Re: Soft lockup on shutdown in nf_ct_iterate_cleanup()

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Martin Josefsson

Subject: Re: Soft lockup on shutdown in nf_ct_iterate_cleanup()

Date: Sunday, February 25, 2007 - 11:38 am

On Sun, 2007-02-25 at 18:31 +0100, Patrick McHardy wrote:

quoted text> [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops
>=20
> {nf,ip}_ct_iterate_cleanup iterate over the unconfirmed list for cleaning
> up conntrack entries, which is wrong for multiple reasons:
>=20
> - unconfirmed entries can not be killed manually, which means we might
>   iterate forever without making forward progress.
>=20
>   This can happen in combination with the conntrack event cache, which
>   holds a reference to the conntrack entry, which is only released when
>   the packet makes it all the way through the stack or a different
>   packet is handled.
>
> - taking references to an unconfirmed entry and using it outside the
>   locked section doesn't work, the list entries are not refcounted and
>   another CPU might already be waiting to destroy the entry
>=20
> Split ip_ct_iterate_cleanup in ip_ct_iterate, which iterates over both
> confirmed and unconfirmed entries, but doesn't attempt to kill them,
> and ip_ct_cleanup, which makes sure no unconfirmed entries exist by
> calling synchronize_net() prior to walking the conntrack hash.

What about this case:

1. Conntrack entry is created and placed on the unconfirmed list
2. The event cache bumps the refcount of the conntrack entry
3. module removal of ip_conntrack unregisters all hooks
4. packet is dropped by an iptables rule
5. packet is freed but we still have a refcount on the conntrack entry

Now there's no way to get that refcount to decrease as that only happens
when the event cache receives another packet or the current packet makes
it through the stack as you wrote above. And neither of this will happen
since we unregistered the hooks providing the packets and dropped the
packet.

I ran into this case a while ago during stresstesting and rewrote the
event cache to not increase the refcount, but this has the drawback that
events caused by dropped packets won't be reported. This may not be a
good thing...

Old patch can be found here:
http://performance.netfilter.org/patches/nf_conntrack_ecache-fix

--=20
/Martin

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Tue Feb 20, 6:10 pm)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Wed Feb 21, 5:56 pm)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Patrick McHardy, (Sat Feb 24, 6:58 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Sat Feb 24, 9:18 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Patrick McHardy, (Sun Feb 25, 10:31 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Martin Josefsson, (Sun Feb 25, 11:38 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Patrick McHardy, (Sun Feb 25, 12:03 pm)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Mon Feb 26, 10:14 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Patrick McHardy, (Mon Feb 26, 10:53 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Mon Feb 26, 2:21 pm)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Patrick McHardy, (Wed Feb 28, 11:09 am)

Re: Soft lockup on shutdown in nf_ct_iterate_cleanup(), Chuck Ebbert, (Wed Feb 28, 1:30 pm)

Navigation

Popular discussions


linux-kernel:
FUJITA Tomonori	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Uwe Kleine-König	Re: [PATCH v2] ARM: allow, but warn, when issuing ioremap() on RAM
Ingo Molnar	Re: [RFC/RFT PATCH] sched: automated per tty task groups
Josef Bacik	[PATCH] fallocate.2: add FALLOC_FL_PUNCH_HOLE flag definition
Andrew Morton	Re: [PATCH v3 0/4] Introduce hardware spinlock framework
git:
Stefan Richter	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Bert Wesarg	[TopGit PATCH v3 06/12] list_deps: accept -i/-w
Junio C Hamano	Re: [PATCH] Detached HEAD (experimental)
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
Petr Baudis	Re: PPC SHA-1 Updates in "pu"
git-commits-head:
Linux Kernel Mailing List	libata: disable ATAPI AN by default
Linux Kernel Mailing List	ARM: 5905/1: ARM: Global ASID allocation on SMP
Linux Kernel Mailing List	misc: replace remaining __FUNCTION__ with __func__
Linux Kernel Mailing List	Disallow gcc versions 4.1.{0,1}
Linux Kernel Mailing List	timer: Try to survive timer callback preempt_count leak
linux-netdev:
Arnaldo Carvalho de Melo	Re: [PATCH 06/37] dccp: Limit feature negotiation to connection setup phase
Gerrit Renker	[PATCH 1/5] dccp: Initialisation framework for feature negotiation
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Badalian Vyacheslav	Re: tc filter flow hash question
openbsd-misc:
Boris Goldberg	Re: HP ProLiant DL320 v. Sun Fire V125
Stuart Henderson	Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD
Karel Kulhavy	Re: No Blob without Puffy
Darrin Chandler	Re: strange output on openbsd C code
Nick Holland	Re: Install OpenBSD from USB ?

Colocation donated by:

Syndicate