This change is backported from the mainline:
commit 0924c5a0cbed5831a2a0ff2f9a19692265f1ab92
Author: Stephen Kitt <email address hidden>
Date: Thu Mar 24 18:11:59 2022 +0100
ipmi: use simple i2c probe function
The i2c probe functions here don't use the id information provided in
their second argument, so the single-parameter i2c probe function
("probe_new") can be used instead.
This avoids scanning the identifier tables during probes.
The above commit makes modifications to 3 files:
ipmb_dev_int.c, ipmi_ipmb.c and ipmi_ssif.c
We can't cherry-pick it because ipmi_ipmb.c doesn't exist on 5.4.
So just backport the change in ipmb_dev_int.c
The block-write function of the core was not used because there was no
client-struct to use. However, in this case it seems apropriate to use a
temporary client struct. Because we are answering a request we recieved
when being a client ourselves. So, convert the code to use a temporary
client and use the block-write function of the I2C core.
TRIO IRQs are triggered during mlxfwreset and the prints from
the handler are misleading in such instances.
So replace the dev_err calls with pr_debug.
1. ct gc may race to undo the timeout adjustment of the packet path, leaving
the conntrack entry in place with the internal offload timeout (one day).
2. ct gc removes the ct because the IPS_OFFLOAD_BIT is not set and the CLOSE
timeout is reached before the flow offload del.
3. tcp ct is always set to ESTABLISHED with a very long timeout
in flow offload teardown/delete even though the state might be already
CLOSED. Also as a remark we cannot assume that the FIN or RST packet
is hitting flow table teardown as the packet might get bumped to the
slow path in nftables.
This patch resets IPS_OFFLOAD_BIT from flow_offload_teardown(), so
conntrack handles the tcp rst/fin packet which triggers the CLOSE/FIN
state transition.
Moreover, teturn the connection's ownership to conntrack upon teardown
by clearing the offload flag and fixing the established timeout value.
The flow table GC thread will asynchonrnously free the flow table and
hardware offload entries.
Before this patch, the IPS_OFFLOAD_BIT remained set for expired flows on
which is also misleading since the flow is back to classic conntrack
path.
If nf_ct_delete() removes the entry from the conntrack table, then it
calls nf_ct_put() which decrements the refcnt. This is not a problem
because the flowtable holds a reference to the conntrack object from
flow_offload_alloc() path which is released via flow_offload_free().
This patch also updates nft_flow_offload to skip packets in SYN_RECV
state. Since we might miss or bump packets to slow path, we do not know
what will happen there while we are still in SYN_RECV, this patch
postpones offload up to the next packet which also aligns to the
existing behaviour in tc-ct.
flow_offload_teardown() does not reset the existing tcp state from
flow_offload_fixup_tcp() to ESTABLISHED anymore, packets bump to slow
path might have already update the state to CLOSE/FIN.
Joint work with Oz and Sven.
Fixes: 1e5b2471bcc4 ("netfilter: nf_flow_table: teardown flow timeout race")
Signed-off-by: Oz Shlomo <email address hidden>
Signed-off-by: Sven Auhagen <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
(backported from commit e5eaac2beb54f0a16ff851125082d9faeb475572 linux-next)
Signed-off-by: Bodong Wang <email address hidden>
[bodong: ignore the unused functions]
These two sysctls were added because the hardcoded defaults (2 minutes,
tcp, 30 seconds, udp) turned out to be too low for some setups.
They appeared in 5.14-rc1 so it should be fine to remove it again.
Marcelo convinced me that there should be no difference between a flow
that was offloaded vs. a flow that was not wrt. timeout handling.
Thus the default is changed to those for TCP established and UDP stream,
5 days and 120 seconds, respectively.
Marcelo also suggested to account for the timeout value used for the
offloading, this avoids increase beyond the value in the conntrack-sysctl
and will also instantly expire the conntrack entry with altered sysctls.
This will remove offloaded udp flows after one minute, rather than two.
An earlier version of this patch also cleared the ASSURED bit to
allow nf_conntrack to evict the entry via early_drop (i.e., table full).
However, it looks like we can safely assume that connection timed out
via HW is still in established state, so this isn't needed.
Quoting Oz:
[..] the hardware sends all packets with a set FIN flags to sw.
[..] Connections that are aged in hardware are expected to be in the
established state.
In case it turns out that back-to-sw-path transition can occur for
'dodgy' connections too (e.g., one side disappeared while software-path
would have been in RETRANS timeout), we can adjust this later.
Cc: Oz Shlomo <email address hidden>
Cc: Paul Blakey <email address hidden>
Suggested-by: Marcelo Ricardo Leitner <email address hidden>
Signed-off-by: Florian Westphal <email address hidden>
Reviewed-by: Marcelo Ricardo Leitner <email address hidden>
Reviewed-by: Oz Shlomo <email address hidden>
Signed-off-by: Pablo Neira Ayuso <email address hidden>
(backported from commit 4592ee7f525c4683ec9e290381601fdee50ae110)
Signed-off-by: Bodong Wang <email address hidden>
[bodong: remove doc file]
7 branches
proposed for merging into this one.
