From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Paul Blakey <paulb@nvidia.com>,
Vlad Buslov <vladbu@nvidia.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.5 076/112] net/sched: act_ct: additional checks for outdated flows
Date: Tue, 31 Oct 2023 18:01:17 +0100 [thread overview]
Message-ID: <20231031165903.717364465@linuxfoundation.org> (raw)
In-Reply-To: <20231031165901.318222981@linuxfoundation.org>
6.5-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlad Buslov <vladbu@nvidia.com>
[ Upstream commit a63b6622120cd03a304796dbccb80655b3a21798 ]
Current nf_flow_is_outdated() implementation considers any flow table flow
which state diverged from its underlying CT connection status for teardown
which can be problematic in the following cases:
- Flow has never been offloaded to hardware in the first place either
because flow table has hardware offload disabled (flag
NF_FLOWTABLE_HW_OFFLOAD is not set) or because it is still pending on 'add'
workqueue to be offloaded for the first time. The former is incorrect, the
later generates excessive deletions and additions of flows.
- Flow is already pending to be updated on the workqueue. Tearing down such
flows will also generate excessive removals from the flow table, especially
on highly loaded system where the latency to re-offload a flow via 'add'
workqueue can be quite high.
When considering a flow for teardown as outdated verify that it is both
offloaded to hardware and doesn't have any pending updates.
Fixes: 41f2c7c342d3 ("net/sched: act_ct: Fix promotion of offloaded unreplied tuple")
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/act_ct.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 2b5ef83e44243..ad7c955453782 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -281,6 +281,8 @@ static int tcf_ct_flow_table_fill_actions(struct net *net,
static bool tcf_ct_flow_is_outdated(const struct flow_offload *flow)
{
return test_bit(IPS_SEEN_REPLY_BIT, &flow->ct->status) &&
+ test_bit(IPS_HW_OFFLOAD_BIT, &flow->ct->status) &&
+ !test_bit(NF_FLOW_HW_PENDING, &flow->flags) &&
!test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags);
}
--
2.42.0
next prev parent reply other threads:[~2023-10-31 17:48 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 17:00 [PATCH 6.5 000/112] 6.5.10-rc1 review Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 001/112] riscv: fix set_huge_pte_at() for NAPOT mappings when a swap entry is set Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 002/112] vdpa/mlx5: Fix firmware error on creation of 1k VQs Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 003/112] smb3: allow controlling length of time directory entries are cached with dir leases Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 004/112] smb3: allow controlling maximum number of cached directories Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 005/112] smb3: do not start laundromat thread when dir leases disabled Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 006/112] smb: client: do not start laundromat thread on nohandlecache Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 007/112] smb: client: make laundromat a delayed worker Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 008/112] smb: client: prevent new fids from being removed by laundromat Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 009/112] virtio_balloon: Fix endless deflation and inflation on arm64 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 010/112] virtio-mmio: fix memory leak of vm_dev Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 011/112] virtio-crypto: handle config changed by work queue Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 012/112] virtio_pci: fix the common cfg map size Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 013/112] vsock/virtio: initialize the_virtio_vsock before using VQs Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 014/112] vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 015/112] arm64: dts: qcom: apq8096-db820c: fix missing clock populate Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 016/112] arm64: dts: qcom: msm8996-xiaomi: " Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 017/112] arm64: dts: rockchip: use codec as clock master on px30-ringneck-haikou Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 018/112] arm64: dts: rockchip: set codec system-clock-fixed " Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 019/112] arm64: dts: qcom: sa8775p: correct PMIC GPIO label in gpio-ranges Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 020/112] arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 021/112] arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 022/112] i40e: sync next_to_clean and next_to_process for programming status desc Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 023/112] mm: fix vm_brk_flags() to not bail out while holding lock Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 024/112] hugetlbfs: clear resv_map pointer if mmap fails Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 025/112] mm/page_alloc: correct start page when guard page debug is enabled Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 026/112] mm/migrate: fix do_pages_move for compat pointers Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 027/112] selftests/mm: include mman header to access MREMAP_DONTUNMAP identifier Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 028/112] mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 029/112] hugetlbfs: extend hugetlb_vma_lock to private VMAs Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 030/112] maple_tree: add GFP_KERNEL to allocations in mas_expected_entries() Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 031/112] nfsd: lock_rename() needs both directories to live on the same fs Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 032/112] vdpa_sim_blk: Fix the potential leak of mgmt_dev Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 033/112] vdpa/mlx5: Fix double release of debugfs entry Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 034/112] ARM: OMAP1: ams-delta: Fix MODEM initialization failure Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 035/112] ARM: dts: rockchip: Fix i2c0 register address for RK3128 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 036/112] ARM: dts: rockchip: Add missing arm timer interrupt " Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 037/112] ARM: dts: rockchip: Add missing quirk for RK3128s dma engine Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 038/112] ARM: dts: rockchip: Fix timer clocks for RK3128 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 039/112] accel/ivpu: Dont enter d0i3 during FLR Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 040/112] drm/i915/pmu: Check if pmu is closed before stopping event Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 041/112] drm/amd: Disable ASPM for VI w/ all Intel systems Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 042/112] drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 043/112] btrfs: remove v0 extent handling Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 044/112] btrfs: fix unwritten extent buffer after snapshotting a new subvolume Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 045/112] ARM: OMAP: timer32K: fix all kernel-doc warnings Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 046/112] firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 047/112] clk: ti: Fix missing omap4 mcbsp functional clock and aliases Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 048/112] clk: ti: Fix missing omap5 " Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 049/112] r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 050/112] r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 051/112] r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 052/112] iavf: initialize waitqueues before starting watchdog_task Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 053/112] i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 054/112] treewide: Spelling fix in comment Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 055/112] igb: Fix potential memory leak in igb_add_ethtool_nfc_entry Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 056/112] net: do not leave an empty skb in write queue Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 057/112] neighbour: fix various data-races Greg Kroah-Hartman
2023-10-31 17:00 ` [PATCH 6.5 058/112] igc: Fix ambiguity in the ethtool advertising Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 059/112] net: ethernet: adi: adin1110: Fix uninitialized variable Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 060/112] net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 061/112] net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 062/112] r8152: Increase USB control msg timeout to 5000ms as per spec Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 063/112] r8152: Run the unload routine if we have errors during probe Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 064/112] r8152: Cancel hw_phy_work if we have an error in probe Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 065/112] r8152: Release firmware " Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 066/112] tcp: fix wrong RTO timeout when received SACK reneging Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 067/112] wifi: cfg80211: pass correct pointer to rdev_inform_bss() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 068/112] wifi: cfg80211: fix assoc response warning on failed links Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 069/112] wifi: mac80211: dont drop all unprotected public action frames Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 070/112] net/handshake: fix file ref count in handshake_nl_accept_doit() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 071/112] gtp: uapi: fix GTPA_MAX Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 072/112] gtp: fix fragmentation needed check with gso Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 073/112] drm/i915/perf: Determine context valid in OA reports Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 074/112] i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 075/112] netfilter: flowtable: GC pushes back packets to classic path Greg Kroah-Hartman
2023-10-31 17:01 ` Greg Kroah-Hartman [this message]
2023-10-31 17:01 ` [PATCH 6.5 077/112] drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 078/112] drm/i915/mcr: Hold GT forcewake during steering operations Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 079/112] iavf: in iavf_down, disable queues when removing the driver Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 080/112] scsi: sd: Introduce manage_shutdown device flag Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 081/112] blk-throttle: check for overflow in calculate_bytes_allowed Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 082/112] kasan: print the original fault addr when access invalid shadow Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 083/112] io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 084/112] iio: afe: rescale: Accept only offset channels Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 085/112] iio: exynos-adc: request second interupt only when touchscreen mode is used Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 086/112] iio: adc: xilinx-xadc: Dont clobber preset voltage/temperature thresholds Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 087/112] iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 088/112] i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 089/112] i2c: muxes: i2c-mux-gpmux: " Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 090/112] i2c: muxes: i2c-demux-pinctrl: " Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 091/112] i2c: stm32f7: Fix PEC handling in case of SMBUS transfers Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 092/112] i2c: aspeed: Fix i2c bus hang in slave read Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 093/112] tracing/kprobes: Fix symbol counting logic by looking at modules as well Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 094/112] tracing/kprobes: Fix the description of variable length arguments Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 095/112] misc: fastrpc: Reset metadata buffer to avoid incorrect free Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 096/112] misc: fastrpc: Free DMA handles for RPC calls with no arguments Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 097/112] misc: fastrpc: Clean buffers on remote invocation failures Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 098/112] misc: fastrpc: Unmap only if buffer is unmapped from DSP Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 099/112] nvmem: imx: correct nregs for i.MX6ULL Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 100/112] nvmem: imx: correct nregs for i.MX6SLL Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 101/112] nvmem: imx: correct nregs for i.MX6UL Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 102/112] x86/tsc: Defer marking TSC unstable to a worker Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 103/112] x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 104/112] x86/cpu: Add model number for Intel Arrow Lake mobile processor Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 105/112] perf/core: Fix potential NULL deref Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 106/112] sparc32: fix a braino in fault handling in csum_and_copy_..._user() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 107/112] clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 108/112] clk: socfpga: gate: Account for the divider in determine_rate Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 109/112] clk: stm32: Fix a signedness issue in clk_stm32_composite_determine_rate() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 110/112] platform/x86: Add s2idle quirk for more Lenovo laptops Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 111/112] mm/damon/sysfs: check DAMOS regions update progress from before_terminate() Greg Kroah-Hartman
2023-10-31 17:01 ` [PATCH 6.5 112/112] accel/ivpu/37xx: Fix missing VPUIP interrupts Greg Kroah-Hartman
2023-10-31 22:51 ` [PATCH 6.5 000/112] 6.5.10-rc1 review Ron Economos
2023-11-01 7:43 ` Naresh Kamboju
2023-11-01 11:28 ` Greg Kroah-Hartman
2023-10-31 23:24 ` Florian Fainelli
2023-11-01 0:12 ` Shuah Khan
2023-11-01 2:28 ` Justin Forbes
2023-11-01 2:55 ` Bagas Sanjaya
2023-11-01 10:08 ` Jon Hunter
2023-11-01 11:42 ` Ricardo B. Marliere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231031165903.717364465@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=pablo@netfilter.org \
--cc=patches@lists.linux.dev \
--cc=paulb@nvidia.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vladbu@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox