Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1000646iob; Fri, 13 May 2022 19:10:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzKPkxqk5DnK0My5e7oDUMb63A0c/xUbsfbyw+cxz5OnlRqVA0jDNTjOCsQIui6af6zXrCX X-Received: by 2002:a05:6000:1acd:b0:20c:726a:3840 with SMTP id i13-20020a0560001acd00b0020c726a3840mr5841535wry.507.1652494252900; Fri, 13 May 2022 19:10:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652494252; cv=pass; d=google.com; s=arc-20160816; b=O9V/k0+0dQjXDIsPzrXU0eGezw/c9C65zux5zDw3wpIROjSdsxI28KY9n5y2BRiQ6j zzffsfshA25OUbm6W/sgfl4QKXYUUeFyIavUNropg+gpErslkNnr6rR/r+bJfAnWHGf6 CSvdaqE4gvLaKCQcjiXUR2FC3EQmUK2RvEY2uuhAMd9w5GAmuF0f520k/VMIR/9xMaa5 JN2tNeVTtdlqEcHdg58DaWogllfZiiUyRy76bPqzQ8FBhRhWjBLaPuoxWoi9K22zEl2H uAs676UBtuI483FQnwe5pEYWYlnq/WFHgHVVqei3RhOk7hOiwJZVuUtNKNXYaIqEdNBM 9oVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:in-reply-to:date:subject:cc:to:from:user-agent :references:dkim-signature; bh=nzfQFyYsTC9krrhPlLAQ5WKMpAY5HVgaBIJqVfEEBLc=; b=r3HxW8N1WoepUnTYfAadee9Uc27GlQTD2XJ7kVlvXgDlMPvxu9ivlzlTxoPqjtlbbP Q1DJgf8q3k3Gq5JR0gPaw3XOz7NEKdUiqp5AXjwuw0QeT4PRfUOaDZpY92yM/1LuEaof fsrfQN9XLIjeLu149dfQMRWWCWI7qRjMIsthsrEtRBXkQmbGZ/FbYoJiI+L2a6zonfbw LBjtrJsKx/uR51OwbrRg9K6fLN2duY6NHb/q3mGMRy4sAztt8hnWhKf64PNkb9NfLmUB 9WNNs6GBI9eUoeP/Q9MUiBqz/ogMKlbqLdjA2BzzZzF/4Yfno7jFAuFdG9cJD6rJedRz ixBQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=KjZZ9gh5; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id a12-20020adffacc000000b00207a9b9c88bsi3850408wrs.870.2022.05.13.19.10.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 19:10:52 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@Nvidia.com header.s=selector2 header.b=KjZZ9gh5; arc=pass (i=1 spf=pass spfdomain=nvidia.com dmarc=pass fromdomain=nvidia.com); spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=nvidia.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0A13C498028; Fri, 13 May 2022 17:29:46 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352970AbiELLK2 (ORCPT + 99 others); Thu, 12 May 2022 07:10:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352931AbiELLK0 (ORCPT ); Thu, 12 May 2022 07:10:26 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2059.outbound.protection.outlook.com [40.107.243.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83DF7236747; Thu, 12 May 2022 04:10:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V2F7ttlR+HxUXqb33hZ1/SReu/0D40+GRJc4FOMj2VdXQMvPofuOGzKWUfjAixT0Qt5N1GIO6l0d8Nyc8N+udOZuRJDCywkPg3xoTISLPrpGwsRTj+V5sYuiHLaEET+TTtaae5/aeKqJJthy9So40txYesjg7TLJ7feWO/K5qWBidl7XoM3RqKXHJVrDGdkj0xSRMMDwETi3o9CxiBNwbJW7l420BhrVIUUOL+vHv/ZJiXeuPe8cGL8KpFr6QQ/xU+iT21sd29w/+Yqub7KwbpmNXvqM7W0BdD0dL3OFd9mgRc3ylYrvGZGqJFZa7iyMvNezF1JOWvVMXddirNx8oQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nzfQFyYsTC9krrhPlLAQ5WKMpAY5HVgaBIJqVfEEBLc=; b=l7aVrMIYjGss4lzOlvMV2vNNUjSlf7VBGwlsoF8uP0K421D7QGkXJIRmnDawhJW2UZx7VqOyzFfhef9c5PTiqjgPdjiLa7DckxRTlOSgHSAJ+6mM98Jikfq6wXwj2rb07KyBGzY/BvLXP8ngJPw1kiE+8j2IkYuZS1kK8AuLMEMusgUIk5L3yWJwDAztxfhceLDIJ1nODYuw34G/EsIldJmKwRY5Ly+A13a8RLeriAMaPs5J89oWCvmTHE5Ruw9O7M0Z7lBa+45IzaT1EETBzH4OvAabt8qqwjMZDXQMZJ2EWS1h0cmg/cAYfGYTSUfz1bwjQwTIJEaEPe8m+eM7eg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.238) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nzfQFyYsTC9krrhPlLAQ5WKMpAY5HVgaBIJqVfEEBLc=; b=KjZZ9gh5zqJ+wXOI9MF8THqe1FAzrlCRSunB2jI8cV3XQIYugzQBpC708Q50xAWXLaJK9SM4x14dE744Tcx0CGFbSq8w18vfHv72DjbRYNlsRGSqCfNE3j6eNfbG2U/H+UneG/Y+gmU0r7437hWP3vdwBF6dKDeRnqVjn8TlmWpn0Scezb+vkXs1s5znrIZtd5Wo7qQfMPkHVMvkRiIBPkcjMhCYK/9tqaq/i7OhsXaqELUD3uAkWx1eiTRs5pYU6Vy3uJhEGI94AYjNvKAPNcKFbeZEhR4OFNOL7FT2TLildXWUOQODMjJlR4LijBHl53KYTvX8bRJls6c9hJmoTQ== Received: from MW4P223CA0020.NAMP223.PROD.OUTLOOK.COM (2603:10b6:303:80::25) by BL3PR12MB6547.namprd12.prod.outlook.com (2603:10b6:208:38e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Thu, 12 May 2022 11:10:22 +0000 Received: from CO1NAM11FT029.eop-nam11.prod.protection.outlook.com (2603:10b6:303:80:cafe::a1) by MW4P223CA0020.outlook.office365.com (2603:10b6:303:80::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.24 via Frontend Transport; Thu, 12 May 2022 11:10:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.238) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.238 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.238; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.238) by CO1NAM11FT029.mail.protection.outlook.com (10.13.174.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5250.13 via Frontend Transport; Thu, 12 May 2022 11:10:21 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL105.nvidia.com (10.27.9.14) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Thu, 12 May 2022 11:10:21 +0000 Received: from fedora.nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 12 May 2022 04:10:17 -0700 References: <20220309222033.3018976-1-i.maximets@ovn.org> <44eeb550-3310-d579-91cc-ec18b59966d2@nvidia.com> <1a185332-3693-2750-fef2-f6938bbc8500@ovn.org> <87k0c171ml.fsf@nvidia.com> <9cc34fbc-3fd6-b529-7a05-554224510452@ovn.org> <4778B505-DBF5-4F57-90AF-87F12C1E0311@redhat.com> User-agent: mu4e 1.6.6; emacs 27.2 From: Vlad Buslov To: Eelco Chaudron CC: Toms Atteka , Roi Dayan , "Ilya Maximets" , Aaron Conole , "Jakub Kicinski" , "David S. Miller" , "Pravin B Shelar" , , , , Johannes Berg , Maor Dickman Subject: Re: [PATCH net-next v2] net: openvswitch: fix uAPI incompatibility with existing user space Date: Thu, 12 May 2022 13:08:14 +0300 In-Reply-To: <4778B505-DBF5-4F57-90AF-87F12C1E0311@redhat.com> Message-ID: <87lev783k8.fsf@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3304a42f-b778-43eb-77ba-08da340801a5 X-MS-TrafficTypeDiagnostic: BL3PR12MB6547:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KJJ4k8Pko3ikkwMjy9MFN00FBTstnrl5MZiNMCU92zgURY8aXDG+NPPllCJege5lioWZGk4eXhMzpPhfkMXbxr/NV5zVE3ej4t32ZEj5kkzdGcWslxEpPp/u3dqh1GCPfqCwo5PuuByPzHMVXiwCa1akfyPFcCS0RnsJXyhJJXWxWRFExC+Vs5blpaNTcN24zulnsMYcps8GQlP54uLimG4n0ZAYh0/vBTpTZ6SgnKvQNuGRiKmUvGREUJocL4ifemPwJ3HnCV7jxrNMJSVR3yXuJhuQGDG2/mZKERjhn3COa+SvYORKnjlq6eq7PUUVxJov7UPmrVWSbvMoKRBXALuof/Zy+K59U8D81V4dVE3Scj0zKSsXWNePfuJaEzPf7nvsp3nWIe09X6ilJHpI9Cdm5MMWSNjsnq1stQevDr+aMhq84zlnVw1ufibknWh8kP636cafYJ0uKqGta1FSgWEFqGdyOh5LqgU2hGW369V+gtqVlukB5iIWOzzNz2DFA2rwSmFg68xFoUff1VKKnMerhjFpJJeKdHnzFhTye/mLvPDHAaU6sytCzc1T63CGACxtrJsna5nlkscxBQIeHllloJL+xRWi7Kgq8saS8K7m9r3h5ikqmlN5T/G3RTYAT2qunEpF9Peifas/J9WHC8t1SqCuqXMz5HQxWGEsE1z/oEeUUPgUyZ1Pz+WNXcjUdUQIt+F6eQC+Qcus+r1McIZhlNFTaw/iF/JDqJqhZn7iKFaJdnBA/LCQWprmJjHlKAoKtO/As6Fjpq+ihkg2fzKYSRIbkI0t2dlQXxOV75O45cMd4cs8YOLpRg89SL2OjatVdRsPj3i64wpxwM5fAg== X-Forefront-Antispam-Report: CIP:12.22.5.238;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:InfoNoRecords;CAT:NONE;SFS:(13230001)(4636009)(40470700004)(46966006)(36840700001)(2906002)(81166007)(7416002)(426003)(356005)(40460700003)(70586007)(8676002)(336012)(47076005)(6916009)(70206006)(36860700001)(4326008)(53546011)(8936002)(6666004)(86362001)(966005)(7696005)(316002)(83380400001)(26005)(82310400005)(5660300002)(36756003)(186003)(2616005)(16526019)(508600001)(107886003)(54906003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2022 11:10:21.7256 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3304a42f-b778-43eb-77ba-08da340801a5 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[12.22.5.238];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT029.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR12MB6547 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 12 May 2022 at 12:19, Eelco Chaudron wrote: > On 7 Apr 2022, at 12:22, Ilya Maximets wrote: > >> On 4/7/22 10:02, Vlad Buslov wrote: >>> On Mon 14 Mar 2022 at 20:40, Ilya Maximets wrote: >>>> On 3/14/22 19:33, Roi Dayan wrote: >>>>> >>>>> >>>>> On 2022-03-10 8:44 PM, Aaron Conole wrote: >>>>>> Ilya Maximets writes: >>>>>> >>>>>>> Few years ago OVS user space made a strange choice in the commit [1] >>>>>>> to define types only valid for the user space inside the copy of a >>>>>>> kernel uAPI header.=C2=A0 '#ifndef __KERNEL__' and another attribut= e was >>>>>>> added later. >>>>>>> >>>>>>> This leads to the inevitable clash between user space and kernel ty= pes >>>>>>> when the kernel uAPI is extended.=C2=A0 The issue was unveiled with= the >>>>>>> addition of a new type for IPv6 extension header in kernel uAPI. >>>>>>> >>>>>>> When kernel provides the OVS_KEY_ATTR_IPV6_EXTHDRS attribute to the >>>>>>> older user space application, application tries to parse it as >>>>>>> OVS_KEY_ATTR_PACKET_TYPE and discards the whole netlink message as >>>>>>> malformed.=C2=A0 Since OVS_KEY_ATTR_IPV6_EXTHDRS is supplied along = with >>>>>>> every IPv6 packet that goes to the user space, IPv6 support is fully >>>>>>> broken. >>>>>>> >>>>>>> Fixing that by bringing these user space attributes to the kernel >>>>>>> uAPI to avoid the clash.=C2=A0 Strictly speaking this is not the pr= oblem >>>>>>> of the kernel uAPI, but changing it is the only way to avoid breaka= ge >>>>>>> of the older user space applications at this point. >>>>>>> >>>>>>> These 2 types are explicitly rejected now since they should not be >>>>>>> passed to the kernel.=C2=A0 Additionally, OVS_KEY_ATTR_TUNNEL_INFO = moved >>>>>>> out from the '#ifdef __KERNEL__' as there is no good reason to hide >>>>>>> it from the userspace.=C2=A0 And it's also explicitly rejected now,= because >>>>>>> it's for in-kernel use only. >>>>>>> >>>>>>> Comments with warnings were added to avoid the problem coming back. >>>>>>> >>>>>>> (1 << type) converted to (1ULL << type) to avoid integer overflow on >>>>>>> OVS_KEY_ATTR_IPV6_EXTHDRS, since it equals 32 now. >>>>>>> >>>>>>> =C2=A0 [1] beb75a40fdc2 ("userspace: Switching of L3 packets in L2 = pipeline") >>>>>>> >>>>>>> Fixes: 28a3f0601727 ("net: openvswitch: IPv6: Add IPv6 extension he= ader support") >>>>>>> Link: https://lore.kernel.org/netdev/3adf00c7-fe65-3ef4-b6d7-6d8a0c= ad8a5f@nvidia.com >>>>>>> Link: https://github.com/openvswitch/ovs/commit/beb75a40fdc295bfd65= 21b0068b4cd12f6de507c >>>>>>> Reported-by: Roi Dayan >>>>>>> Signed-off-by: Ilya Maximets >>>>>>> --- >>>>>> >>>>>> Acked-by: Aaron Conole >>>>>> >>>>> >>>>> >>>>> >>>>> I got to check traffic with the fix and I do get some traffic >>>>> but something is broken. I didn't investigate much but the quick >>>>> test shows me rules are not offloaded and dumping ovs rules gives >>>>> error like this >>>>> >>>>> recirc_id(0),in_port(enp8s0f0_1),ct_state(-trk),eth(),eth_type(0x86dd= ),ipv6(frag=3Dno)(bad >>>>> key length 2, expected -1)(00 00/(bad mask length 2, expected -1)(00 = 00), >>>>> packets:2453, bytes:211594, used:0.004s, flags:S., actions:ct,recirc(= 0x2) >>>> >>>> Such a dump is expected, because kernel parses fields that current >>>> userspace doesn't understand, and at the same time OVS by design is >>>> using kernel provided key/mask while installing datapath rules, IIRC. >>>> It should be possible to make these dumps a bit more friendly though. >>>> >>>> For the offloading not working, see my comment in the v2 patch email >>>> I sent (top email of this thread). In short, it's a problem in user >>>> space and it can not be fixed from the kernel side, unless we revert >>>> IPv6 extension header support and never add any new types, which is >>>> unreasonable. I didn't test any actual offloading, but I had a >>>> successful run of 'make check-offloads' with my quick'n'dirty fix from >>>> the top email. >>> >>> Hi Ilya, >>> >>> I can confirm that with latest OvS master IPv6 rules offload still fails >>> without your pastebin code applied. >>> >>>> >>>> Since we're here: >>>> >>>> Toms, do you plan to submit user space patches for this feature? >>> >>> I see there is a patch from you that is supposed to fix compatibility >>> issues caused by this change in OvS d96d14b14733 ("openvswitch.h: Align >>> uAPI definition with the kernel."), but it doesn't fix offload for me >>> without pastebin patch. >> >> Yes. OVS commit d96d14b14733 is intended to only fix the uAPI. >> Issue with offload is an OVS bug that should be fixed separately. >> The fix will also need to be backported to OVS stable branches. >> >>> Do you plan to merge that code into OvS or you >>> require some help from our side? >> >> I could do that, but I don't really have enough time. So, if you >> can work on that fix, it would be great. Note that comments inside >> the OVS's lib/odp-util.c:parse_key_and_mask_to_match() was blindly >> copied from the userspace datapath and are incorrect for the general >> case, so has to be fixed alongside the logic of that function. > > Tom or Vlad, are you working on this? Asking, as the release of a kernel = with > Tom=E2=80=99s =E2=80=9Cnet: openvswitch: IPv6: Add IPv6 extension header = support=E2=80=9D patch will > break OVS. > > //Eelco Hi Eelco, My simple fix for OvS was rejected and I don't have time to rework it at the moment. Regards, Vlad