CHROMIUM: netfilter: conntrack: Disable ____nf_conntrack_find gc
Conntrack abandoned use of a timer per nf_conn entry [Linux commit f330a7fd ("netfilter: conntrack: get rid of conntrack timer")]. A periodic garbage collection task was added [Linux commit b87a2f91 ("netfilter: conntrack: add gc worker to remove timed-out entries")] and data path functions that walk the conntrack connection table were enhanced to detect and proactively garbage collect expired flows. ____nf_conntrack_find() is one of the functions that now proactively triggers garbage collection. SFE holds a lock while performing packet acceleration. When ARL Qdisc is enabled SFE calls into an ARL hook to enable sampling TCP flow RTT. ARL utilizes nf_conntrack_find_get() to lookup conntrack flow state, which eventually calls into ____nf_conntrack_find(). If a proactive conntrack flow garbage collection is triggered then notification is dispatched to the SFE conntrack event handler, which requires acquireing the SFE state lock. This lock recursion triggers a deadlock / kernel oops. This CL disables the proactive conntrack flow garbage collection in ____nf_conntrack_find() only when both SFE and ARL are enabled. All other data path garbage collection as well as the periodic garbage collection task remain active to reap expired conntrack flow state. BUG=b:138685581 TEST=System test Verified conntrack flow state entries continue to be reaped in a timely manner after expiration. Change-Id: I14228c44c5d0513d6cb925103eeadb3863a45601 Signed-off-by:Danny J. Mitzel <mitzel@google.com> Reviewed-on: https://chromium-review.googlesource.com/1756627 Tested-by:
Kan Yan <kyan@chromium.org>
Loading
Please sign in to comment