netfilter offload could bloat up memory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Roi Dayan |
Bug Description
SRU Justification:
* Explain the bug(s)
Memory bloat and aging active ct conns can happen from any stress test as we have a single orkqueue for handling the ct offload conns for add/del/stats actions.
* brief explanation of fixes
The first patch (which is already upstream) splits the add, del, and stats work into separate work queues. The second patch limits the number of entries on the add work queue.
* How to test
Testing was done with just stress traffic with lots of conns different 5-tuple.
* What it could break.
Can take a lot of memory for a long time and also causing active conns to age out when not necessary.
---
ct offload actions like add/del/stats are done in workqueue which can be bloat up in stress tests. can also cause active conns to age out.
one upstream commit to help with this is this
2ed37183abb7 netfilter: flowtable: separate replace, destroy and stats to different workqueues
CVE References
Changed in linux-bluefield (Ubuntu Focal): | |
assignee: | nobody → Roi Dayan (roidayan) |
importance: | Undecided → Medium |
status: | New → In Progress |
description: | updated |
Changed in linux-bluefield (Ubuntu): | |
status: | New → Invalid |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!