[ovs-dev] [PATCH v3] datapath: compat: Backports bugfixes for nf_conncount
Yi-Hung Wei
yihung.wei at gmail.com
Wed Aug 28 23:48:52 UTC 2019
On Wed, Aug 28, 2019 at 4:07 PM Ben Pfaff <blp at ovn.org> wrote:
>
> On Wed, Aug 07, 2019 at 03:25:33PM -0700, Yifeng Sun wrote:
> > This patch backports several critical bug fixes related to
> > locking and data consistency in nf_conncount code.
> >
> > This backport is based on the following upstream net-next upstream commits.
> > a007232 ("netfilter: nf_conncount: fix argument order to find_next_bit")
> > c80f10b ("netfilter: nf_conncount: speculative garbage collection on empty lists")
> > 2f971a8 ("netfilter: nf_conncount: move all list iterations under spinlock")
> > df4a902 ("netfilter: nf_conncount: merge lookup and add functions")
> > e8cfb37 ("netfilter: nf_conncount: restart search when nodes have been erased")
> > f7fcc98 ("netfilter: nf_conncount: split gc in two phases")
> > 4cd273b ("netfilter: nf_conncount: don't skip eviction when age is negative")
> > c78e781 ("netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS")
> > d4e7df1 ("netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node()")
> > 53ca0f2 ("netfilter: nf_conncount: remove wrong condition check routine")
> > 3c5cdb1 ("netfilter: nf_conncount: fix unexpected permanent node of list.")
> > 31568ec ("netfilter: nf_conncount: fix list_del corruption in conn_free")
> > fd3e71a ("netfilter: nf_conncount: use spin_lock_bh instead of spin_lock")
> >
> > This patch adds additional compat code so that it can build on
> > all supported kernel versions.
>
> I think that our most common approach is to use one OVS commit to
> backport one Linux kernel commit. This commit combines many Linux
> kernel commits. Is that an intentional change in this case?
Hi Ben,
Yes, we are intended to pull in all of the bug fixes in this case.
The rationale is as following.
For the commits in ovs kernel module, we usually backport one upstream
net-next commit to one OVS commit. We need this fine granularity
backports because a single OVS kernel module changes can affect OVS
behavior. For the other type of kernel backports (mainly in
./datapath/linux/compat/ ), we try to backport the required missing
features for ovs kernel module in the older kernel. The goal is to
keep the older kernel in sync with the newer kernel on the required
features, and we may not need much detailed information per upstream
patch. In this case, it would be easier to pull in multiple patches
at once.
Some existing examples are,
c387d8177f20 ("compat: Add ipv6 GRE and IPV6 Tunneling")
744964326f6c ("datapath: compat: Backports nf_conncount")
Thanks,
-Yi-Hung
More information about the dev
mailing list