Memleak on restore flow when offloading conntrack.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification:
Memleak on restore flow when offloading conntrack.
* Explain the bug(s)
When we offload conntrack initial stage we offload parly and do a restore flow to restore back
saved ct state to skbs.
skbs in gro offload getting merged, consumed and released but the nfct attached to the skb
not being released for merged skbs.
* brief explanation of fixes
Add a conntrack put when released merged skbs. If nft exists it will decr the count and release eventually.
* How to test
Run conntrack offload test and at the end flush everything and run conntrack -C to dump the internal counter
It should match the current conntrack rules in “conntrack -L”
* What it could break.
Memleak of ct objects.
CVE References
Changed in linux-bluefield (Ubuntu): | |
status: | New → Invalid |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | New → In Progress |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!