[ovs-git] [openvswitch/ovs] 4bfdef: datapath: compat: Backports bugfixes for nf_conncount

yifsun noreply at github.com
Thu Aug 29 00:51:17 UTC 2019


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 4bfdefea099024a57b8bf566ca992d1c2e6cf2c4
      https://github.com/openvswitch/ovs/commit/4bfdefea099024a57b8bf566ca992d1c2e6cf2c4
  Author: Yifeng Sun <pkusunyifeng at gmail.com>
  Date:   2019-08-28 (Wed, 28 Aug 2019)

  Changed paths:
    M acinclude.m4
    M datapath/linux/Modules.mk
    A datapath/linux/compat/include/linux/rbtree.h
    M datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h
    M datapath/linux/compat/nf_conncount.c

  Log Message:
  -----------
  datapath: compat: Backports bugfixes for nf_conncount

This patch backports several critical bug fixes related to
locking and data consistency in nf_conncount code.

This backport is based on the following upstream net-next upstream commits.
a007232 ("netfilter: nf_conncount: fix argument order to find_next_bit")
c80f10b ("netfilter: nf_conncount: speculative garbage collection on empty lists")
2f971a8 ("netfilter: nf_conncount: move all list iterations under spinlock")
df4a902 ("netfilter: nf_conncount: merge lookup and add functions")
e8cfb37 ("netfilter: nf_conncount: restart search when nodes have been erased")
f7fcc98 ("netfilter: nf_conncount: split gc in two phases")
4cd273b ("netfilter: nf_conncount: don't skip eviction when age is negative")
c78e781 ("netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS")
d4e7df1 ("netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node()")
53ca0f2 ("netfilter: nf_conncount: remove wrong condition check routine")
3c5cdb1 ("netfilter: nf_conncount: fix unexpected permanent node of list.")
31568ec ("netfilter: nf_conncount: fix list_del corruption in conn_free")
fd3e71a ("netfilter: nf_conncount: use spin_lock_bh instead of spin_lock")

This patch adds additional compat code so that it can build on
all supported kernel versions.

In addition, this patch helps OVS datapath to always choose bug-fixed
nf_conncount code. If kernel already has these fixes, then kernel's
nf_conncount is being used. Otherwise, OVS falls back to use compat
nf_conncount functions.

Travis tests are at
https://travis-ci.org/yifsun/ovs-travis/builds/569056850
On latest RHEL kernel, 'make check-kmod' runs good.

VMware-BZ: #2396471

Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list