Browse code
kernels: veth patch: don’t modify ip_summed.
Change-Id: I390f6b720d9ab13a50ea6b8cd71ae1259dfa2d82
Reviewed-on: http://photon-jenkins.eng.vmware.com/533
Tested-by: jenkins-photon <wangnan2015@hotmail.com>
Reviewed-by: Sharath George
Alexey Makhalov authored on 2016/02/15 14:56:34Showing 3 changed files
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 | 4 |
Version: 4.2.0 |
| 5 |
-Release: 15%{?dist}
|
|
| 5 |
+Release: 16%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -15,11 +15,12 @@ Patch0: RDS-race-condition-on-unbound-socket-null-deref.patch |
| 15 | 15 |
Patch1: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch |
| 16 | 16 |
Patch2: ovl-fix-permission-checking-for-setattr.patch |
| 17 | 17 |
Patch3: double-tcp_mem-limits.patch |
| 18 |
-Patch4: 01-clear-linux.patch |
|
| 19 |
-Patch5: 02-pci-probe.patch |
|
| 20 |
-Patch6: 03-poweroff.patch |
|
| 21 |
-Patch7: 04-quiet-boot.patch |
|
| 22 |
-Patch8: 05-pv-ops.patch |
|
| 18 |
+Patch4: veth-do-not-modify-ip_summed.patch |
|
| 19 |
+Patch5: 01-clear-linux.patch |
|
| 20 |
+Patch6: 02-pci-probe.patch |
|
| 21 |
+Patch7: 03-poweroff.patch |
|
| 22 |
+Patch8: 04-quiet-boot.patch |
|
| 23 |
+Patch9: 05-pv-ops.patch |
|
| 23 | 24 |
BuildRequires: bc |
| 24 | 25 |
BuildRequires: kbd |
| 25 | 26 |
BuildRequires: kmod |
| ... | ... |
@@ -63,6 +64,7 @@ The Linux package contains the Linux kernel doc files |
| 63 | 63 |
%patch6 -p1 |
| 64 | 64 |
%patch7 -p1 |
| 65 | 65 |
%patch8 -p1 |
| 66 |
+%patch9 -p1 |
|
| 66 | 67 |
|
| 67 | 68 |
%build |
| 68 | 69 |
make mrproper |
| ... | ... |
@@ -128,6 +130,8 @@ ln -sf %{name}-%{version}-%{release}.cfg /boot/photon.cfg
|
| 128 | 128 |
/usr/src/%{name}-headers-%{version}-%{release}
|
| 129 | 129 |
|
| 130 | 130 |
%changelog |
| 131 |
+* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-16 |
|
| 132 |
+- veth patch: don’t modify ip_summed |
|
| 131 | 133 |
* Mon Feb 08 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15 |
| 132 | 134 |
- Double tcp_mem limits, patch is added. |
| 133 | 135 |
* Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-14 |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.2.0 |
| 5 |
-Release: 14%{?dist}
|
|
| 5 |
+Release: 15%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -15,6 +15,7 @@ Patch0: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch |
| 15 | 15 |
Patch1: RDS-race-condition-on-unbound-socket-null-deref.patch |
| 16 | 16 |
Patch2: ovl-fix-permission-checking-for-setattr.patch |
| 17 | 17 |
Patch3: double-tcp_mem-limits.patch |
| 18 |
+Patch4: veth-do-not-modify-ip_summed.patch |
|
| 18 | 19 |
BuildRequires: bc |
| 19 | 20 |
BuildRequires: kbd |
| 20 | 21 |
BuildRequires: kmod |
| ... | ... |
@@ -74,6 +75,7 @@ Kernel driver for oprofile, a statistical profiler for Linux systems |
| 74 | 74 |
%patch1 -p1 |
| 75 | 75 |
%patch2 -p1 |
| 76 | 76 |
%patch3 -p1 |
| 77 |
+%patch4 -p1 |
|
| 77 | 78 |
|
| 78 | 79 |
%build |
| 79 | 80 |
make mrproper |
| ... | ... |
@@ -161,6 +163,8 @@ ln -sf %{name}-%{version}-%{release}.cfg /boot/photon.cfg
|
| 161 | 161 |
/lib/modules/%{version}/kernel/arch/x86/oprofile/
|
| 162 | 162 |
|
| 163 | 163 |
%changelog |
| 164 |
+* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15 |
|
| 165 |
+- veth patch: don’t modify ip_summed |
|
| 164 | 166 |
* Thu Feb 11 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-14 |
| 165 | 167 |
- Full tickless -> idle tickless + simple CPU time accounting |
| 166 | 168 |
- SLUB -> SLAB |
| 167 | 169 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,73 @@ |
| 0 |
+From ce8c839b74e3017996fad4e1b7ba2e2625ede82f Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Vijay Pandurangan <vijayp@vijayp.ca> |
|
| 2 |
+Date: Fri, 18 Dec 2015 14:34:59 -0500 |
|
| 3 |
+Subject: =?UTF-8?q?veth:=20don=E2=80=99t=20modify=20ip=5Fsummed;=20doing?= |
|
| 4 |
+ =?UTF-8?q?=20so=20treats=20packets=20with=20bad=20checksums=20as=20good.?= |
|
| 5 |
+MIME-Version: 1.0 |
|
| 6 |
+Content-Type: text/plain; charset=UTF-8 |
|
| 7 |
+Content-Transfer-Encoding: 8bit |
|
| 8 |
+ |
|
| 9 |
+Packets that arrive from real hardware devices have ip_summed == |
|
| 10 |
+CHECKSUM_UNNECESSARY if the hardware verified the checksums, or |
|
| 11 |
+CHECKSUM_NONE if the packet is bad or it was unable to verify it. The |
|
| 12 |
+current version of veth will replace CHECKSUM_NONE with |
|
| 13 |
+CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to |
|
| 14 |
+a veth device to be delivered to the application. This caused applications |
|
| 15 |
+at Twitter to receive corrupt data when network hardware was corrupting |
|
| 16 |
+packets. |
|
| 17 |
+ |
|
| 18 |
+We believe this was added as an optimization to skip computing and |
|
| 19 |
+verifying checksums for communication between containers. However, locally |
|
| 20 |
+generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as |
|
| 21 |
+written does nothing for them. As far as we can tell, after removing this |
|
| 22 |
+code, these packets are transmitted from one stack to another unmodified |
|
| 23 |
+(tcpdump shows invalid checksums on both sides, as expected), and they are |
|
| 24 |
+delivered correctly to applications. We didn’t test every possible network |
|
| 25 |
+configuration, but we tried a few common ones such as bridging containers, |
|
| 26 |
+using NAT between the host and a container, and routing from hardware |
|
| 27 |
+devices to containers. We have effectively deployed this in production at |
|
| 28 |
+Twitter (by disabling RX checksum offloading on veth devices). |
|
| 29 |
+ |
|
| 30 |
+This code dates back to the first version of the driver, commit |
|
| 31 |
+<e314dbdc1c0dc6a548ecf> ("[NET]: Virtual ethernet device driver"), so I
|
|
| 32 |
+suspect this bug occurred mostly because the driver API has evolved |
|
| 33 |
+significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
|
|
| 34 |
+packet checksumming") (in December 2010) fixed this for packets that get |
|
| 35 |
+created locally and sent to hardware devices, by not changing |
|
| 36 |
+CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming |
|
| 37 |
+in from hardware devices. |
|
| 38 |
+ |
|
| 39 |
+Co-authored-by: Evan Jones <ej@evanjones.ca> |
|
| 40 |
+Signed-off-by: Evan Jones <ej@evanjones.ca> |
|
| 41 |
+Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
|
| 42 |
+Cc: Phil Sutter <phil@nwl.cc> |
|
| 43 |
+Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> |
|
| 44 |
+Cc: netdev@vger.kernel.org |
|
| 45 |
+Cc: linux-kernel@vger.kernel.org |
|
| 46 |
+Signed-off-by: Vijay Pandurangan <vijayp@vijayp.ca> |
|
| 47 |
+Acked-by: Cong Wang <cwang@twopensource.com> |
|
| 48 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
| 49 |
+--- |
|
| 50 |
+ drivers/net/veth.c | 6 ------ |
|
| 51 |
+ 1 file changed, 6 deletions(-) |
|
| 52 |
+ |
|
| 53 |
+diff --git a/drivers/net/veth.c b/drivers/net/veth.c |
|
| 54 |
+index 0ef4a5a..ba21d07 100644 |
|
| 55 |
+--- a/drivers/net/veth.c |
|
| 56 |
+@@ -117,12 +117,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev) |
|
| 57 |
+ kfree_skb(skb); |
|
| 58 |
+ goto drop; |
|
| 59 |
+ } |
|
| 60 |
+- /* don't change ip_summed == CHECKSUM_PARTIAL, as that |
|
| 61 |
+- * will cause bad checksum on forwarded packets |
|
| 62 |
+- */ |
|
| 63 |
+- if (skb->ip_summed == CHECKSUM_NONE && |
|
| 64 |
+- rcv->features & NETIF_F_RXCSUM) |
|
| 65 |
+- skb->ip_summed = CHECKSUM_UNNECESSARY; |
|
| 66 |
+ |
|
| 67 |
+ if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
|
|
| 68 |
+ struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats); |
|
| 69 |
+-- |
|
| 70 |
+cgit v0.12 |
|
| 71 |
+ |