)(36840700001)(36756003)(40480700001)(82740400003)(356005)(36860700001)(30864003)(2906002)(5660300002)(83380400001)(47076005)(8936002)(86362001)(7636003)(40460700003)(336012)(2616005)(26005)(186003)(107886003)(6666004)(966005)(478600001)(316002)(54906003)(6916009)(41300700001)(70206006)(4326008)(8676002)(82310400005)(70586007); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:30.3256 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 21b2a083-6e7a-4a90-e57e-08dab8ec5afc X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.233]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT082.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6214 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Florian Westphal BugLink: https://bugs.launchpad.net/bugs/1995004 Convert nf_conn reference counting from atomic_t to refcount_t based api. refcount_t api provides more runtime sanity checks and will warn on certain constructs, e.g. refcount_inc() on a zero reference count, which usually indicates use-after-free. For this reason template allocation is changed to init the refcount to 1, the subsequenct add operations are removed. Likewise, init_conntrack() is changed to set the initial refcount to 1 instead refcount_inc(). This is safe because the new entry is not (yet) visible to other cpus. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream 719774377622bc4025d2a74f551b5dc2158c6c30) Signed-off-by: Bodong Wang --- include/linux/netfilter/nf_conntrack_common.h | 8 ++++---- net/netfilter/nf_conntrack_core.c | 26 +++++++++++++------------- net/netfilter/nf_conntrack_expect.c | 4 ++-- net/netfilter/nf_conntrack_netlink.c | 6 +++--- net/netfilter/nf_conntrack_standalone.c | 4 ++-- net/netfilter/nf_flow_table_core.c | 2 +- net/netfilter/nf_synproxy_core.c | 1 - net/netfilter/nft_ct.c | 4 +--- net/netfilter/xt_CT.c | 3 +-- net/openvswitch/conntrack.c | 1 - net/sched/act_ct.c | 1 - 11 files changed, 27 insertions(+), 33 deletions(-) diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 1db83c9..5230316 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -2,7 +2,7 @@ #ifndef _NF_CONNTRACK_COMMON_H #define _NF_CONNTRACK_COMMON_H -#include +#include #include struct ip_conntrack_stat { @@ -24,19 +24,19 @@ struct ip_conntrack_stat { #define NFCT_PTRMASK ~(NFCT_INFOMASK) struct nf_conntrack { - atomic_t use; + refcount_t use; }; void nf_conntrack_destroy(struct nf_conntrack *nfct); static inline void nf_conntrack_put(struct nf_conntrack *nfct) { - if (nfct && atomic_dec_and_test(&nfct->use)) + if (nfct && refcount_dec_and_test(&nfct->use)) nf_conntrack_destroy(nfct); } static inline void nf_conntrack_get(struct nf_conntrack *nfct) { if (nfct) - atomic_inc(&nfct->use); + refcount_inc(&nfct->use); } #endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index f8213dc..b993618 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -560,7 +560,7 @@ struct nf_conn *nf_ct_tmpl_alloc(struct net *net, tmpl->status = IPS_TEMPLATE; write_pnet(&tmpl->ct_net, net); nf_ct_zone_add(tmpl, zone); - atomic_set(&tmpl->ct_general.use, 0); + refcount_set(&tmpl->ct_general.use, 1); return tmpl; } @@ -594,7 +594,7 @@ static void destroy_gre_conntrack(struct nf_conn *ct) struct nf_conn *ct = (struct nf_conn *)nfct; pr_debug("destroy_conntrack(%p)\n", ct); - WARN_ON(atomic_read(&nfct->use) != 0); + WARN_ON(refcount_read(&nfct->use) != 0); if (unlikely(nf_ct_is_template(ct))) { nf_ct_tmpl_free(ct); @@ -713,7 +713,7 @@ bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report) /* caller must hold rcu readlock and none of the nf_conntrack_locks */ static void nf_ct_gc_expired(struct nf_conn *ct) { - if (!atomic_inc_not_zero(&ct->ct_general.use)) + if (!refcount_inc_not_zero(&ct->ct_general.use)) return; if (nf_ct_should_gc(ct)) @@ -781,7 +781,7 @@ static void nf_ct_gc_expired(struct nf_conn *ct) * in, try to obtain a reference and re-check tuple */ ct = nf_ct_tuplehash_to_ctrack(h); - if (likely(atomic_inc_not_zero(&ct->ct_general.use))) { + if (likely(refcount_inc_not_zero(&ct->ct_general.use))) { if (likely(nf_ct_key_equal(h, tuple, zone, net))) goto found; @@ -850,7 +850,7 @@ static void __nf_conntrack_hash_insert(struct nf_conn *ct, smp_wmb(); /* The caller holds a reference to this object */ - atomic_set(&ct->ct_general.use, 2); + refcount_set(&ct->ct_general.use, 2); __nf_conntrack_hash_insert(ct, hash, reply_hash); nf_conntrack_double_unlock(hash, reply_hash); NF_CT_STAT_INC(net, insert); @@ -900,7 +900,7 @@ static void __nf_conntrack_insert_prepare(struct nf_conn *ct) { struct nf_conn_tstamp *tstamp; - atomic_inc(&ct->ct_general.use); + refcount_inc(&ct->ct_general.use); ct->status |= IPS_CONFIRMED; /* set conntrack timestamp, if enabled. */ @@ -1277,7 +1277,7 @@ static unsigned int early_drop_list(struct net *net, nf_ct_is_dying(tmp)) continue; - if (!atomic_inc_not_zero(&tmp->ct_general.use)) + if (!refcount_inc_not_zero(&tmp->ct_general.use)) continue; /* kill only if still in same netns -- might have moved due to @@ -1393,7 +1393,7 @@ static void gc_worker(struct work_struct *work) continue; /* need to take reference to avoid possible races */ - if (!atomic_inc_not_zero(&tmp->ct_general.use)) + if (!refcount_inc_not_zero(&tmp->ct_general.use)) continue; if (gc_worker_skip_ct(tmp)) { @@ -1494,7 +1494,7 @@ static void conntrack_gc_work_init(struct conntrack_gc_work *gc_work) /* Because we use RCU lookups, we set ct_general.use to zero before * this is inserted in any list. */ - atomic_set(&ct->ct_general.use, 0); + refcount_set(&ct->ct_general.use, 0); return ct; out: atomic_dec(&net->ct.count); @@ -1518,7 +1518,7 @@ void nf_conntrack_free(struct nf_conn *ct) /* A freed object has refcnt == 0, that's * the golden rule for SLAB_TYPESAFE_BY_RCU */ - WARN_ON(atomic_read(&ct->ct_general.use) != 0); + WARN_ON(refcount_read(&ct->ct_general.use) != 0); nf_ct_ext_destroy(ct); nf_ct_ext_free(ct); @@ -1607,8 +1607,8 @@ void nf_conntrack_free(struct nf_conn *ct) if (!exp) __nf_ct_try_assign_helper(ct, tmpl, GFP_ATOMIC); - /* Now it is inserted into the unconfirmed list, bump refcount */ - nf_conntrack_get(&ct->ct_general); + /* Now it is inserted into the unconfirmed list, set refcount to 1. */ + refcount_set(&ct->ct_general.use, 1); nf_ct_add_to_unconfirmed_list(ct); local_bh_enable(); @@ -2201,7 +2201,7 @@ static bool nf_conntrack_get_tuple_skb(struct nf_conntrack_tuple *dst_tuple, return NULL; found: - atomic_inc(&ct->ct_general.use); + refcount_inc(&ct->ct_general.use); spin_unlock(lockp); local_bh_enable(); return ct; diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 42557d2..516a9f0 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -187,12 +187,12 @@ struct nf_conntrack_expect * * about to invoke ->destroy(), or nf_ct_delete() via timeout * or early_drop(). * - * The atomic_inc_not_zero() check tells: If that fails, we + * The refcount_inc_not_zero() check tells: If that fails, we * know that the ct is being destroyed. If it succeeds, we * can be sure the ct cannot disappear underneath. */ if (unlikely(nf_ct_is_dying(exp->master) || - !atomic_inc_not_zero(&exp->master->ct_general.use))) + !refcount_inc_not_zero(&exp->master->ct_general.use))) return NULL; if (exp->flags & NF_CT_EXPECT_PERMANENT) { diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 0a9dff3..d6339db 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -501,7 +501,7 @@ static int ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct) static int ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct) { - if (nla_put_be32(skb, CTA_USE, htonl(atomic_read(&ct->ct_general.use)))) + if (nla_put_be32(skb, CTA_USE, htonl(refcount_read(&ct->ct_general.use)))) goto nla_put_failure; return 0; @@ -940,7 +940,7 @@ static int ctnetlink_filter_match(struct nf_conn *ct, void *data) ct = nf_ct_tuplehash_to_ctrack(h); if (nf_ct_is_expired(ct)) { if (i < ARRAY_SIZE(nf_ct_evict) && - atomic_inc_not_zero(&ct->ct_general.use)) + refcount_inc_not_zero(&ct->ct_general.use)) nf_ct_evict[i++] = ct; continue; } @@ -1441,7 +1441,7 @@ static int ctnetlink_done_list(struct netlink_callback *cb) ct); rcu_read_unlock(); if (res < 0) { - if (!atomic_inc_not_zero(&ct->ct_general.use)) + if (!refcount_inc_not_zero(&ct->ct_general.use)) continue; cb->args[0] = cpu; cb->args[1] = (unsigned long)ct; diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 1e78ad8..0d2b3f8 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -300,7 +300,7 @@ static int ct_seq_show(struct seq_file *s, void *v) int ret = 0; WARN_ON(!ct); - if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) + if (unlikely(!refcount_inc_not_zero(&ct->ct_general.use))) return 0; if (nf_ct_should_gc(ct)) { @@ -367,7 +367,7 @@ static int ct_seq_show(struct seq_file *s, void *v) ct_show_zone(s, ct, NF_CT_DEFAULT_ZONE_DIR); ct_show_delta_time(s, ct); - seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)); + seq_printf(s, "use=%u\n", refcount_read(&ct->ct_general.use)); if (seq_has_overflowed(s)) goto release; diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index c7d4416..dd29f4f 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -48,7 +48,7 @@ struct flow_offload *flow_offload_alloc(struct nf_conn *ct) struct flow_offload *flow; if (unlikely(nf_ct_is_dying(ct) || - !atomic_inc_not_zero(&ct->ct_general.use))) + !refcount_inc_not_zero(&ct->ct_general.use))) return NULL; flow = kzalloc(sizeof(*flow), GFP_ATOMIC); diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c index c6c0d27..df94f72 100644 --- a/net/netfilter/nf_synproxy_core.c +++ b/net/netfilter/nf_synproxy_core.c @@ -349,7 +349,6 @@ static int __net_init synproxy_net_init(struct net *net) goto err2; __set_bit(IPS_CONFIRMED_BIT, &ct->status); - nf_conntrack_get(&ct->ct_general); snet->tmpl = ct; snet->stats = alloc_percpu(struct synproxy_stats); diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 2899173..38cb892 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -258,7 +258,7 @@ static void nft_ct_set_zone_eval(const struct nft_expr *expr, ct = this_cpu_read(nft_ct_pcpu_template); - if (likely(atomic_read(&ct->ct_general.use) == 1)) { + if (likely(refcount_read(&ct->ct_general.use) == 1)) { nf_ct_zone_add(ct, &zone); } else { /* previous skb got queued to userspace */ @@ -269,7 +269,6 @@ static void nft_ct_set_zone_eval(const struct nft_expr *expr, } } - atomic_inc(&ct->ct_general.use); nf_ct_set(skb, ct, IP_CT_NEW); } #endif @@ -374,7 +373,6 @@ static bool nft_ct_tmpl_alloc_pcpu(void) return false; } - atomic_set(&tmp->ct_general.use, 1); per_cpu(nft_ct_pcpu_template, cpu) = tmp; } diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index d4deee39..ffff1e1 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -24,7 +24,7 @@ static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct) return XT_CONTINUE; if (ct) { - atomic_inc(&ct->ct_general.use); + refcount_inc(&ct->ct_general.use); nf_ct_set(skb, ct, IP_CT_NEW); } else { nf_ct_set(skb, ct, IP_CT_UNTRACKED); @@ -202,7 +202,6 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par, goto err4; } __set_bit(IPS_CONFIRMED_BIT, &ct->status); - nf_conntrack_get(&ct->ct_general); out: info->ct = ct; return 0; diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 62ab962..6e30440 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -1723,7 +1723,6 @@ int ovs_ct_copy_action(struct net *net, const struct nlattr *attr, goto err_free_ct; __set_bit(IPS_CONFIRMED_BIT, &ct_info.ct->status); - nf_conntrack_get(&ct_info.ct->ct_general); return 0; err_free_ct: __ovs_ct_free_action(&ct_info); diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 0f44608..32a720e 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -1255,7 +1255,6 @@ static int tcf_ct_fill_params(struct net *net, return -ENOMEM; } __set_bit(IPS_CONFIRMED_BIT, &tmpl->status); - nf_conntrack_get(&tmpl->ct_general); p->tmpl = tmpl; return 0; From patchwork Fri Oct 28 13:57:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696129 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=jdBCy6eG; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJJ6k43z23kY for ; Sat, 29 Oct 2022 00:57:52 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPrj-0000D8-O2; Fri, 28 Oct 2022 13:57:43 +0000 Received: from mail-mw2nam12on2046.outbound.protection.outlook.com ([40.107.244.46] helo=NAM12-MW2-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrc-000078-BB for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q2lyGVKUQ9csJkNe1c5LGUvkltuHYHLNigLtCOSq649cDJehiafHgfqk3nEUOw9dLVhvBgw0tzal6IRPzuj4JNdxkfpZRaU3Ex7Kw7VFDBVMhcd+GnjFRRNr30dBuDu2Uhzt0TrdPFxwWZWdOJzU4NLbtOg6rQd7lYD7b/7Aal31PjPk1sIrCmOruopQWOaAkrrzCn/r8qDvUSmETEhkBGrOFp2SG6d+k9reWPwIOhbApNFAQUjqgny7S9m24P31n+ZvaIGNaLh4lV38sbdT8WA690bhNQIWxwv1qlrBJcjGg0lAAcmfIf2+TX2T9Y38vbMH7w0IwNfPGMmpEkUDNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GDYf/mzZ19rHOFRg2sVqhLkgWalQsAc+7C7NjH7DRDw=; b=cJ4r+Sfve1ltYLfvKoS015lO59HDlrm/zlx2dGBLRZ+MFqD9VY+NZHMpZ03qWhiga/Ly/scfH3iGKeZ65xk0n77/gO+LRQDHyj2REJqLLDnzWW+iy1h81kmYE8w7d9OyscdVrgtW3QlxA0yySV9dKfWUy+2B9jEtVeHaiqdENEdqbmrh2zPrhCYMqVfIGcykWXqwfHiCnA1FkPjIauC77jcjfS1LBVZ8HYzfa9lbqgEFYUk50XmL0D2IOFgHajq1GX78fcAUHAGu0Ez0CGGNXgt/k1aqL81DlL+P7+w0sA8917qWyY0h6yV07cYltcDOf4qLfbS8dnURwSD/4JR8kQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.233) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDYf/mzZ19rHOFRg2sVqhLkgWalQsAc+7C7NjH7DRDw=; b=jdBCy6eGW5q5qtiED29d8qJizzJqBsNBrqVMiGv0ZIadBtqk2QPdQQsk8aIwRrwhYZUMCqBTGHrN/h5H0jbxsdXoMHGidX1jxjoNlVtF7MsuMDkF4vHxcvvxmu2bEbAKCDqX27oJt+FQBcMBljTC0mmu9gp+rNwBu8BIGUBLD4wxVYMI5cwYlEWTFK238lw+fMrMV0nY2bO6dgPfh2KwnqKvS0WMcczy0R6u/KwCvbySMiMHlJ3xLB6w9FJM8XvWcBRGIo0bvrTXMoiEZ0Kxp/UAGHy8HdY/kcFMoMcTpnBHqdx48jHynw5gfpGxIYvo8XKNzPSb7sJu8JZfe6SYsw== Received: from DM6PR17CA0024.namprd17.prod.outlook.com (2603:10b6:5:1b3::37) by BY5PR12MB4099.namprd12.prod.outlook.com (2603:10b6:a03:20f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:33 +0000 Received: from DM6NAM11FT082.eop-nam11.prod.protection.outlook.com (2603:10b6:5:1b3:cafe::63) by DM6PR17CA0024.outlook.office365.com (2603:10b6:5:1b3::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.233) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.233 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.233; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.233) by DM6NAM11FT082.mail.protection.outlook.com (10.13.173.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:32 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:30 -0700 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:30 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:29 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXc024340; Fri, 28 Oct 2022 16:57:27 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 05/10] netfilter: flowtable: Make sure GC works periodically in idle system Date: Fri, 28 Oct 2022 08:57:15 -0500 Message-ID: <1666965440-94070-6-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT082:EE_|BY5PR12MB4099:EE_ X-MS-Office365-Filtering-Correlation-Id: eb86b5de-3be7-4cab-944a-08dab8ec5c56 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2k96Zgo32oBIgqO/hhUNUWNywQ2OoXptL0zzNfadW6ahYdciScjPH2JkratDm9/2US4eA6+No8lNS5BiyxhKxPOnYqo+aYvgA8K4FqSj0d7gVfa2Y9cHWxFwNbhlphZOW0sK21TbggHz3rLkAnnK4xAE5PEhkfBsog+H18I+Rc/QlqS28lRDOckTq58xfHYyLO8z0bwV5JmBGqCLhwq7J09o92AOsDLKLavJrFhTCrCterQgDokp7YrnbylU9cJlR6tajK+cj+U9aEGFtmeUiAZdqRudMUzNW9y0m7RIMe1qx6g2wRk4JflWY14CrBMN2jvUeqEE7Z1r0UTHoGKHHz4lJRXOb+wbA89f3pp+RjCDvlm3adzhlkGanx31CA8SMDeyTBr8V+LIQaxSZRrFnMVt+/iC2IXLcc7bE9Q5ehAz9wf90UbNN1NLCtv+9/o09KZythT+CD9cwxeJP1VK75iOkc0U4Hlz2LegqD9vcKiugsU4Xjq2fPsVNQfQujEBhYUd0V8ZM27EXXTJBKk2e45EBY1CSUApIJQAAoce4yM5Xr4U08ddPHV8Rx0c/nS1Ltl/8N8BJ7Hpn32WXfhqCz0Jwgi8i6QPtGMton9n2z6EdW9922VB+JtoS6kibmT1cAegqYsAwg3/YREoegLVByOZ5kd/8t1F/tVZzBGwvNqs+/XBGxN2tBXCdKzzBdTvvurzfZRnT0Yu/OQrc0NOwRi+v/dijlBzd5nGQqGhtp8oqskt0jREcS3dRVG3ccVfpG1Y6Fwqss9fA5LbBM3ph5OszVIzbCMp3KPXWuayNrCznKRl9DKYeXB6cCTcQ1UwqfLpnDC+DX1dv446iWBCL3gadTXoSPcfnNnbu+8sdB4= X-Forefront-Antispam-Report: CIP:216.228.118.233; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge2.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(376002)(346002)(39860400002)(396003)(136003)(451199015)(40470700004)(36840700001)(46966006)(36756003)(40480700001)(82740400003)(36860700001)(5660300002)(2906002)(356005)(7636003)(83380400001)(47076005)(86362001)(107886003)(2616005)(336012)(26005)(186003)(966005)(6666004)(478600001)(316002)(6916009)(54906003)(41300700001)(40460700003)(70206006)(8936002)(4326008)(8676002)(70586007)(82310400005); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:32.5910 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: eb86b5de-3be7-4cab-944a-08dab8ec5c56 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.233]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT082.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4099 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Yinjun Zhang BugLink: https://bugs.launchpad.net/bugs/1995004 Currently flowtable's GC work is initialized as deferrable, which means GC cannot work on time when system is idle. So the hardware offloaded flow may be deleted for timeout, since its used time is not timely updated. Resolve it by initializing the GC work as delayed work instead of deferrable. Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") Change-Id: I99843e5974c9bbb41dfbaf1dc062e538e1938f34 Signed-off-by: Yinjun Zhang Signed-off-by: Louis Peens Signed-off-by: Simon Horman Signed-off-by: Pablo Neira Ayuso Signed-off-by: Bodong Wang --- net/netfilter/nf_flow_table_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index dd29f4f..d60a206 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -522,7 +522,7 @@ int nf_flow_table_init(struct nf_flowtable *flowtable) { int err; - INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); + INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc); flow_block_init(&flowtable->flow_block); init_rwsem(&flowtable->flow_block_lock); From patchwork Fri Oct 28 13:57:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696131 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=bWZgKz9H; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJT4Yg9z23kY for ; Sat, 29 Oct 2022 00:58:01 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPrr-0000M0-S3; Fri, 28 Oct 2022 13:57:51 +0000 Received: from mail-bn8nam12on2083.outbound.protection.outlook.com ([40.107.237.83] helo=NAM12-BN8-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPro-0000Fw-5F for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:48 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BbIrgQTgQ4Mt8Et1w6c3XCWVRsfAXHUlrFzwv1i2m8lkRhMQ9AKqnBXjqpXR1qXsXsEyROBTbS928t/PtXm43qLM/0+yUpQpqUBR30Xc8wefbTthbnLxPgPLUUJQ79W/PdFoe243bSYnTe4thMys7oqr6D30STJsXCGR4ilwwFsk0B7Qmo5BM51ZMVFQhlpDFtP3yXzHEmRbiSLfxkOwxH2g4acUDT0ZqHCEtBlGcEkhlkr4ZLUD37Q5/M3AF+TiM0eBXWUOnqHwV0QJ3i+eQlgO3D99NRE9DmhuJ57TgYI+FTVsm4ZUtH5F4I4TpT7tzMlJTMAyyL3qETdOauSXZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MH1vIUtdmWMik0gMXjExjoGXnxgem6FdRMI81yB2TXw=; b=dcHnklAyj6EvTy5SVghiExDC5lf014P78wdA0fIQEwtqht0FqvTs7x0tHB9ATOjCBRvo4qNrC3LCqCm0I+qJhcjK7salbzpzoP+mpA8WOrZsyN23CnC3XDjr1XXMkwZzHpT4/Fb8evNJHtT7IWSRnFshq+d0ojpB0OM1GVxd5EukJv6X5JBtN4/+wNrFHhaN49h/kUpcQzDefZxJg7/Sjg1yRW1wzfMiHg/OiMQNTN9H04GNofZSpg50DpcsJwvlkiHOVQ5oPEJvU3U9JvIZPniH0xA5aEY2mf+2pBFmmPpOC3ggjwP/0O+/wpMQv8qzPr5JMSsbmxzkD0NBMBwjHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MH1vIUtdmWMik0gMXjExjoGXnxgem6FdRMI81yB2TXw=; b=bWZgKz9Hze4LEnUCff/BJ862lzYH/FT9XoTZpBwjTe+apBHE4DPdLVn3J5E0Bqa7TNMhb3NoL50tsBFWBbndPUdjWgel+DCkUTzYkKNk41rQLIadIwm4H8xjutFLiWagrGdzF3rbqjFRZxv3VptAkkRbJwQeq5qyzGjpEXYIAS1HYbtiWDX0zCuuC10s4ZfMM1Udq2NB8ze/Ui/lxAMNzidzIi6brHxrz7QF6g1JCaJtZWkbtI+X4SIClo5fv+4rCIjs/EIXeSH8udwcQM8YPVMdf7xz1WHAXw5Q7t7CPUMW3bjdL9+S0chN/zsYhmxQOVY741J8UlBk19gLW2ZrTg== Received: from MW4PR03CA0082.namprd03.prod.outlook.com (2603:10b6:303:b6::27) by SA1PR12MB5660.namprd12.prod.outlook.com (2603:10b6:806:238::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:44 +0000 Received: from CO1NAM11FT015.eop-nam11.prod.protection.outlook.com (2603:10b6:303:b6:cafe::30) by MW4PR03CA0082.outlook.office365.com (2603:10b6:303:b6::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CO1NAM11FT015.mail.protection.outlook.com (10.13.175.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:43 +0000 Received: from rnnvmail203.nvidia.com (10.129.68.9) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:32 -0700 Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail203.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:31 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:31 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXd024340; Fri, 28 Oct 2022 16:57:28 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 06/10] netfilter: flowtable: avoid possible false sharing Date: Fri, 28 Oct 2022 08:57:16 -0500 Message-ID: <1666965440-94070-7-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1NAM11FT015:EE_|SA1PR12MB5660:EE_ X-MS-Office365-Filtering-Correlation-Id: 58c0f6a1-9412-45c9-0e19-08dab8ec630b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aPuH9rXEzjS8tgF5Mm+PGcEaIOaaisK3qHImD9ZNGtKfXkjuG987YQmz6EUKs91Myl5+d/7GXK/8tiZMrPYdt1MvSANG0daEmkIVqsttlE8VRAB+StmEH5qK/R6q6c7gbRf5Ey7xpGDwYxIjupQc6oKh4BCDn1soDk61pvE10Lz0kxADrY2nzfxr0YeNaeXyR002/s+kzCmFtQiVkTAzN9MjVggB69Axeyokah+hHzPQRyKoe2WQeJ9kZgY4Aj3W/eXj50vLaiGYA1VcAyKcRxmw9WJoZJMLCokLpBTtEaiYAckH1R3wh4muEz96S80fom64hUsOc1fVtN3aQGvkzaboyzCCdlJAtu1QzES2Cn2SXE5glvZFDWsmJmEsL/9VBcpxZHVgdpZDGJxJPcFAqCG3QGmsBvlJWnGp5WMpgiDXdtjHDOXVNdBRudJThZZywA26A4I2pdOhxHuK6KCF5eLR57bkSiiKo4tiUH97jv09tvHBccDrNXvnpWp3L8wGFdjKHjAtf12Kad2HqUGT2EH42XBZFWsUZYydHF0ubzd/EOS8PeHflrqJOV0Cfs17MHEMAxCO9hhHC7HNzjiKgLMkPc2BBW9ErxrT1G/Z4O6gwVJS002j6SPyBWCo/zOd7cy2/WRxmbXNu3JCegkfBQuJb3bLRa48D1PakTgXl6w+m1V+ibGnL3dbLEbKBsKbShDlvCfjt+2p/tml5df03zh4RRkOAG5xHRjF5iI8vE73UNfLRquVi1c3s8L6N3mGs1HHs6v/ayS2AZfuxLhM2QTHdG2B1aXwLqPjJr3IhaA3pZjmLVpePmz78/jVRb20DUtHi2XaOnzEncCPkYwa3IHeWB6NhXAelmEGeXYl4cM= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(136003)(396003)(346002)(39860400002)(376002)(451199015)(36840700001)(46966006)(40470700004)(70586007)(70206006)(4326008)(54906003)(8676002)(316002)(6916009)(36756003)(41300700001)(966005)(36860700001)(83380400001)(7636003)(356005)(40480700001)(26005)(107886003)(82310400005)(86362001)(47076005)(478600001)(40460700003)(336012)(82740400003)(6666004)(2616005)(186003)(2906002)(8936002)(5660300002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:43.8089 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 58c0f6a1-9412-45c9-0e19-08dab8ec630b X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT015.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB5660 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pablo Neira Ayuso BugLink: https://bugs.launchpad.net/bugs/1995004 The flowtable follows the same timeout approach as conntrack, use the same idiom as in cc16921351d8 ("netfilter: conntrack: avoid same-timeout update") but also include the fix provided by e37542ba111f ("netfilter: conntrack: avoid possible false sharing"). Change-Id: Idf434868f57e1f5af08e04d4fe5989d85743266c Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream 32c3973d808301e7a980f80fee8818fdf7c82b09) Signed-off-by: Bodong Wang --- net/netfilter/nf_flow_table_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index d60a206..f0dae0e 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -278,7 +278,11 @@ int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow) void flow_offload_refresh(struct nf_flowtable *flow_table, struct flow_offload *flow) { - flow->timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow); + u32 timeout; + + timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow); + if (READ_ONCE(flow->timeout) != timeout) + WRITE_ONCE(flow->timeout, timeout); if (likely(!nf_flowtable_hw_offload(flow_table))) return; From patchwork Fri Oct 28 13:57:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696130 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=ffFyh8dP; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJR28byz23kY for ; Sat, 29 Oct 2022 00:57:59 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPrq-0000Kj-Kw; Fri, 28 Oct 2022 13:57:50 +0000 Received: from mail-dm6nam11on2042.outbound.protection.outlook.com ([40.107.223.42] helo=NAM11-DM6-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPre-00008B-Vv for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:39 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z0XkTdEcqxhfWpElimqXqlCb+Q6bKT+nKuw0dO7QZCsERH+nPrb7ePglDjRuxJV18yjPtasIXKNWJP3smf1vryHent6701A0b2XivTpkiVA4MZ+x8AiS/Hj3Eg0ZCDDiuhl6R9N4tdyyGsnrNJcpo2osiJBNlx6YA0695yOp95e7mkGSHJHyH/Gme2z8SSOGa+igEYYLM5umJEubmE8DjuraG+ED9h9Ms6EJ+yju5pGG/UY+usOQ9V9dqQKH8DKaRlnejMxLSLA9+sNhFKvsSC3uMrO/QeffG1KWsu3fYFv/MDaLYWQhSSM/soZCY6+UUpeHOcpxL7E5RfK8O0UPXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QTvB8TVGJYkRl9z0bFmMlJK9HskNEGFwMYkPRoot+3A=; b=jn+p0O6YjmGmKp4JgIWJuJlpSaNrEHHtUjtAtVXL/Scuu0ET7i5+PPMcL+Q6AzZXOe/3JfhffC+dl8iOyepPWNS/BkEqeMTsk5wAR6DARA25j6cqnSOjL0bEb19QtlE1RYukarjms33qrf6xycBzxM1/lmLTiqkKXyAi2vWQJGYk6Azx3Ynrv19GtOKXmQjsJJlZY0J8QF5A040OQhwSCbL1WhVtNE46tBQfHNOnrzxldIlsSrT+04OevrnJ+znk26BwPeltfPQfPQvyJJh8CFNuDd+yloDDsVfkTmLRkkX+v/XozeHKRIcxHncQYeRax6FUp25TXzkhqVQ8dGhGKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QTvB8TVGJYkRl9z0bFmMlJK9HskNEGFwMYkPRoot+3A=; b=ffFyh8dPnXEKHM21/l7R6Qik0mi8c+Q8nTwmRe6Gj7jO0WsrlGXdIU0AAnUasZj2U9kvKhhLjzp98ovXVqs0C4Z8p6c0UMwvqg0I30MhHelkKqLh6XMQw87tsfp8ttNp3Ir6/K+c+YaPj++L2903F27H3rQc5JlV2sUq+YATCKq6yF6exJoQNkaFSh4JJFRP6wMcXXK1i0HY7fO9/hkUUkUD5wVPvDaSaW3cZobTTkZj1Vn4jt93Fz9NS8waPiCXEiuMJLSS1NRE+b2ZMn8mVhlOLk9IlmoDqifUEUSkVhqZtP/yiKuyRT90WFPbdONhpTrJXI6GYN5Z9vxODRvO3g== Received: from DM6PR01CA0028.prod.exchangelabs.com (2603:10b6:5:296::33) by CY5PR12MB6479.namprd12.prod.outlook.com (2603:10b6:930:34::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:36 +0000 Received: from DM6NAM11FT077.eop-nam11.prod.protection.outlook.com (2603:10b6:5:296:cafe::97) by DM6PR01CA0028.outlook.office365.com (2603:10b6:5:296::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by DM6NAM11FT077.mail.protection.outlook.com (10.13.173.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:36 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:33 -0700 Received: from drhqmail203.nvidia.com (10.126.190.182) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:32 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:32 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXe024340; Fri, 28 Oct 2022 16:57:29 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 07/10] netfilter: flowtable: fix excessive hw offload attempts after failure Date: Fri, 28 Oct 2022 08:57:17 -0500 Message-ID: <1666965440-94070-8-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT077:EE_|CY5PR12MB6479:EE_ X-MS-Office365-Filtering-Correlation-Id: 335c9637-322b-4aca-1af7-08dab8ec5e88 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3R5EYErpv21oY6lvPAm28giY4fKRsKAsF5uUAIZjJ27ogA5t1ZW634Yp4EMAH7InbjYeFJU6O3fXEW+Zvqg/MmK5Ahgs6rVYuoO6XmPkrAPaEqhEzzDQzgIkoXqjMowxZ2Z2HCCYEtJzKRM/3+X297SS++mLuXFsswUWKlHHpFbDfHV982ekU/tvkLRbyMSyRCvna+2qJeRYAVODYc3M9ZPU89bWf4aUTnKWWJ6PP33xo3nv98qvFZDF/vlI7zkXwMyv9S8jYRfFh0nPWmlLof0yfZvbpN8PhTbTo8lJIC3Ha1+i0EcWNCXAatST9kCKWcZLOwYpE/JDW7agTiSikISTCFr3oPEjmr4/pHTh0Fn5O2B4MOstdG7aMNeDgTThXZUKTMGiERpLJrH8Vafqmug3lVXqoTFF9nZm3PQAjaBJAzwB3k6Cy4MEHDX0A13gsFTFQRzdLOL1oGArPYA79+X0CYlcgaYIzPpzMwALNdw/x1ewKcagbOd3y8ovBfVnEfCuYZHl5dR4RjGrwAUwt2/8kao438Q4rq9G0e4eeILcOBgU7uwLbaGdJfAeEbAynpiNw4bPq/D4jTTs/HIYNzuAwA4BTo77xDHPQkhHquVkz5IBJpeaXF4/ctchyn9vh9pUnZSHclERJSY2BOvs0Ls5gsu+kPDt3ekjr2dA1hTMgPEFYajp7eI5mU6u+nv+NBKKXYgS1c0Ix+61ZqRRqPwnFfdPzO4BiKzxcTChK9DTlYxEFcEoHKgO4/dTIltwuBNR4H7Dk4L+YZK2PxvoXt9ZmBDCWfj1RT9TdUuayBslk6kAvwkQefUC+8BdZo9vrPFCG0VoW5bCglq1ua733oaxSU6UvvOFq2sSwGPt6z8= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(346002)(136003)(376002)(396003)(451199015)(46966006)(36840700001)(40470700004)(40480700001)(4326008)(36860700001)(8676002)(316002)(966005)(70586007)(6916009)(54906003)(5660300002)(41300700001)(82740400003)(70206006)(8936002)(2906002)(107886003)(6666004)(2616005)(40460700003)(186003)(26005)(47076005)(478600001)(336012)(83380400001)(7636003)(356005)(86362001)(82310400005)(36756003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:36.2554 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 335c9637-322b-4aca-1af7-08dab8ec5e88 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT077.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6479 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Felix Fietkau BugLink: https://bugs.launchpad.net/bugs/1995004 If a flow cannot be offloaded, the code currently repeatedly tries again as quickly as possible, which can significantly increase system load. Fix this by limiting flow timeout update and hardware offload retry to once per second. Fixes: c07531c01d82 ("netfilter: flowtable: Remove redundant hw refresh bit") Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream 396ef64113a8ba01c46315d67a99db8dde3eef51) Signed-off-by: Bodong Wang --- net/netfilter/nf_flow_table_core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index f0dae0e..f8cd832 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -281,8 +281,10 @@ void flow_offload_refresh(struct nf_flowtable *flow_table, u32 timeout; timeout = nf_flowtable_time_stamp + flow_offload_get_timeout(flow); - if (READ_ONCE(flow->timeout) != timeout) + if (timeout - READ_ONCE(flow->timeout) > HZ) WRITE_ONCE(flow->timeout, timeout); + else + return; if (likely(!nf_flowtable_hw_offload(flow_table))) return; From patchwork Fri Oct 28 13:57:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696132 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=qj/qdXPX; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJX4vNxz23kY for ; Sat, 29 Oct 2022 00:58:04 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPru-0000Oa-VC; Fri, 28 Oct 2022 13:57:55 +0000 Received: from mail-mw2nam12on2063.outbound.protection.outlook.com ([40.107.244.63] helo=NAM12-MW2-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrg-00008y-NM for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:41 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NEg6Ya0Cd6JDSHWnGJBkUpoi4U+vxcdCc6tCAPY1u03A603ssqyLRBehlQgqGJhl5zrlvgl3KVVh7L6sXRJPbtOm/79H0faZ/RXyEH9/EYKB3ndx8AeL15CX/UVxV0WnEOM3JSbMgu56IIbCvO4VsNVZvs7YnPSj30zBiDDavqXW1rmlps7vn18s8J+QbdEB7XMIoA1QFuQ7uBgOQSd29Q6YaLnOfOkDVrYAmO0P9tLU99JLttYyywS0wEP3+gaswp9QP54h1bg89FlM0vnbaBfXJQFQVnvJoG78L8qxxwE/PaJvh0rnPXZxO/stbQGJufRinADiW8A61d1BXlRSaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pdK/mCoFxZFE4b6P0LP5+qKSQIXbhJCwH4iVAMcy2tE=; b=ZNqBSree/w1Iowojz4ks+pDCHwTPcZHiLOUBTN+PEyQeuMEcj8a4yEFiOgn4uCfJiCpiKztUUB9+KOw6ySCNWe8Mr4vZvWLuJxt4uaL9nanjxNuClm+/Jc74v+QVIar9MYR7up3Stde2G75Gm4Z2zsUMd55LyP4BL/y1w3azgegJfKYpNBcow2GmJYwnEPD4Ri57Nnffm2K4vMoXFWIPmMn0QjN/peKpOqpWyBh+59V7jJpd5AP6qV9isD/0i7pzTHjlpj9GHd0X+LDsP3qmFM8itMrLYoZ5Tw+dbda7l6TDaKA/yJ0W4RdXqnzrCHEXIZnJYlrbgZvfE8hBkEyvHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.118.232) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pdK/mCoFxZFE4b6P0LP5+qKSQIXbhJCwH4iVAMcy2tE=; b=qj/qdXPXLb9pNa+OnLCOxldeMiE7Wdg76vpuK8P6zlUEIUwEBczVR2E4FSLI4QSogJYpTGwq7K3z1ei+SekfxEDLdO1MgNJaMTOWheqJQIgr9Fh/UL1sXgLQfEdI2s9JJ4HSY9hlr16lQEGftqr+oyRZeqo5ohSi7jFv3+hV//JvcKUTP16Dkjb3IiqpZBkP8Jvth8hinIAveLpT+2nPHt/FXrEoInjm0bFltZHojKMrOeFjICrLvQRUFSItAfznWGikNYG7PAJVJ82Tn9Q5x+vP5YdjBwZwx5xmOrFNkuGEbR8p4sUKHtr0EY4U+rEVAIq11k4NlEQ06yejKr47rw== Received: from DM6PR01CA0018.prod.exchangelabs.com (2603:10b6:5:296::23) by DM6PR12MB4283.namprd12.prod.outlook.com (2603:10b6:5:211::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.27; Fri, 28 Oct 2022 13:57:37 +0000 Received: from DM6NAM11FT077.eop-nam11.prod.protection.outlook.com (2603:10b6:5:296:cafe::ac) by DM6PR01CA0018.outlook.office365.com (2603:10b6:5:296::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.27 via Frontend Transport; Fri, 28 Oct 2022 13:57:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.118.232) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.118.232) by DM6NAM11FT077.mail.protection.outlook.com (10.13.173.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.14 via Frontend Transport; Fri, 28 Oct 2022 13:57:37 +0000 Received: from drhqmail203.nvidia.com (10.126.190.182) by mail.nvidia.com (10.127.129.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:34 -0700 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:33 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:33 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXf024340; Fri, 28 Oct 2022 16:57:31 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 08/10] netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup() Date: Fri, 28 Oct 2022 08:57:18 -0500 Message-ID: <1666965440-94070-9-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT077:EE_|DM6PR12MB4283:EE_ X-MS-Office365-Filtering-Correlation-Id: b132e2a4-edf1-40e9-846d-08dab8ec5f57 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q60J1a8Dss5prapaqGtJim00rDdXXXMhj9bxZewsbiU9rfvpzRsms/yqYkdppCEJoaZggcGFxBVMx+6cvb5pdLo6m43XYdDx+v3JcVbr+x/eL5A0Ca/E6i3keAr78Y7W9DtTgx5YAR/pYhRk+4DcTqwDJQ8zLb596Zeb83MvrRnDr+bb44F+UM2EP6Z8nA+mFGNM1izQ/ooL23HlxEB9B2p+1UZvSRJIaL3RQ4GpFeSserDVrBwPI9VDdINcM/yfj/w29OuKeiBgJh7vVqBzIBoLOKfA33LwX9/8nJ3s1H9cDPzVdkOI/Rv+DhWS0n2kydS3Qxl9qoyT5Nsk2GZwuKc4unYHQQtfQEwnOWAiaPzDduA31d2h7DTjbKN1mraz4amN+inh2k+8lhIdpR0WzX29sPj+rEqVtbELQ3qjwzNAzJxMLrvaIdYjvhdQFxaf+oJ6AzMydkJuBAXiga4R//2igJUxAJXl5RF0m1C2LLl9REnjTGwkjYLBzftE/KmrR/ZKnYdELKxXsJ8AH24ru/PHWmjJLBPhoqzNsvgRfZBq1A7aex87G50K/xKkcIyzf7USCGYyXSu1LEsvdCUBpUiC4Z9WutOvOrlyBEXTmB6XasQ+yZ1RjiQDRXEXLQWemUD1wzxg86NmJAnXM6RNLtLpQiWxsI4aCRJOO5XGHbGUBh3rC8GoGUizfat76jB1OBYKlo36S0t6I7ivDTTxd3tvC+CUBuqPYfZV8VAg1opPXRagnkabQNAaNt8SppxWjdMUxWDZKLDiyMZ5KdXv1Vzd07puvQ1qOC9LMh5bpW1VFexK6kkZYZkKL1F+xsdFs99NGS5/jFNCEAkVcQ0C2IXQ6BYT3mC7L9i8YUZzkuk= X-Forefront-Antispam-Report: CIP:216.228.118.232; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc7edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(396003)(136003)(39860400002)(376002)(346002)(451199015)(36840700001)(40470700004)(46966006)(5660300002)(2616005)(2906002)(186003)(8936002)(336012)(7636003)(41300700001)(356005)(26005)(82310400005)(40460700003)(47076005)(86362001)(82740400003)(40480700001)(83380400001)(36756003)(36860700001)(70586007)(316002)(6916009)(54906003)(478600001)(966005)(6666004)(107886003)(8676002)(4326008)(70206006); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:37.6304 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b132e2a4-edf1-40e9-846d-08dab8ec5f57 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT077.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4283 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pablo Neira Ayuso BugLink: https://bugs.launchpad.net/bugs/1995004 This function schedules the flow teardown state and it forces a gc run. Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller (Cherry-picked from upstream a8284c6899cf7321abbd258d970a9442978b0a4f) Signed-off-by: Bodong Wang --- include/net/netfilter/nf_flow_table.h | 2 ++ net/netfilter/nf_flow_table_core.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index a0c11bc..8e967d1 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -232,6 +232,8 @@ void flow_offload_refresh(struct nf_flowtable *flow_table, struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, struct flow_offload_tuple *tuple); +void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, + struct net_device *dev); void nf_flow_table_cleanup(struct net_device *dev); int nf_flow_table_init(struct nf_flowtable *flow_table); diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index f8cd832..f9237647 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -563,8 +563,8 @@ static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) flow_offload_teardown(flow); } -static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, - struct net_device *dev) +void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, + struct net_device *dev) { nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev); flush_delayed_work(&flowtable->gc_work); @@ -577,7 +577,7 @@ void nf_flow_table_cleanup(struct net_device *dev) mutex_lock(&flowtable_lock); list_for_each_entry(flowtable, &flowtables, list) - nf_flow_table_iterate_cleanup(flowtable, dev); + nf_flow_table_gc_cleanup(flowtable, dev); mutex_unlock(&flowtable_lock); } EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); From patchwork Fri Oct 28 13:57:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696136 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=BPOYjHcL; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJx0cNbz23kY for ; Sat, 29 Oct 2022 00:58:25 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPsE-0000m3-Ul; Fri, 28 Oct 2022 13:58:15 +0000 Received: from mail-sn1anam02on2049.outbound.protection.outlook.com ([40.107.96.49] helo=NAM02-SN1-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrp-0000Gp-HY for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yj8nqRgDTkpWTlfKVmEv/iVUVNfk78uc/e5Lo92zDACuOKD9eF5UnLjOpZ9bR0XL25UE0zI1J84vsH++9M0MpZD6D9f17HTDi0IE5NNeO9ftaKe0XpO4yBmb6VkdmZEI/EzsI8ongWovarFngP8dRguyjQv1lWISrsGVlpCeVN737y1lX5z0ItIWcNB1qVJLLPWlLOhr+p1UWx0b/fO2JVlU7BbXKMJT2sXQ7lxYXh8kHaKnxxCIJJIKqbRUWqPbrqx3EJ4ihj36LfLfNJb6ScgWMF9F1etKwmrUbZ9jDGxqoLVbQ5d+3ZlMm40H95HQfNsspqCnNshyyp1z248MPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MLt5Xo1KebalQ2ddbQMngnQN31SljBR3gR0tRU/no6M=; b=XGlcqJ7p1HHD1MW79iJpqYl/eHyyrrnTmrhjOflDYgEWIPQQ7YLGzJu45P3qd5h3OAJlr2i4eZdOFVRhfHy5VprXDI+6pmIPDXFmhuRMDB9RWDnHcDqa0vh9ZKpHOB8fp8ayPGH0D4GRMWPVU3gCKO6LP1Pm6YUmNS1CtuW2LlwNxuVWTNmzWzuM2FFVioYD8w2hdT+8Ob4jQID5yrVthpB54pAH2KHR/SbBhlBKm3EtKmofi2hGT7rKC7OOpWeqCu/hAc12PW/VTx0k1wMrEWvQJLi2qF5qchgv0VHladehUlLNnCqjd+0tdAMT3h1zFZ0NJnMi4NXSdU2yCzhsLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MLt5Xo1KebalQ2ddbQMngnQN31SljBR3gR0tRU/no6M=; b=BPOYjHcLSuaOw3qawqiRpiFNB21Ow+zFLazSTF/Tka2nNHsoGXSUJSCO8krHWujrx9XzkZlEM+UKbh5pH63/qqBJ7+C00JC4B85TpD/5/XJxOBioUpa/5S7O0CFeH7VDcrO7qKFfZpbV3cUs6WOeRaAov3MziR4ODM1EzPv2PFot0kFja5QQh818nXy5XY3u6vMNcvnhqQg+GuhKjkIA2zScNM28u+X1tPFjCsGqHwWQtU6jc05pQ2rkz8/lv8yxYcjIOVkFihlzA1wefVWnVncDMz/PWVyBdjHdeiKegnKFQjUYgOdrsYxcHqHiVqfvLVjeWpob1W4FRFwh1I3K+g== Received: from DM6PR07CA0098.namprd07.prod.outlook.com (2603:10b6:5:337::31) by MN0PR12MB6221.namprd12.prod.outlook.com (2603:10b6:208:3c3::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:45 +0000 Received: from DM6NAM11FT023.eop-nam11.prod.protection.outlook.com (2603:10b6:5:337:cafe::69) by DM6PR07CA0098.outlook.office365.com (2603:10b6:5:337::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by DM6NAM11FT023.mail.protection.outlook.com (10.13.173.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.16 via Frontend Transport; Fri, 28 Oct 2022 13:57:45 +0000 Received: from rnnvmail203.nvidia.com (10.129.68.9) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:35 -0700 Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail203.nvidia.com (10.129.68.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:35 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:34 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXg024340; Fri, 28 Oct 2022 16:57:32 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 09/10] netfilter: flowtable: add function to invoke garbage collection immediately Date: Fri, 28 Oct 2022 08:57:19 -0500 Message-ID: <1666965440-94070-10-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT023:EE_|MN0PR12MB6221:EE_ X-MS-Office365-Filtering-Correlation-Id: 1521b616-4e8a-46eb-0f6e-08dab8ec63cd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AMPwLETJmZUcVsmC9ze9/pIDjupdHhjejxguO53R9fYBvvtoScUXxyFPGZEOXMmKjKZI4/W8ePTZK4FLCbz4n9dfDYsexMMg2t8T0jYUSjl0zhIsMQB8XjjyuLFpRPfCw+6L8Pqb02NLNf2w/vxvPdiFvedUch2iVJL51hbVaPfRDbw9JA+wvL5Zq1sL5XryYJaFT3VBXyaDiIt4aySUNIG5BoEjdQFfsnlMOlbauQqIx0l0kisLWUZl0CbuIWJLM5seEPYn0Vvw/zHJiXSrps/w0rTMt2OXV5PGJ7YTP/q0eER2I3c350BIvyFp/zEwf1PufMN/6I6pTkSeyh//dzsCXoONE+X8Oi+Z03mEkdjVc/zCMYf+uC58b/T+u5ULv3iDHBt5jvIbQhroo4KLCSJLhWGddqaEvix/V/LVk2sMdHE3lljsGTIqW6WIeg6DG09sFNe7QTmwNGVDD4v3W699dtA1u/xe8IaEzkaL586R3tx3JyJ3d6UCGWktUPlxpZyKd6LnyhrdBCS2gY8wN9fQ+KOAZ5dwDtf6qzUcopVyAhAnNeG8jd2CAkQs0MOhGSwCDL78EVliuPKIYXsd/xkx4LZZkQbcikMdjSEO2sEunXWYnwklUxaWx145qAIwmzXI5lm0aOVwQXvkn5puFZtx4BaYbswogS1/RK6u5cbouM6cpau8dAQc+en1ZKI6sQDp2yZDZa4ja64AWts0szpVsxqE0rJx3LRgLIgS1DyAkHmbBeFd8CR9M5YV/0lCgb7WoZ/4aXVTR3ltgAewMoW0XutOMJmVlvWIMIUqXkVWUBA2w0vKg7hyi50ObyigxZBLRwkDSIxP5L0aXHkARW3qZ7KutXaTinPq+3OzowQgnZTDjYGilNbtcPltSv5H X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(346002)(376002)(136003)(396003)(451199015)(46966006)(40470700004)(36840700001)(2906002)(5660300002)(8936002)(966005)(36756003)(41300700001)(83380400001)(36860700001)(6916009)(54906003)(316002)(70206006)(70586007)(4326008)(7636003)(8676002)(478600001)(47076005)(336012)(86362001)(107886003)(186003)(2616005)(40460700003)(82310400005)(6666004)(356005)(82740400003)(26005)(40480700001)(14773001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:45.0959 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1521b616-4e8a-46eb-0f6e-08dab8ec63cd X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT023.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6221 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pablo Neira Ayuso BugLink: https://bugs.launchpad.net/bugs/1995004 Expose nf_flow_table_gc_run() to force a garbage collector run from the offload infrastructure. Signed-off-by: Pablo Neira Ayuso (Backported from upstream 759eebbcfafcefa23b59e912396306543764bd3c) Signed-off-by: Bodong Wang --- include/net/netfilter/nf_flow_table.h | 1 + net/netfilter/nf_flow_table_core.c | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 8e967d1..b4149dd 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -232,6 +232,7 @@ void flow_offload_refresh(struct nf_flowtable *flow_table, struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, struct flow_offload_tuple *tuple); +void nf_flow_table_gc_run(struct nf_flowtable *flow_table); void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, struct net_device *dev); void nf_flow_table_cleanup(struct net_device *dev); diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index f9237647..f1cb23f 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -398,12 +398,17 @@ static void nf_flow_offload_gc_step(struct flow_offload *flow, void *data) } } +void nf_flow_table_gc_run(struct nf_flowtable *flow_table) +{ + nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, flow_table); +} + static void nf_flow_offload_work_gc(struct work_struct *work) { struct nf_flowtable *flow_table; flow_table = container_of(work, struct nf_flowtable, gc_work.work); - nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, flow_table); + nf_flow_table_gc_run(flow_table); queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ); } @@ -590,11 +595,11 @@ void nf_flow_table_free(struct nf_flowtable *flow_table) cancel_delayed_work_sync(&flow_table->gc_work); nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); - nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, flow_table); + nf_flow_table_gc_run(flow_table); nf_flow_table_offload_flush(flow_table); if (nf_flowtable_hw_offload(flow_table)) - nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, - flow_table); + nf_flow_table_gc_run(flow_table); + rhashtable_destroy(&flow_table->rhashtable); } EXPORT_SYMBOL_GPL(nf_flow_table_free); From patchwork Fri Oct 28 13:57:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1696133 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256 header.s=selector2 header.b=ObgzZLct; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MzPJd60Lrz23kY for ; Sat, 29 Oct 2022 00:58:09 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1ooPrz-0000Ts-Hq; Fri, 28 Oct 2022 13:57:59 +0000 Received: from mail-bn7nam10on2050.outbound.protection.outlook.com ([40.107.92.50] helo=NAM10-BN7-obe.outbound.protection.outlook.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1ooPrp-0000Ie-Gl for kernel-team@lists.ubuntu.com; Fri, 28 Oct 2022 13:57:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZCP7jglj8fcPlBhhpTa8tvUirPLK6/cGCYLizUR58JA9RlKhqTwTaeCtiqF6gUCF/Sq2JBh8FgN7UXpiBvlEWE1qWUcXqX2ECTJyHEsU30MF0P/CYpVxOh8wKO2LLxi1+Yxd+0TZxMxqP8s3tI4ZqXuU5QfoFnrFl2MLW/xC5d+Ck/EmazBMpYFfjpIMBELtYV5/TlMslmN4dAD/69EXkbOJWUumtxjnAkMgsxtJ6nnZWR9py+LSEAXuaubL36bQxC76f2adYbSv6fbPY4pHDENdKnv9ccJkcwcRHE/tgqwmUjS1153h1DbEJyU2A7lDtyW5InESCeKEQQCjN6pjLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KdTTwTCTK6kZtAygusQWsGfryP2XZWXTXsNw12Bd1wE=; b=C/ljmMkrjzcFgh6ZrpG3VrePkBb9I5MaENFmkoVTb9qJgD9YglYHUvn5Ll8ez5Onl4WIE+dnfCyJb15plr7Km52wgb3fVSkp/PKNJVVoCbZY3P3uL+V+Ix7voDPQrWvyKrOKgD8OuwJg0aDBo6E5Px10w9nlgoCyaoEQJJWPdf1jCZZP6PJYLLJLn3/bWrKxS41rjhe73boLPq7INMXs8Cjw9MUT2B+hPNouTnPLglExKyMI1uOpuF8/P8DFsvC1y5OUyupCf3ZluXoatD/B7CD+rBe3Ccl2rRJSMHes1c5flyzKfjqbXAkfMK/c6n69EXo+JdlVZizNT7SQw7ZgMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KdTTwTCTK6kZtAygusQWsGfryP2XZWXTXsNw12Bd1wE=; b=ObgzZLctxotrvv+mOpYljIqA5A7NZ45wdUXj/P4nzUONg924vtleF9ODTjRVI/LhhCoJxoA8FZTWIYJkEFajYNQ5sM/8IOldjmOqbRszgWDTWHIs5IvADTdLIF9yKQ5AI6XosLYaIWIkMVUlnyo21fSunQ9ud1ubzp3Px0DLAr6PwO4XnuMBo/liHIWHmYNP+zm/Gy7edFTRV0o3Ew5V2OYaMulpdVE4cnEz1o+9vOqlElnpl6ZlLJT7grND5osSJsE4OxCuLdE/9Q7XQxDrsymt5epp6/rUe6WG5B6G+B+0fldFv3i1xcB5BV7Qz7e894NRpKoFHuH9EHACalWj3w== Received: from DM6PR07CA0082.namprd07.prod.outlook.com (2603:10b6:5:337::15) by BL0PR12MB4996.namprd12.prod.outlook.com (2603:10b6:208:1c6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:57:47 +0000 Received: from DM6NAM11FT023.eop-nam11.prod.protection.outlook.com (2603:10b6:5:337:cafe::12) by DM6PR07CA0082.outlook.office365.com (2603:10b6:5:337::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15 via Frontend Transport; Fri, 28 Oct 2022 13:57:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by DM6NAM11FT023.mail.protection.outlook.com (10.13.173.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.16 via Frontend Transport; Fri, 28 Oct 2022 13:57:47 +0000 Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Fri, 28 Oct 2022 06:57:37 -0700 Received: from rnnvmail201.nvidia.com (10.129.68.8) by rnnvmail202.nvidia.com (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Fri, 28 Oct 2022 06:57:36 -0700 Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29 via Frontend Transport; Fri, 28 Oct 2022 06:57:36 -0700 Received: from sw-mtx-hparm-006.mtx.labs.mlnx. (sw-mtx-hparm-006.mtx.labs.mlnx [10.9.151.93]) by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 29SDvKXh024340; Fri, 28 Oct 2022 16:57:33 +0300 From: Bodong Wang To: Subject: [SRU][F:linux-bluefield][PATCH 10/10] netfilter: flowtable: fix stuck flows on cleanup due to pending work Date: Fri, 28 Oct 2022 08:57:20 -0500 Message-ID: <1666965440-94070-11-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1666965440-94070-1-git-send-email-bodong@nvidia.com> References: <1666965440-94070-1-git-send-email-bodong@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT023:EE_|BL0PR12MB4996:EE_ X-MS-Office365-Filtering-Correlation-Id: c216102a-5475-4836-0eae-08dab8ec6516 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TV1rV+f57JwHR4MbRRGJYe0UiSkhPnHJD4ZaRnYnvohzQ5MQluRfylhT+PaVlrv8TSwlTUncFHOzDBijeTl/Bl+xrn17SL9L6xPGunwfCv6/GKr6BPAua3A7+V+f8lCJFCU7qQAo7ClllFg38y3bWjg6TxfjWoIU/py8QterCdakpuMnfltiqShr2VtKEykKp2r6s/zM9rBy/zateIQYapmGpXuelJPEEHhui7PhFexohWFd05FpqynmMOnLVekAGBjySXwaFBx+p2Nat1lyIGosk0x7HIJoy5RTpF8sfjPG/BUFJF5zY98bj+iC0bTjfluiepGpuYNR0WTZsk/sIitao4X2PqkaAElKbjRf5N+Z6rXt7m4+G5RNQL3+gr4We4TiVXxV/ZB4r/sBZ+KjUv5tXhwxV2XOgIp3zE7S+F4uAyQ+3SFkERuxi8UkCM3dDFsT4SZ91ZcjpPR2GcTVVHqItV3edUZ64RW+FFvPzIY/J7gerIbt5zf6IP764CQmrpt6QTYVh/K+1hIReSj5CjqCmm9PhtBXI0nUNiUhDLNyqh6SJwo4BVFhI0Ai74dsDI5Zx19vjiPDwyTlXJaHZB1BDHPXjhTxzPhrp8ZkJMXxHyyCCC/hJszthboEpi2o1g8DOBoZ8Klh3l5asbAZDYWIBpuqQehL8rbst2hU20vF0xcdNbqRx5KstzNmAebWhTwgzfCImPrnP3zkMoJ8L7vk8+JRUV7DrhaqveuNGaYV4eA8vwDO/n+o4ldkVhoc+oZj4KEeOJHaSiLUoXi05O2yJSq3bziUI//TmLXMycc3KejMWZh8g7n0jzjIbMTAj6JY6MpYcRh6rkoeqGeovUDLGVOotHTJyb+cMSa3F8w= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230022)(4636009)(396003)(39860400002)(136003)(346002)(376002)(451199015)(36840700001)(40470700004)(46966006)(47076005)(83380400001)(7636003)(86362001)(36860700001)(82740400003)(40460700003)(356005)(2906002)(5660300002)(6666004)(4326008)(8676002)(70206006)(41300700001)(82310400005)(8936002)(70586007)(336012)(966005)(26005)(2616005)(186003)(107886003)(54906003)(6916009)(316002)(478600001)(40480700001)(36756003); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2022 13:57:47.2364 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c216102a-5475-4836-0eae-08dab8ec6516 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT023.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB4996 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: vlad@nvidia.com, bodong@nvidia.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Pablo Neira Ayuso BugLink: https://bugs.launchpad.net/bugs/1995004 To clear the flow table on flow table free, the following sequence normally happens in order: 1) gc_step work is stopped to disable any further stats/del requests. 2) All flow table entries are set to teardown state. 3) Run gc_step which will queue HW del work for each flow table entry. 4) Waiting for the above del work to finish (flush). 5) Run gc_step again, deleting all entries from the flow table. 6) Flow table is freed. But if a flow table entry already has pending HW stats or HW add work step 3 will not queue HW del work (it will be skipped), step 4 will wait for the pending add/stats to finish, and step 5 will queue HW del work which might execute after freeing of the flow table. To fix the above, this patch flushes the pending work, then it sets the teardown flag to all flows in the flowtable and it forces a garbage collector run to queue work to remove the flows from hardware, then it flushes this new pending work and (finally) it forces another garbage collector run to remove the entry from the software flowtable. Stack trace: [47773.882335] BUG: KASAN: use-after-free in down_read+0x99/0x460 [47773.883634] Write of size 8 at addr ffff888103b45aa8 by task kworker/u20:6/543704 [47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 Not tainted 5.12.0-rc7+ #2 [47773.886745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) [47773.888438] Workqueue: nf_ft_offload_del flow_offload_work_handler [nf_flow_table] [47773.889727] Call Trace: [47773.890214] dump_stack+0xbb/0x107 [47773.890818] print_address_description.constprop.0+0x18/0x140 [47773.892990] kasan_report.cold+0x7c/0xd8 [47773.894459] kasan_check_range+0x145/0x1a0 [47773.895174] down_read+0x99/0x460 [47773.899706] nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table] [47773.907137] flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table] [47773.913372] process_one_work+0x8ac/0x14e0 [47773.921325] [47773.921325] Allocated by task 592159: [47773.922031] kasan_save_stack+0x1b/0x40 [47773.922730] __kasan_kmalloc+0x7a/0x90 [47773.923411] tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct] [47773.924363] tcf_ct_init+0x71c/0x1156 [act_ct] [47773.925207] tcf_action_init_1+0x45b/0x700 [47773.925987] tcf_action_init+0x453/0x6b0 [47773.926692] tcf_exts_validate+0x3d0/0x600 [47773.927419] fl_change+0x757/0x4a51 [cls_flower] [47773.928227] tc_new_tfilter+0x89a/0x2070 [47773.936652] [47773.936652] Freed by task 543704: [47773.937303] kasan_save_stack+0x1b/0x40 [47773.938039] kasan_set_track+0x1c/0x30 [47773.938731] kasan_set_free_info+0x20/0x30 [47773.939467] __kasan_slab_free+0xe7/0x120 [47773.940194] slab_free_freelist_hook+0x86/0x190 [47773.941038] kfree+0xce/0x3a0 [47773.941644] tcf_ct_flow_table_cleanup_work Original patch description and stack trace by Paul Blakey. Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") Reported-by: Paul Blakey Tested-by: Paul Blakey Signed-off-by: Pablo Neira Ayuso (Cherry-picked from upstream 9afb4b27349a499483ae0134282cefd0c90f480f) Signed-off-by: Bodong Wang --- include/net/netfilter/nf_flow_table.h | 2 ++ net/netfilter/nf_flow_table_core.c | 7 +++---- net/netfilter/nf_flow_table_offload.c | 8 ++++++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index b4149dd..1b07039 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -269,6 +269,8 @@ void nf_flow_offload_stats(struct nf_flowtable *flowtable, struct flow_offload *flow); void nf_flow_table_offload_flush(struct nf_flowtable *flowtable); +void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable); + int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, struct net_device *dev, enum flow_block_command cmd); diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index f1cb23f..50cacae 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -594,12 +594,11 @@ void nf_flow_table_free(struct nf_flowtable *flow_table) mutex_unlock(&flowtable_lock); cancel_delayed_work_sync(&flow_table->gc_work); + nf_flow_table_offload_flush(flow_table); + /* ... no more pending work after this stage ... */ nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL); nf_flow_table_gc_run(flow_table); - nf_flow_table_offload_flush(flow_table); - if (nf_flowtable_hw_offload(flow_table)) - nf_flow_table_gc_run(flow_table); - + nf_flow_table_offload_flush_cleanup(flow_table); rhashtable_destroy(&flow_table->rhashtable); } EXPORT_SYMBOL_GPL(nf_flow_table_free); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index e41b5c5..668bdb3 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -910,6 +910,14 @@ void nf_flow_offload_stats(struct nf_flowtable *flowtable, flow_offload_queue_work(offload); } +void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable) +{ + if (nf_flowtable_hw_offload(flowtable)) { + flush_workqueue(nf_flow_offload_del_wq); + nf_flow_table_gc_run(flowtable); + } +} + void nf_flow_table_offload_flush(struct nf_flowtable *flowtable) { if (nf_flowtable_hw_offload(flowtable)) {