Re: CPU soft lockup in a spin lock using tproxy and nfqueue

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: "Major Dávid" <major.david@balasys.hu>
Cc: Florian Westphal <fw@strlen.de>,
	netfilter-devel@vger.kernel.org,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: CPU soft lockup in a spin lock using tproxy and nfqueue
Date: Fri, 3 Mar 2023 10:33:10 +0100	[thread overview]
Message-ID: <20230303093310.GC20617@breakpoint.cc> (raw)
In-Reply-To: <374ce7bf-e953-ab61-15ac-d99efce9152d@balasys.hu>

Major Dávid <major.david@balasys.hu> wrote:
> On 3/3/23 01:09, Florian Westphal wrote:
> > 
> > Which one?  As far as I can see TCP stack would end up adding a
> > duplicate quadruple to the hash if we only drop the reference and
> > keep the listen sk around.
> 
> I just thought that tcp_timewait_state_process is called by TCP stack to
> handle TW state, which actually call inet_twsk_deschedule_put parallel to tproxy and
> that would be the root cause of the deadlock.

No, it won't be called.

We can do two things:
1. Assign the tw sk to skb->sk, then its handled by
   tcp_timewait_state_process() in tcp stack.

Problem is that after the tw sk was handled, tcp stack won't find
a listener socket if the tproxy service is running on a different port.

2. Assign the listener socket to skb->sk (this is whats done now).

> So I guess now, basically we would leak away the tw socket if we do not call put in tproxy?

We could just drop the reference, but then, as far as i can see, we end
up with two identical connection entries in the ehash table.

next prev parent reply	other threads:[~2023-03-03  9:33 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-02 13:26 CPU soft lockup in a spin lock using tproxy and nfqueue Major Dávid
2023-03-02 14:29 ` Florian Westphal
2023-03-02 16:06   ` Major Dávid
2023-03-03  0:09     ` Florian Westphal
2023-03-03  9:23       ` Major Dávid
2023-03-03  9:33         ` Florian Westphal [this message]
2023-03-03  9:41           ` Major Dávid
2023-03-03  9:45             ` Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230303093310.GC20617@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=major.david@balasys.hu \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.