From: Jamal Hadi Salim <jhs@mojatatu.com>
To: Davide Caratti <dcaratti@redhat.com>
Cc: Jiri Pirko <jiri@resnulli.us>, Xin Long <lucien.xin@gmail.com>,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
wizhao@redhat.com, Cong Wang <xiyou.wangcong@gmail.com>,
Florian Westphal <fw@strlen.de>
Subject: Mirred broken WAS(Re: [PATCH net-next 2/2] act_mirred: use the backlog for nested calls to mirred ingress
Date: Mon, 4 Dec 2023 15:24:09 -0500 [thread overview]
Message-ID: <CAM0EoMn4C-zwrTCGzKzuRYukxoqBa8tyHyFDwUSZYwkMOUJ4Lw@mail.gmail.com> (raw)
In-Reply-To: <5fdd584d53f0807f743c07b1c0381cf5649495cd.1674233458.git.dcaratti@redhat.com>
On Fri, Jan 20, 2023 at 12:02 PM Davide Caratti <dcaratti@redhat.com> wrote:
>
> William reports kernel soft-lockups on some OVS topologies when TC mirred
> egress->ingress action is hit by local TCP traffic [1].
> The same can also be reproduced with SCTP (thanks Xin for verifying), when
> client and server reach themselves through mirred egress to ingress, and
> one of the two peers sends a "heartbeat" packet (from within a timer).
>
> Enqueueing to backlog proved to fix this soft lockup; however, as Cong
> noticed [2], we should preserve - when possible - the current mirred
> behavior that counts as "overlimits" any eventual packet drop subsequent to
> the mirred forwarding action [3]. A compromise solution might use the
> backlog only when tcf_mirred_act() has a nest level greater than one:
> change tcf_mirred_forward() accordingly.
>
> Also, add a kselftest that can reproduce the lockup and verifies TC mirred
> ability to account for further packet drops after TC mirred egress->ingress
> (when the nest level is 1).
>
I am afraid this broke things. Here's a simple use case which causes
an infinite loop (that we found while testing blockcasting but
simplified to demonstrate the issue):
----
sudo ip netns add p4node
sudo ip link add p4port0 address 10:00:00:01:AA:BB type veth peer
port0 address 10:00:00:02:AA:BB
sudo ip link set dev port0 netns p4node
sudo ip a add 10.0.0.1/24 dev p4port0
sudo ip neigh add 10.0.0.2 dev p4port0 lladdr 10:00:00:02:aa:bb
sudo ip netns exec p4node ip a add 10.0.0.2/24 dev port0
sudo ip netns exec p4node ip l set dev port0 up
sudo ip l set dev p4port0 up
sudo ip netns exec p4node tc qdisc add dev port0 clsact
sudo ip netns exec p4node tc filter add dev port0 ingress protocol ip
prio 10 matchall action mirred ingress redirect dev port0
ping -I p4port0 10.0.0.2 -c 1
-----
reverting the patch fixes things and it gets caught by the nested
recursion check.
Frankly, I believe we should restore a proper ttl from what was removed here:
https://lore.kernel.org/all/1430765318-13788-1-git-send-email-fw@strlen.de/
The headaches(and time consumed) trying to save the 3-4 bits removing
the ttl field is not worth it imo.
cheers,
jamal
next prev parent reply other threads:[~2023-12-04 20:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-20 17:01 [PATCH net-next 0/2] net/sched: use the backlog for nested mirred ingress Davide Caratti
2023-01-20 17:01 ` [PATCH net-next 1/2] net/sched: act_mirred: better wording on protection against excessive stack growth Davide Caratti
2023-01-23 17:22 ` Marcelo Ricardo Leitner
2023-01-23 19:40 ` Jamal Hadi Salim
2023-01-20 17:01 ` [PATCH net-next 2/2] act_mirred: use the backlog for nested calls to mirred ingress Davide Caratti
2023-01-23 17:22 ` Marcelo Ricardo Leitner
2023-01-23 19:41 ` Jamal Hadi Salim
2023-12-04 20:24 ` Jamal Hadi Salim [this message]
2023-12-05 10:54 ` Mirred broken WAS(Re: " Davide Caratti
2023-12-05 15:12 ` Jamal Hadi Salim
2023-12-07 14:10 ` Jamal Hadi Salim
2023-12-11 13:07 ` Davide Caratti
2023-12-11 15:50 ` Jamal Hadi Salim
2023-01-24 9:40 ` [PATCH net-next 0/2] net/sched: use the backlog for nested " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAM0EoMn4C-zwrTCGzKzuRYukxoqBa8tyHyFDwUSZYwkMOUJ4Lw@mail.gmail.com \
--to=jhs@mojatatu.com \
--cc=dcaratti@redhat.com \
--cc=fw@strlen.de \
--cc=jiri@resnulli.us \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=wizhao@redhat.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).