On Wed, Jun 11, 2014 at 03:55:18PM +0400, Kirill Tkhai wrote: > В Ср, 11/06/2014 в 13:49 +0200, Pablo Neira Ayuso пишет: > > On Wed, Jun 11, 2014 at 03:44:39PM +0400, Kirill Tkhai wrote: > > > Hi, Pablo, > > > > > > В Пн, 28/04/2014 в 16:23 +0200, Pablo Neira Ayuso пишет: > > > > Hi, > > > > > > > > On Mon, Apr 07, 2014 at 03:58:49PM +0400, Kirill Tkhai wrote: > > > > > Clusterip target does dev_hold() in .checkentry, while dev_put() in .destroy. > > > > > So, unregister_netdevice catches the leak: > > > > > > > > > > # modprobe dummy > > > > > # iptables -A INPUT -d 10.31.3.236 -j CLUSTERIP --new --hashmode sourceip -i dummy0 --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2 --local-node 1 > > > > > # rmmod dummy > > > > > > > > > > Message from syslogd@localhost ... > > > > > kernel: unregister_netdevice: waiting for dummy0 to become free. Usage count = 1 > > > > > > > > > [...] > > > > > 1 file changed, 134 insertions(+), 12 deletions(-) > > > > > > > > I have spinned several times on this patch, and I'm not very happy > > > > with taking this fix: > > > > > > > > 1) It's quite large fix for a situation that seems unlikely to me. > > > > > > We have several reports from containers users, who bumped into this. > > > The hang happens on netns stop, it's 100% reproducible. Every time > > > a container is stopping or a device is going away, the unregistration > > > fails and hungs if CLUSTERIP is used. So, we'd want to have some fix > > > of this. > > > > How it this combination being triggered there? I mean: > > > > # modprobe dummy > > # iptables -A INPUT -d 10.31.3.236 -j CLUSTERIP ... > > # rmmod dummy > > > > Is it something included in some scripts that automate the setup? > > It's a sample of how to trigger this. The problem is not in rmmod. > > Really it happens when container is stopping and device is going away. > It's not OpenVZ related, current LXC has the same problem. But that sample should be really easy to trigger if you're getting lost of reports for this. Are your users really hitting that problem by accident? It seems quite rare condition to me. Please, clarify. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
