[Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Leann Ogasawara | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
== Xenial SRU ==
We've twice now tried to roll out new firewalls and twice had to
revert back when the new firewalls almost immediately hung after
cutover.
At first we thought it was hardware issues, but after we reproduced it
on 4 different firewalls, we realised it was more likely to be a
problem with the Xenial kernel.
We think we're running into something similar to:
https:/
And Joel thinks the following patch might fix it:
Unfortunately, even when we mimic live production traffic on the new
firewalls with port mirroring, we only have a ~20% success rate at
reproducing the kernel hang and I'm keen not to have any more failed
migration attempts (and the corresponding downtime for many many
services).
== Fix ==
See http://
== Testing ==
We've just successfully migrated four firewalls
that are running with the patched kernel. Previously two of them would
have survived for less than 2 minutes, both have now been running in
production for over an hour.
I'll provide another update tomorrow, however at this stage I'd suggest
that it makes sense to get this into an SRU.
CVE References
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
This is already applied to Yakkety and Zesty, marking those tasks Fix Released.
~/linux$ git describe --contains 52bd2d62ce6758d 811edcbd2256eb9 ea7f6a56cb 128^2~276^ 2~13
v4.5-rc1~
~/linux$ git show 52bd2d62ce6758d 811edcbd2256eb9 ea7f6a56cb 811edcbd2256eb9 ea7f6a56cb
commit 52bd2d62ce6758d
Author: Eric Dumazet <email address hidden>
Date: Wed Nov 18 06:30:50 2015 -0800
net: better skb->sender_cpu and skb->napi_id cohabitation