Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp964682iob; Fri, 13 May 2022 17:56:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyB0xgQrgfs0tmKjwAJ3eLudf4c1ZU/8o8UzwmVggowQ5DkomzzYoaT7RXRgRvPq50spjZd X-Received: by 2002:a05:600c:358d:b0:394:8343:a67a with SMTP id p13-20020a05600c358d00b003948343a67amr17523565wmq.189.1652489789489; Fri, 13 May 2022 17:56:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652489789; cv=none; d=google.com; s=arc-20160816; b=AnX2pNueuHQ7AUqS9I00lE5g4B2qTcLuhZQ8OqTa9G56o3HfEi+XGI36MXEDJlK4bO W7dMJYDSKB7TWTHEllgenUnGMkmFZkEexAbgEZIaYV/v3b4MSond8cq8W29IxeUE+1wo mN1EZmBEq/L8a8NdgTALBDOshAR1Dc7ovdwRfJiNiHHi1IloK1Cp/FaVh4P5TkNJxni/ ApTGTGWYXKuMfv0fTnuY3P1kc1Q0GPSAA2mHh2011Dq5KUXDVZhhGYKga6X+rIIm5T4h ieodFsmiWz0y7FTzs7NoYftmK6Pn3Bx6mwIrccxLFLrpDQFBmD0mdTxjHqJYttUYLCGw Fa5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Xz4SgEjso1Kq52nFkHQtcRAidYtGUrNRqLkLtyngq0g=; b=Mm/SkjsmwcXU8fZe4+E79ZVCZOBMuaZVkP/+6H6dRj5bj3RDh50kR4LSsp50SiA8Hz gp7LWO6TuptXeU8jsd3+PozjsCapYgu90uVtD4E/U39MXxi71LyCBuOmVibsfHH/uC+o yoeHyjX72QJFFrCOAX1ilZvyIXdHeB6rtVbb5mFDDI/vAmC2lbFwWI5XuQ9LXuQ3kSye /Omz72ljguVZX3epIFvNLYqr0ZfI+qUkJdy+9840SR0HZiTXa6Z/3dfKkpbStqutQY+F STrDkLZUfKm9VfJ0G7+iC8NTZHMCynp0zEOyLOi2lLNw36m+aqfcmygFu2SkHLthoIax B9mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HdwjD3Yz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id p16-20020adfce10000000b00205c91150easi3617789wrn.136.2022.05.13.17.56.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:56:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HdwjD3Yz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7F28230B2FC; Fri, 13 May 2022 16:31:55 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352556AbiELKTc (ORCPT + 99 others); Thu, 12 May 2022 06:19:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352509AbiELKT3 (ORCPT ); Thu, 12 May 2022 06:19:29 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0AE1D21B14C for ; Thu, 12 May 2022 03:19:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652350767; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xz4SgEjso1Kq52nFkHQtcRAidYtGUrNRqLkLtyngq0g=; b=HdwjD3YzVqExUMzz2/jD25iaA+C1+QJPl5gWysiPl4hlGgIkdFVL5S/txxy9JQPasHD028 +H+WKzORS35ZlYJ7VhnfGIsB8tWAElDv9TqWsob3SzSCDGd3PnK66+Svs+mcplxcE69OIc tGSBYnMTziwKxZwq5Gl17+A+TiHHd60= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-301-tNnlVfBIO0iEMaU2Fk1lbw-1; Thu, 12 May 2022 06:19:25 -0400 X-MC-Unique: tNnlVfBIO0iEMaU2Fk1lbw-1 Received: by mail-ej1-f70.google.com with SMTP id t4-20020a170906608400b006f8687b8884so2647285ejj.0 for ; Thu, 12 May 2022 03:19:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Xz4SgEjso1Kq52nFkHQtcRAidYtGUrNRqLkLtyngq0g=; b=hnUwkPT7Q0ygJaQ+9IMJxZAQUKG8aK0NPfzV6ammjX1fR8vbqcY3/gfLTRzz/4CyVJ wTlWGpTay0kRHjofj9s1M5xJ3ucCTtAJccJ4w3Cz49XPvWtMb/2RZOc0FruM3oKCcG1c 428FirzM1py6Sze19ZuGw/Y8iu0knYPNp0Rs2C+K/YHp6innGNjXK9T6CYF+a9H65Hnd vhcIgHidBMkX+Tt62pJpINS6iETEh5RIOMBcM/USY3+ybNbLbwy23qiuJ2oWlFKtjV8t KnLXxJOySEHkZ3x+blt4XofcbiDj8mseMTOEZbj4IV8IjKUHQNBg/cabTXS7ybzuKN8b XdpQ== X-Gm-Message-State: AOAM531Fcu4BOLcOc+GiZVS6h5sbDd3LlSCajTzQ+SJC81SbnUtcAvWz J8nPSzNiJR+2r+bTSTT0q4SgUv7fcF1yq37pLlCvN5FeskmcSe7OlBGrm//uUusORpYAfsIcNYI /ABsmyRRik6ZWCquvnQvqy27y X-Received: by 2002:a17:907:3e99:b0:6f3:d1e1:23ae with SMTP id hs25-20020a1709073e9900b006f3d1e123aemr30057429ejc.470.1652350764653; Thu, 12 May 2022 03:19:24 -0700 (PDT) X-Received: by 2002:a17:907:3e99:b0:6f3:d1e1:23ae with SMTP id hs25-20020a1709073e9900b006f3d1e123aemr30057402ejc.470.1652350764387; Thu, 12 May 2022 03:19:24 -0700 (PDT) Received: from [10.39.193.10] (5920ab7b.static.cust.trined.nl. [89.32.171.123]) by smtp.gmail.com with ESMTPSA id d17-20020a170906641100b006f3ef214da1sm1987961ejm.7.2022.05.12.03.19.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 May 2022 03:19:23 -0700 (PDT) From: Eelco Chaudron To: Vlad Buslov , Toms Atteka Cc: Roi Dayan , Ilya Maximets , Aaron Conole , Jakub Kicinski , "David S. Miller" , Pravin B Shelar , netdev@vger.kernel.org, dev@openvswitch.org, linux-kernel@vger.kernel.org, Johannes Berg , Maor Dickman Subject: Re: [PATCH net-next v2] net: openvswitch: fix uAPI incompatibility with existing user space Date: Thu, 12 May 2022 12:19:23 +0200 X-Mailer: MailMate (1.14r5895) Message-ID: <4778B505-DBF5-4F57-90AF-87F12C1E0311@redhat.com> In-Reply-To: <9cc34fbc-3fd6-b529-7a05-554224510452@ovn.org> References: <20220309222033.3018976-1-i.maximets@ovn.org> <44eeb550-3310-d579-91cc-ec18b59966d2@nvidia.com> <1a185332-3693-2750-fef2-f6938bbc8500@ovn.org> <87k0c171ml.fsf@nvidia.com> <9cc34fbc-3fd6-b529-7a05-554224510452@ovn.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7 Apr 2022, at 12:22, Ilya Maximets wrote: > On 4/7/22 10:02, Vlad Buslov wrote: >> On Mon 14 Mar 2022 at 20:40, Ilya Maximets wrote:= >>> On 3/14/22 19:33, Roi Dayan wrote: >>>> >>>> >>>> On 2022-03-10 8:44 PM, Aaron Conole wrote: >>>>> Ilya Maximets writes: >>>>> >>>>>> Few years ago OVS user space made a strange choice in the commit [= 1] >>>>>> to define types only valid for the user space inside the copy of a= >>>>>> kernel uAPI header.=C2=A0 '#ifndef __KERNEL__' and another attribu= te was >>>>>> added later. >>>>>> >>>>>> This leads to the inevitable clash between user space and kernel t= ypes >>>>>> when the kernel uAPI is extended.=C2=A0 The issue was unveiled wit= h the >>>>>> addition of a new type for IPv6 extension header in kernel uAPI. >>>>>> >>>>>> When kernel provides the OVS_KEY_ATTR_IPV6_EXTHDRS attribute to th= e >>>>>> older user space application, application tries to parse it as >>>>>> OVS_KEY_ATTR_PACKET_TYPE and discards the whole netlink message as= >>>>>> malformed.=C2=A0 Since OVS_KEY_ATTR_IPV6_EXTHDRS is supplied along= with >>>>>> every IPv6 packet that goes to the user space, IPv6 support is ful= ly >>>>>> broken. >>>>>> >>>>>> Fixing that by bringing these user space attributes to the kernel >>>>>> uAPI to avoid the clash.=C2=A0 Strictly speaking this is not the p= roblem >>>>>> of the kernel uAPI, but changing it is the only way to avoid break= age >>>>>> of the older user space applications at this point. >>>>>> >>>>>> These 2 types are explicitly rejected now since they should not be= >>>>>> passed to the kernel.=C2=A0 Additionally, OVS_KEY_ATTR_TUNNEL_INFO= moved >>>>>> out from the '#ifdef __KERNEL__' as there is no good reason to hid= e >>>>>> it from the userspace.=C2=A0 And it's also explicitly rejected now= , because >>>>>> it's for in-kernel use only. >>>>>> >>>>>> Comments with warnings were added to avoid the problem coming back= =2E >>>>>> >>>>>> (1 << type) converted to (1ULL << type) to avoid integer overflow = on >>>>>> OVS_KEY_ATTR_IPV6_EXTHDRS, since it equals 32 now. >>>>>> >>>>>> =C2=A0 [1] beb75a40fdc2 ("userspace: Switching of L3 packets in L2= pipeline") >>>>>> >>>>>> Fixes: 28a3f0601727 ("net: openvswitch: IPv6: Add IPv6 extension h= eader support") >>>>>> Link: https://lore.kernel.org/netdev/3adf00c7-fe65-3ef4-b6d7-6d8a0= cad8a5f@nvidia.com >>>>>> Link: https://github.com/openvswitch/ovs/commit/beb75a40fdc295bfd6= 521b0068b4cd12f6de507c >>>>>> Reported-by: Roi Dayan >>>>>> Signed-off-by: Ilya Maximets >>>>>> --- >>>>> >>>>> Acked-by: Aaron Conole >>>>> >>>> >>>> >>>> >>>> I got to check traffic with the fix and I do get some traffic >>>> but something is broken. I didn't investigate much but the quick >>>> test shows me rules are not offloaded and dumping ovs rules gives >>>> error like this >>>> >>>> recirc_id(0),in_port(enp8s0f0_1),ct_state(-trk),eth(),eth_type(0x86d= d),ipv6(frag=3Dno)(bad >>>> key length 2, expected -1)(00 00/(bad mask length 2, expected -1)(00= 00), >>>> packets:2453, bytes:211594, used:0.004s, flags:S., actions:ct,recirc= (0x2) >>> >>> Such a dump is expected, because kernel parses fields that current >>> userspace doesn't understand, and at the same time OVS by design is >>> using kernel provided key/mask while installing datapath rules, IIRC.= >>> It should be possible to make these dumps a bit more friendly though.= >>> >>> For the offloading not working, see my comment in the v2 patch email >>> I sent (top email of this thread). In short, it's a problem in user >>> space and it can not be fixed from the kernel side, unless we revert >>> IPv6 extension header support and never add any new types, which is >>> unreasonable. I didn't test any actual offloading, but I had a >>> successful run of 'make check-offloads' with my quick'n'dirty fix fro= m >>> the top email. >> >> Hi Ilya, >> >> I can confirm that with latest OvS master IPv6 rules offload still fai= ls >> without your pastebin code applied. >> >>> >>> Since we're here: >>> >>> Toms, do you plan to submit user space patches for this feature? >> >> I see there is a patch from you that is supposed to fix compatibility >> issues caused by this change in OvS d96d14b14733 ("openvswitch.h: Alig= n >> uAPI definition with the kernel."), but it doesn't fix offload for me >> without pastebin patch. > > Yes. OVS commit d96d14b14733 is intended to only fix the uAPI. > Issue with offload is an OVS bug that should be fixed separately. > The fix will also need to be backported to OVS stable branches. > >> Do you plan to merge that code into OvS or you >> require some help from our side? > > I could do that, but I don't really have enough time. So, if you > can work on that fix, it would be great. Note that comments inside > the OVS's lib/odp-util.c:parse_key_and_mask_to_match() was blindly > copied from the userspace datapath and are incorrect for the general > case, so has to be fixed alongside the logic of that function. Tom or Vlad, are you working on this? Asking, as the release of a kernel = with Tom=E2=80=99s =E2=80=9Cnet: openvswitch: IPv6: Add IPv6 extension he= ader support=E2=80=9D patch will break OVS. //Eelco