Commit 26fe2805 authored by Miroslav Urbanek's avatar Miroslav Urbanek Committed by Luis Henriques

flowcache: Fix kernel panic in flow_cache_flush_task

commit 233c96fc upstream.

flow_cache_flush_task references a structure member flow_cache_gc_work
where it should reference flow_cache_flush_task instead.

Kernel panic occurs on kernels using IPsec during XFRM garbage
collection. The garbage collection interval can be shortened using the
following sysctl settings:

net.ipv4.xfrm4_gc_thresh=4
net.ipv6.xfrm6_gc_thresh=4

With the default settings, our productions servers crash approximately
once a week. With the settings above, they crash immediately.

Fixes: ca925cf1 ("flowcache: Make flow cache name space aware")
Reported-by: default avatarTomáš Charvát <tc@excello.cz>
Tested-by: default avatarJan Hejl <jh@excello.cz>
Signed-off-by: default avatarMiroslav Urbanek <mu@miroslavurbanek.com>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent a49b6919
...@@ -379,7 +379,7 @@ void flow_cache_flush(struct net *net) ...@@ -379,7 +379,7 @@ void flow_cache_flush(struct net *net)
static void flow_cache_flush_task(struct work_struct *work) static void flow_cache_flush_task(struct work_struct *work)
{ {
struct netns_xfrm *xfrm = container_of(work, struct netns_xfrm, struct netns_xfrm *xfrm = container_of(work, struct netns_xfrm,
flow_cache_gc_work); flow_cache_flush_work);
struct net *net = container_of(xfrm, struct net, xfrm); struct net *net = container_of(xfrm, struct net, xfrm);
flow_cache_flush(net); flow_cache_flush(net);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment