| Message ID | 161010627346.3858336.14321264288771872662.stgit@firesoul (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] netfilter: conntrack: fix reading nf_conntrack_buckets | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 4 maintainers not CCed: kuba@kernel.org kadlec@netfilter.org davem@davemloft.net coreteam@netfilter.org |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | fail | Was 0 now: 1 |
| netdev/build_32bit | success | Errors and warnings before: 44 this patch: 44 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 9 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 36 this patch: 36 |
| netdev/header_inline | success | Link |
| netdev/stable | success | Stable not CCed |
Jesper Dangaard Brouer <brouer@redhat.com> wrote: > The old way of changing the conntrack hashsize runtime was through changing > the module param via file /sys/module/nf_conntrack/parameters/hashsize. This > was extended to sysctl change in commit 3183ab8997a4 ("netfilter: conntrack: > allow increasing bucket size via sysctl too"). > > The commit introduced second "user" variable nf_conntrack_htable_size_user > which shadow actual variable nf_conntrack_htable_size. When hashsize is > changed via module param this "user" variable isn't updated. This results in > sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users > update via the old way. Oh, right! Acked-by: Florian Westphal <fw@strlen.de>
On Fri, Jan 08, 2021 at 12:44:33PM +0100, Jesper Dangaard Brouer wrote: > The old way of changing the conntrack hashsize runtime was through changing > the module param via file /sys/module/nf_conntrack/parameters/hashsize. This > was extended to sysctl change in commit 3183ab8997a4 ("netfilter: conntrack: > allow increasing bucket size via sysctl too"). > > The commit introduced second "user" variable nf_conntrack_htable_size_user > which shadow actual variable nf_conntrack_htable_size. When hashsize is > changed via module param this "user" variable isn't updated. This results in > sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users > update via the old way. > > This patch fix the issue by always updating "user" variable when reading the > proc file. This will take care of changes to the actual variable without > sysctl need to be aware. Applied, thanks.
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 46c5557c1fec..0ee702d374b0 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -523,6 +523,9 @@ nf_conntrack_hash_sysctl(struct ctl_table *table, int write, { int ret; + /* module_param hashsize could have changed value */ + nf_conntrack_htable_size_user = nf_conntrack_htable_size; + ret = proc_dointvec(table, write, buffer, lenp, ppos); if (ret < 0 || !write) return ret;
The old way of changing the conntrack hashsize runtime was through changing the module param via file /sys/module/nf_conntrack/parameters/hashsize. This was extended to sysctl change in commit 3183ab8997a4 ("netfilter: conntrack: allow increasing bucket size via sysctl too"). The commit introduced second "user" variable nf_conntrack_htable_size_user which shadow actual variable nf_conntrack_htable_size. When hashsize is changed via module param this "user" variable isn't updated. This results in sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users update via the old way. This patch fix the issue by always updating "user" variable when reading the proc file. This will take care of changes to the actual variable without sysctl need to be aware. Fixes: 3183ab8997a4 ("netfilter: conntrack: allow increasing bucket size via sysctl too") Reported-by: Yoel Caspersen <yoel@kviknet.dk> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> --- net/netfilter/nf_conntrack_standalone.c | 3 +++ 1 file changed, 3 insertions(+)