Re: 2.3.99-pre3 netfilter oops/crash

[Rusty Russell <rusty@xxxxxxxxxxxxxxxx>]

In message <Pine.LNX.3.96.1000326221532.626B-100000@coconut> you write:
> Basically, if you repeatedly insert and remove the ip_conntrack module
> under high networking load, it provokes a kernel oops which sometimes
> escalates to an aiee killing the interrupt handler (and thus a complete
> system crash).

Linus, please apply.

Hi Ganesh,

        Thanks!  This is a problem with conntracks lying around after
the module had been removed.  This fixes it (we don't care about
module removal performance).

--- linux-2.3.99-pre3/net/ipv4/netfilter/ip_conntrack_core.c.~1~        Sat Apr 
 8 17:59:21 2000
+++ linux-2.3.99-pre3/net/ipv4/netfilter/ip_conntrack_core.c    Thu Mar 30 
10:42:41 2000
@@ -831,6 +831,15 @@
        unregister_sysctl_table(ip_conntrack_sysctl_header);
 #endif
        ip_ct_selective_cleanup(kill_all, NULL);
+
+       /* Now, no more packets coming in, but some connections may be
+          still alive due to skbs on other CPUs, or queued (ip_queue,
+          device queues, etc). */
+       while (atomic_read(&ip_conntrack_count) != 0) {
+               if (current->need_resched)
+                       schedule();
+       }
+
        kmem_cache_destroy(ip_conntrack_cachep);
        vfree(ip_conntrack_hash);
        nf_unregister_sockopt(&so_getorigdst);

--
Hacking time.