CHROMIUM: netfilter: conntrack: Disable ____nf_conntrack_find gc
Conntrack abandoned use of a timer per nf_conn entry
[Linux commit f330a7fdbe16 ("netfilter: conntrack: get rid of
conntrack timer")]. A periodic garbage collection task was added
[Linux commit b87a2f9199ea ("netfilter: conntrack: add gc worker to
remove timed-out entries")] and data path functions that walk the
conntrack connection table were enhanced to detect and proactively
garbage collect expired flows. ____nf_conntrack_find() is one of the
functions that now proactively triggers garbage collection.
SFE holds a lock while performing packet acceleration. When ARL Qdisc
is enabled SFE calls into an ARL hook to enable sampling TCP flow RTT.
ARL utilizes nf_conntrack_find_get() to lookup conntrack flow state,
which eventually calls into ____nf_conntrack_find(). If a proactive
conntrack flow garbage collection is triggered then notification is
dispatched to the SFE conntrack event handler, which requires acquireing
the SFE state lock. This lock recursion triggers a deadlock / kernel
oops.
This CL disables the proactive conntrack flow garbage collection in
____nf_conntrack_find() only when both SFE and ARL are enabled. All
other data path garbage collection as well as the periodic garbage
collection task remain active to reap expired conntrack flow state.
BUG=b:138685581
TEST=System test
Verified conntrack flow state entries continue to be reaped in a
timely manner after expiration.
Change-Id: I14228c44c5d0513d6cb925103eeadb3863a45601
Signed-off-by: Danny J. Mitzel <mitzel@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1756627
Tested-by: Danny Mitzel <mitzel@google.com>
Commit-Ready: Danny Mitzel <mitzel@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Kan Yan <kyan@chromium.org>
1 file changed
