From patchwork Tue Jul 17 00:55:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 944632 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="aFTs2efJ"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41V24v0z2Zz9ryt for ; Tue, 17 Jul 2018 11:00:14 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 7E78EC19; Tue, 17 Jul 2018 00:59:46 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 93443B78 for ; Tue, 17 Jul 2018 00:59:43 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 467B4163 for ; Tue, 17 Jul 2018 00:59:43 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id x5-v6so8199519pgp.7 for ; Mon, 16 Jul 2018 17:59:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tSchNoTCzVcjHdcGpy5wzY+rTCp4mLi2jqdjSCxIQXc=; b=aFTs2efJIuLYIjBoy+M91/YV1eDW5PhCbic7DDh1ZG7TnNTffXtwPfToMyGEFGLoSn /xbAYeePsqG3lGnQVRUgaYJ+xr2sASBMHhtHVtVAF2HHDz8WlykxMxapycPqeAtHeh2v UStUvlJED82/82aNVUDgjTmu1WMhr3dYE+6c0htOkXS4Z0dqnTvdxAXA1qcr6X30W9QH /MlWi4eUITKpnuMttPiQwZiVKd/N5L7V/2dAf0PIhiCE534atz+rzDxFPrF7YsaaKp8R KQlC1/1iy41n2OXpkGQQMi0kclLrXxzP7AomJnoIkBTIGdDfBCdXw1XWxELulPK5Q3sN qhJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tSchNoTCzVcjHdcGpy5wzY+rTCp4mLi2jqdjSCxIQXc=; b=HEVlxGxcdwY4i88bFE6+J62gwHX1MHRlSSQMXbCsjw0I+ULvmEOLV2LkcNIklficzM 4E9l0aV5ZdCKdooLPtNVcRpUyf3jOb2lyMUSyLBOTZhIW5zJpuevatLLeuA1a/76vHsQ /51tjqX6CPrhpogXjPE+/RzCg9C3PjRJO1NSIMGETo/0U5wwFb/aSMfUloliO/TlGwfZ odnlMnUDgV7l+h4tY7pjMZH0mEcew9iq87f8XLiN33ROUyc6C0ibTLof95q0aFUHE3xe yHT36vi7P0hSoLQAtLFD4RjlqNH5GUwPG091sgvsTD/YjyiUoC3rvt0MK8rq3u4NE2ry gIkg== X-Gm-Message-State: AOUpUlF8iK2XmK1WlAV9P3CTYUn0JJDyk8nWNXwcBtZDPOw/EE5GFcGS 2TxcSFYfRrlczdvE/tGnVpsDmtnp X-Google-Smtp-Source: AAOMgpezUa80jmniiUql34AvbxTgH70ydlH0pfc311CNe/UthyT8h+sXkmO5W9zjiD6bEH7rHNdd3Q== X-Received: by 2002:a65:5c83:: with SMTP id a3-v6mr17513566pgt.164.1531789182377; Mon, 16 Jul 2018 17:59:42 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id x2-v6sm69932461pfi.166.2018.07.16.17.59.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jul 2018 17:59:40 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Mon, 16 Jul 2018 17:55:58 -0700 Message-Id: <1531788961-46115-2-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> References: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: zhangliping Subject: [ovs-dev] [PATCH 1/4] datapath: meter: fix the incorrect calculation of max delta_t X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: zhangliping Upstream commit: commit ddc502dfed600bff0b61d899f70d95b76223fdfc Author: zhangliping Date: Fri Mar 9 10:08:50 2018 +0800 openvswitch: meter: fix the incorrect calculation of max delta_t Max delat_t should be the full_bucket/rate instead of the full_bucket. Also report EINVAL if the rate is zero. Fixes: 96fbc13d7e77 ("openvswitch: Add meter infrastructure") Cc: Andy Zhou Signed-off-by: zhangliping Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Greg Rose Tested-by: Greg Rose type = nla_get_u32(attr[OVS_BAND_ATTR_TYPE]); band->rate = nla_get_u32(attr[OVS_BAND_ATTR_RATE]); + if (band->rate == 0) { + err = -EINVAL; + goto exit_free_meter; + } + band->burst_size = nla_get_u32(attr[OVS_BAND_ATTR_BURST]); /* Figure out max delta_t that is enough to fill any bucket. * Keep max_delta_t size to the bucket units: * pkts => 1/1000 packets, kilobits => bits. + * + * Start with a full bucket. */ - band_max_delta_t = (band->burst_size + band->rate) * 1000; - /* Start with a full bucket. */ - band->bucket = band_max_delta_t; + band->bucket = (band->burst_size + band->rate) * 1000; + band_max_delta_t = band->bucket / band->rate; if (band_max_delta_t > meter->max_delta_t) meter->max_delta_t = band_max_delta_t; band++; From patchwork Tue Jul 17 00:55:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 944633 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="r/3UAq3k"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41V25T28tlz9ryt for ; Tue, 17 Jul 2018 11:00:45 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 5597DC50; Tue, 17 Jul 2018 00:59:48 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D3BC5BC6 for ; Tue, 17 Jul 2018 00:59:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f193.google.com (mail-pf0-f193.google.com [209.85.192.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 63B83163 for ; Tue, 17 Jul 2018 00:59:45 +0000 (UTC) Received: by mail-pf0-f193.google.com with SMTP id l9-v6so15497585pff.9 for ; Mon, 16 Jul 2018 17:59:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=oQ4TSACGW9DjCCeqt9NN3rDMUHmVfwB0B0zOQYkrXBM=; b=r/3UAq3kRRFBO6kPgEZWMcLZGDXMzWJrqR9lLZGD/YU+jxImS1IujXENZosLlEP2ab n8YHjxl0mpwo/gTYFvNHs78hPtlI7yJAXnKo71Z5Y7MV4AuuX9hjg+DLReuOI4YGa8At OzTWMt2faJQu7n4CG28TxZ4fZyFuamF4r7fpF3yE3LE6siwD43TYAsngtFEOvixRn0ev cbo7GfbiQ5K2J78ZpTT8W/dVYz4SqQoJv3sTH4BgguadwPN6NICVcOmooP9S2hpyvWub qSiRmOWQTgQ6XGJILv3FzssB+JuowgSoXJTcMolM/9EsA0piHZwR1U1gaa4MOGNp++D5 NGVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=oQ4TSACGW9DjCCeqt9NN3rDMUHmVfwB0B0zOQYkrXBM=; b=p7hVsz9GRiDdDFcCMFxPO2jrHtwgLkDpK9T7K7ngvTG2oGuhQrC02ney52nN09e45L qNHjkCVeWIUtt7qeUEBy+GYjYSveR4OSODeOKXDTKDMp3krPIX4H8NNQUYNZ3miss2sO wRaYYWcbtrBhALA+psyqTqF3BtQ4X9e4ika290W5FHAwuGWX8z0pY9UuJDBn4bBETAyE KxNWgFwAWjv2BPflH7KN3ePDBrviPY/gUngyERMz1h2RJ/EPeAKyjcsO5PponsLFN6zg oaxaXUvaRfFyOQCYhNY7nd/s+NmazydjmkNq8oIUbrPjMkBoWqTvZc0r02gkBf/Jwfv7 fssA== X-Gm-Message-State: AOUpUlEqQBaFVN0T9GzwYEDmDtLfVkwZg6CHKWcBZCwLDzOy6DEnudAV FpT41NNTdMJrnl+GDBgU7QQs8/qj X-Google-Smtp-Source: AAOMgpcgTToeZCnoApW+wttmuV8rXRlVpTawVj0vOM3ajiTIf+nv+KkVsahD/6tbO4WBNLFPNyKKkw== X-Received: by 2002:a63:710d:: with SMTP id m13-v6mr17426181pgc.66.1531789184429; Mon, 16 Jul 2018 17:59:44 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id x2-v6sm69932461pfi.166.2018.07.16.17.59.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jul 2018 17:59:42 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Mon, 16 Jul 2018 17:55:59 -0700 Message-Id: <1531788961-46115-3-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> References: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 2/4] datapath: Introduce net_rwsem and remove rtnl_lock() X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This patch backports the following two upstream commits and add a new symbol HAVE_NET_RWSEM in acinclude.m4 to determine whether to use new introduced rw_semaphore, net_rwsem. Upstream commit: commit f0b07bb151b098d291fd1fd71ef7a2df56fb124a Author: Kirill Tkhai Date: Thu Mar 29 19:20:32 2018 +0300 net: Introduce net_rwsem to protect net_namespace_list rtnl_lock() is used everywhere, and contention is very high. When someone wants to iterate over alive net namespaces, he/she has no a possibility to do that without exclusive lock. But the exclusive rtnl_lock() in such places is overkill, and it just increases the contention. Yes, there is already for_each_net_rcu() in kernel, but it requires rcu_read_lock(), and this can't be sleepable. Also, sometimes it may be need really prevent net_namespace_list growth, so for_each_net_rcu() is not fit there. This patch introduces new rw_semaphore, which will be used instead of rtnl_mutex to protect net_namespace_list. It is sleepable and allows not-exclusive iterations over net namespaces list. It allows to stop using rtnl_lock() in several places (what is made in next patches) and makes less the time, we keep rtnl_mutex. Here we just add new lock, while the explanation of we can remove rtnl_lock() there are in next patches. Fine grained locks generally are better, then one big lock, so let's do that with net_namespace_list, while the situation allows that. Signed-off-by: Kirill Tkhai Signed-off-by: David S. Miller Upstream commit: commit ec9c780925c57588637e1dbd8650d294107311c0 Author: Kirill Tkhai Date: Thu Mar 29 19:21:09 2018 +0300 ovs: Remove rtnl_lock() from ovs_exit_net() Here we iterate for_each_net() and removes vport from alive net to the exiting net. ovs_net::dps are protected by ovs_mutex(), and the others, who change it (ovs_dp_cmd_new(), __dp_destroy()) also take it. The same with datapath::ports list. So, we remove rtnl_lock() here. Signed-off-by: Kirill Tkhai Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Greg Rose --- acinclude.m4 | 1 + datapath/datapath.c | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index 991a6275b978..ae8e66fc4967 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -634,6 +634,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_GREP_IFELSE([$KSRC/include/linux/rtnetlink.h], [rcu_read_lock_held])]) OVS_GREP_IFELSE([$KSRC/include/linux/rtnetlink.h], [lockdep_rtnl_is_held]) + OVS_GREP_IFELSE([$KSRC/include/linux/rtnetlink.h], [net_rwsem]) # Check for the proto_data_valid member in struct sk_buff. The [^@] # is necessary because some versions of this header remove the diff --git a/datapath/datapath.c b/datapath/datapath.c index 43f0d7432593..72b5e8b5c29c 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -2385,10 +2385,18 @@ static void __net_exit ovs_exit_net(struct net *dnet) list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node) __dp_destroy(dp); +#ifdef HAVE_NET_RWSEM + down_read(&net_rwsem); +#else rtnl_lock(); +#endif for_each_net(net) list_vports_from_net(net, dnet, &head); +#ifdef HAVE_NET_RWSEM + up_read(&net_rwsem); +#else rtnl_unlock(); +#endif /* Detach all vports from given namespace. */ list_for_each_entry_safe(vport, vport_next, &head, detach_list) { From patchwork Tue Jul 17 00:56:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 944634 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hwtvQTys"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41V25x60Yqz9s0n for ; Tue, 17 Jul 2018 11:01:09 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 1EDA1C94; Tue, 17 Jul 2018 00:59:50 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B91A9BD1 for ; Tue, 17 Jul 2018 00:59:47 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f196.google.com (mail-pf0-f196.google.com [209.85.192.196]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3E3EA6D6 for ; Tue, 17 Jul 2018 00:59:47 +0000 (UTC) Received: by mail-pf0-f196.google.com with SMTP id k21-v6so2243400pff.11 for ; Mon, 16 Jul 2018 17:59:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=GaDnhg396vE+x+i3YWo/jcrueq6Jk67nhgAtTia+RBc=; b=hwtvQTysNEkQKyUwnJZIIp58KFpR93HwRRnALMgJ01uXpL3BXSZLLt4H05f7ZJY3Sc zz+t0UtL/Nlx5MuZS5yKFtPlAT2JcnYc5ADfo/jRkTob8YSS5FK3yA/x8U3R+uamNFfU +RfM7M2UJtenm5OJYPeE2ds5XWr5MVbYyRAOMSHapLiBY3fP2nEwHRcrwdre6D2hC3kh lE8GcS1QeMKofNW/NDVglEY+oUbddij/qOXKMq2jPDiFFF2KCTXenpu3V93ZP2trim8w 5B/NxitKpf8VHLC3dr5K8nmnUqLSyvVtW9Yy19i30m3zVjWSpBG11o6tDUZHWPd0SFr2 1Apw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=GaDnhg396vE+x+i3YWo/jcrueq6Jk67nhgAtTia+RBc=; b=Oc4C3wMrBOBTk/MchwsucsuvlSdBHodQnaqWcmN0KbwqFYbtLOE1KNfP6pWy+bqPZN 5khknJxTNuZFI3j3MmBnFL3c/xR82LarSVw0ctVZZbroTI5SZeENLsOg/sf39s5++z/A RuySSWLHzesOo4GN/hn7mWOtIxk+inuleo5e706AizmlSptvplYD8dTWSG1jDrf5QAaE hW1g3GwRIFtbmlStdC279EVJ6MO7039xRUoIERj8OQLMjOmjxgaV4ABpmigA4Oqy4V3n vCNXbpcLq26rrHrbj+8ov4LiROqhTm2BrpASvPNKBTvovgqPYmm4nbSSH1GU4eZTVK71 CnEA== X-Gm-Message-State: AOUpUlGPE3H8GJ2CVgio1SlxvhTCwLSSHgjmplW9ayd0zewjnJTJr/S6 4u2Ic/Vfk2VLxM43dya0tdVoqyzX X-Google-Smtp-Source: AAOMgpffHICYKTl+s3/1rz8jYKcVVRM7uRyJPQvmYGfeknJ05aMcnMzC8MWFeOtknLpc7vEtVbLlUg== X-Received: by 2002:a63:5964:: with SMTP id j36-v6mr6260636pgm.222.1531789186268; Mon, 16 Jul 2018 17:59:46 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id x2-v6sm69932461pfi.166.2018.07.16.17.59.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jul 2018 17:59:44 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Mon, 16 Jul 2018 17:56:00 -0700 Message-Id: <1531788961-46115-4-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> References: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 3/4] datapath: NAT support for shifted portmap ranges X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This patch backports the following upstream commit from net-next, and defines HAVE_NF_NAT_RANGE2 to determine whether to use 'struct nf_nat_range2'. Upstream commit: commit 2eb0f624b709e78ec8e2f4c3412947703db99301 Author: Thierry Du Tre Date: Wed Apr 4 15:38:22 2018 +0200 netfilter: add NAT support for shifted portmap ranges This is a patch proposal to support shifted ranges in portmaps. (i.e. tcp/udp incoming port 5000-5100 on WAN redirected to LAN 192.168.1.5:2000-2100) Currently DNAT only works for single port or identical port ranges. (i.e. ports 5000-5100 on WAN interface redirected to a LAN host while original destination port is not altered) When different port ranges are configured, either 'random' mode should be used, or else all incoming connections are mapped onto the first port in the redirect range. (in described example WAN:5000-5100 will all be mapped to 192.168.1.5:2000) This patch introduces a new mode indicated by flag NF_NAT_RANGE_PROTO_OFFSET which uses a base port value to calculate an offset with the destination port present in the incoming stream. That offset is then applied as index within the redirect port range (index modulo rangewidth to handle range overflow). In described example the base port would be 5000. An incoming stream with destination port 5004 would result in an offset value 4 which means that the NAT'ed stream will be using destination port 2004. Other possibilities include deterministic mapping of larger or multiple ranges to a smaller range : WAN:5000-5999 -> LAN:5000-5099 (maps WAN port 5*xx to port 51xx) This patch does not change any current behavior. It just adds new NAT proto range functionality which must be selected via the specific flag when intended to use. A patch for iptables (libipt_DNAT.c + libip6t_DNAT.c) will also be proposed which makes this functionality immediately available. Signed-off-by: Thierry Du Tre Signed-off-by: Pablo Neira Ayuso Signed-off-by: Yi-Hung Wei Reviewed-by: Greg Rose --- acinclude.m4 | 1 + datapath/conntrack.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index ae8e66fc4967..c6d18611f596 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -619,6 +619,7 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [nf_conn_labels], [words]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_ct_nat_ext_add]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_nat_alloc_null_binding]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_nat.h], [nf_nat_range2]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_seqadj.h], [nf_ct_seq_adjust]) OVS_GREP_IFELSE([$KSRC/include/linux/random.h], [prandom_u32]) diff --git a/datapath/conntrack.c b/datapath/conntrack.c index e53b8e32b3f5..42c7929055f0 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -41,6 +41,10 @@ #include "flow_netlink.h" #include "gso.h" +#ifndef HAVE_NF_NAT_RANGE2 +#define nf_nat_range2 nf_nat_range +#endif + struct ovs_ct_len_tbl { int maxlen; int minlen; @@ -79,7 +83,7 @@ struct ovs_conntrack_info { struct md_mark mark; struct md_labels labels; #ifdef CONFIG_NF_NAT_NEEDED - struct nf_nat_range range; /* Only present for SRC NAT and DST NAT. */ + struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ #endif }; @@ -744,7 +748,7 @@ static bool skb_nfct_cached(struct net *net, */ static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, - const struct nf_nat_range *range, + const struct nf_nat_range2 *range, enum nf_nat_manip_type maniptype) { int hooknum, nh_off, err = NF_ACCEPT; From patchwork Tue Jul 17 00:56:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 944635 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ieQZlh7Z"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41V26P5mNMz9ryt for ; Tue, 17 Jul 2018 11:01:33 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id D4DB8C93; Tue, 17 Jul 2018 00:59:50 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 17C34C93 for ; Tue, 17 Jul 2018 00:59:50 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f195.google.com (mail-pf0-f195.google.com [209.85.192.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7FA826D6 for ; Tue, 17 Jul 2018 00:59:49 +0000 (UTC) Received: by mail-pf0-f195.google.com with SMTP id a26-v6so5054681pfo.4 for ; Mon, 16 Jul 2018 17:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=N87LfDP9BpQ0+9VxGZVGtBBsosa0keWHG9MWMyk3Ie8=; b=ieQZlh7ZOwihV7ojqS5jUb/TWwQwf9hC9r2pdxqsDoG4HawNRGNvfO0SJ+OuOz4FHi L/rel9cnBP81NnWq7LKe+f+8yy2ea2XU7s5YpysxMbIkAMmpV3DDQqZC8h9zu+KsOr9C 5uD4IA7pamoWcdMumI/4DcVobT566ltymUCcaLLRydLnkV4mE+PEdKhbiViLHENVUT07 MrTSuZY9sNDcpeGokAv5wXq94a0/SHtzFvyaLWh4zMPHpJY3+5+C8SWDfZhFxHR9y698 SSoKGIi5Grn7LOGC/8Q2W93BePDSaObVGEcrdv21mnEsObpsYu7KlRC8g4CcA99FAcEj SZGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=N87LfDP9BpQ0+9VxGZVGtBBsosa0keWHG9MWMyk3Ie8=; b=aNa0VYYmaWH92lLpuYaqgKJyQCyyLIFyjX7KE12/AQsGcwaB4mi0MXYtavX6MREC3u 34xhhswt4yr85WKb6IGG+H8vvzKJtCl0LA3aerCTwxFlF2vAfQh4nW24hqOjiuW2Gv+N 1Rd88zZgX3pE93AYL6S801Q5PHJSK7+MA9z4blRYc1xDPDF0hgmF7285yXVJY499MnNT tey0Qi4U1dHhqDcfldsdyPeX6ZrXnpwg6W9bcn/llveUDSK5uDEw/MfAluCG9enDaULR 4VYhHZQnIx53my00VWLAkV0cwM96gNZXB3n5ciFGXNHpUpO1PGVYuFpK8Ac8O1xZOYei makQ== X-Gm-Message-State: AOUpUlH3SIi4f32zDb/ezgusjnsRB+7DL+A7NZKcsa7mAQZFHRpW5fvB 0eZLyuAn1f+XGR3ohgTGFfPNtJ1f X-Google-Smtp-Source: AAOMgpdV+l/MeYyWj1dHATqhHckQ90oijiCSfIJf9w8SFnVvi1m4VjYpS/dwBvRaPo/HGcI/g+ijOg== X-Received: by 2002:a63:f953:: with SMTP id q19-v6mr6425643pgk.292.1531789188578; Mon, 16 Jul 2018 17:59:48 -0700 (PDT) Received: from Husky.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id x2-v6sm69932461pfi.166.2018.07.16.17.59.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Jul 2018 17:59:47 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Mon, 16 Jul 2018 17:56:01 -0700 Message-Id: <1531788961-46115-5-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> References: <1531788961-46115-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Stefano Brivio Subject: [ovs-dev] [PATCH 4/4] datapath: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org From: Stefano Brivio Upstream commit: commit 72f17baf2352ded6a1d3f4bb2d15da8c678cd2cb Author: Stefano Brivio Date: Thu May 3 18:13:25 2018 +0200 openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found If an OVS_ATTR_NESTED attribute type is found while walking through netlink attributes, we call nlattr_set() recursively passing the length table for the following nested attributes, if different from the current one. However, once we're done with those sub-nested attributes, we should continue walking through attributes using the current table, instead of using the one related to the sub-nested attributes. For example, given this sequence: 1 OVS_KEY_ATTR_PRIORITY 2 OVS_KEY_ATTR_TUNNEL 3 OVS_TUNNEL_KEY_ATTR_ID 4 OVS_TUNNEL_KEY_ATTR_IPV4_SRC 5 OVS_TUNNEL_KEY_ATTR_IPV4_DST 6 OVS_TUNNEL_KEY_ATTR_TTL 7 OVS_TUNNEL_KEY_ATTR_TP_SRC 8 OVS_TUNNEL_KEY_ATTR_TP_DST 9 OVS_KEY_ATTR_IN_PORT 10 OVS_KEY_ATTR_SKB_MARK 11 OVS_KEY_ATTR_MPLS we switch to the 'ovs_tunnel_key_lens' table on attribute #3, and we don't switch back to 'ovs_key_lens' while setting attributes #9 to #11 in the sequence. As OVS_KEY_ATTR_MPLS evaluates to 21, and the array size of 'ovs_tunnel_key_lens' is 15, we also get this kind of KASan splat while accessing the wrong table: [ 7654.586496] ================================================================== [ 7654.594573] BUG: KASAN: global-out-of-bounds in nlattr_set+0x164/0xde9 [openvswitch] [ 7654.603214] Read of size 4 at addr ffffffffc169ecf0 by task handler29/87430 [ 7654.610983] [ 7654.612644] CPU: 21 PID: 87430 Comm: handler29 Kdump: loaded Not tainted 3.10.0-866.el7.test.x86_64 #1 [ 7654.623030] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.1.7 06/16/2016 [ 7654.631379] Call Trace: [ 7654.634108] [] dump_stack+0x19/0x1b [ 7654.639843] [] print_address_description+0x33/0x290 [ 7654.647129] [] ? nlattr_set+0x164/0xde9 [openvswitch] [ 7654.654607] [] kasan_report.part.3+0x242/0x330 [ 7654.661406] [] __asan_report_load4_noabort+0x34/0x40 [ 7654.668789] [] nlattr_set+0x164/0xde9 [openvswitch] [ 7654.676076] [] ovs_nla_get_match+0x10c8/0x1900 [openvswitch] [ 7654.684234] [] ? genl_rcv+0x28/0x40 [ 7654.689968] [] ? netlink_unicast+0x3f3/0x590 [ 7654.696574] [] ? ovs_nla_put_tunnel_info+0xb0/0xb0 [openvswitch] [ 7654.705122] [] ? unwind_get_return_address+0xb0/0xb0 [ 7654.712503] [] ? system_call_fastpath+0x1c/0x21 [ 7654.719401] [] ? update_stack_state+0x229/0x370 [ 7654.726298] [] ? update_stack_state+0x229/0x370 [ 7654.733195] [] ? kasan_unpoison_shadow+0x35/0x50 [ 7654.740187] [] ? kasan_kmalloc+0xaa/0xe0 [ 7654.746406] [] ? kasan_slab_alloc+0x12/0x20 [ 7654.752914] [] ? memset+0x31/0x40 [ 7654.758456] [] ovs_flow_cmd_new+0x2b2/0xf00 [openvswitch] [snip] [ 7655.132484] The buggy address belongs to the variable: [ 7655.138226] ovs_tunnel_key_lens+0xf0/0xffffffffffffd400 [openvswitch] [ 7655.145507] [ 7655.147166] Memory state around the buggy address: [ 7655.152514] ffffffffc169eb80: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa [ 7655.160585] ffffffffc169ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 7655.168644] >ffffffffc169ec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa [ 7655.176701] ^ [ 7655.184372] ffffffffc169ed00: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 05 [ 7655.192431] ffffffffc169ed80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 7655.200490] ================================================================== Reported-by: Hangbin Liu Fixes: 982b52700482 ("openvswitch: Fix mask generation for nested attributes.") Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Yi-Hung Wei Reviewed-by: Greg Rose Tested-by: Greg Rose