[ovs-dev] [PATCH v3] datapath: compat: Backports bugfixes for nf_conncount

Ben Pfaff blp at ovn.org
Thu Aug 29 00:51:45 UTC 2019


On Wed, Aug 28, 2019 at 04:48:52PM -0700, Yi-Hung Wei wrote:
> On Wed, Aug 28, 2019 at 4:07 PM Ben Pfaff <blp at ovn.org> wrote:
> >
> > On Wed, Aug 07, 2019 at 03:25:33PM -0700, Yifeng Sun wrote:
> > > This patch backports several critical bug fixes related to
> > > locking and data consistency in nf_conncount code.
> > >
> > > This backport is based on the following upstream net-next upstream commits.
> > > a007232 ("netfilter: nf_conncount: fix argument order to find_next_bit")
> > > c80f10b ("netfilter: nf_conncount: speculative garbage collection on empty lists")
> > > 2f971a8 ("netfilter: nf_conncount: move all list iterations under spinlock")
> > > df4a902 ("netfilter: nf_conncount: merge lookup and add functions")
> > > e8cfb37 ("netfilter: nf_conncount: restart search when nodes have been erased")
> > > f7fcc98 ("netfilter: nf_conncount: split gc in two phases")
> > > 4cd273b ("netfilter: nf_conncount: don't skip eviction when age is negative")
> > > c78e781 ("netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS")
> > > d4e7df1 ("netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node()")
> > > 53ca0f2 ("netfilter: nf_conncount: remove wrong condition check routine")
> > > 3c5cdb1 ("netfilter: nf_conncount: fix unexpected permanent node of list.")
> > > 31568ec ("netfilter: nf_conncount: fix list_del corruption in conn_free")
> > > fd3e71a ("netfilter: nf_conncount: use spin_lock_bh instead of spin_lock")
> > >
> > > This patch adds additional compat code so that it can build on
> > > all supported kernel versions.
> >
> > I think that our most common approach is to use one OVS commit to
> > backport one Linux kernel commit.  This commit combines many Linux
> > kernel commits.  Is that an intentional change in this case?
> 
> Hi Ben,
> 
> Yes, we are intended to pull in all of the bug fixes in this case.
> The rationale is as following.
> 
> For the commits in ovs kernel module, we usually backport one upstream
> net-next commit to one OVS commit.  We need this fine granularity
> backports because a single OVS kernel module changes can affect OVS
> behavior.   For the other type of kernel backports (mainly in
> ./datapath/linux/compat/ ), we try to backport the required missing
> features for ovs kernel module in the older kernel.  The goal is to
> keep the older kernel in sync with the newer kernel on the required
> features, and we may not need much detailed information per upstream
> patch.  In this case, it would be easier to pull in multiple patches
> at once.
> 
> Some existing examples are,
> c387d8177f20 ("compat: Add ipv6 GRE and IPV6 Tunneling")
> 744964326f6c ("datapath: compat: Backports nf_conncount")

Thanks a lot.

I applied this to master.


More information about the dev mailing list