Change-Id: I390f6b720d9ab13a50ea6b8cd71ae1259dfa2d82
Reviewed-on: http://photon-jenkins.eng.vmware.com/533
Tested-by: jenkins-photon <wangnan2015@hotmail.com>
Reviewed-by: Sharath George
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 | 4 |
Version: 4.2.0 |
5 |
-Release: 15%{?dist} |
|
5 |
+Release: 16%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -15,11 +15,12 @@ Patch0: RDS-race-condition-on-unbound-socket-null-deref.patch |
15 | 15 |
Patch1: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch |
16 | 16 |
Patch2: ovl-fix-permission-checking-for-setattr.patch |
17 | 17 |
Patch3: double-tcp_mem-limits.patch |
18 |
-Patch4: 01-clear-linux.patch |
|
19 |
-Patch5: 02-pci-probe.patch |
|
20 |
-Patch6: 03-poweroff.patch |
|
21 |
-Patch7: 04-quiet-boot.patch |
|
22 |
-Patch8: 05-pv-ops.patch |
|
18 |
+Patch4: veth-do-not-modify-ip_summed.patch |
|
19 |
+Patch5: 01-clear-linux.patch |
|
20 |
+Patch6: 02-pci-probe.patch |
|
21 |
+Patch7: 03-poweroff.patch |
|
22 |
+Patch8: 04-quiet-boot.patch |
|
23 |
+Patch9: 05-pv-ops.patch |
|
23 | 24 |
BuildRequires: bc |
24 | 25 |
BuildRequires: kbd |
25 | 26 |
BuildRequires: kmod |
... | ... |
@@ -63,6 +64,7 @@ The Linux package contains the Linux kernel doc files |
63 | 63 |
%patch6 -p1 |
64 | 64 |
%patch7 -p1 |
65 | 65 |
%patch8 -p1 |
66 |
+%patch9 -p1 |
|
66 | 67 |
|
67 | 68 |
%build |
68 | 69 |
make mrproper |
... | ... |
@@ -128,6 +130,8 @@ ln -sf %{name}-%{version}-%{release}.cfg /boot/photon.cfg |
128 | 128 |
/usr/src/%{name}-headers-%{version}-%{release} |
129 | 129 |
|
130 | 130 |
%changelog |
131 |
+* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-16 |
|
132 |
+- veth patch: don’t modify ip_summed |
|
131 | 133 |
* Mon Feb 08 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15 |
132 | 134 |
- Double tcp_mem limits, patch is added. |
133 | 135 |
* Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com> 4.2.0-14 |
... | ... |
@@ -2,7 +2,7 @@ |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 | 4 |
Version: 4.2.0 |
5 |
-Release: 14%{?dist} |
|
5 |
+Release: 15%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
... | ... |
@@ -15,6 +15,7 @@ Patch0: KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch |
15 | 15 |
Patch1: RDS-race-condition-on-unbound-socket-null-deref.patch |
16 | 16 |
Patch2: ovl-fix-permission-checking-for-setattr.patch |
17 | 17 |
Patch3: double-tcp_mem-limits.patch |
18 |
+Patch4: veth-do-not-modify-ip_summed.patch |
|
18 | 19 |
BuildRequires: bc |
19 | 20 |
BuildRequires: kbd |
20 | 21 |
BuildRequires: kmod |
... | ... |
@@ -74,6 +75,7 @@ Kernel driver for oprofile, a statistical profiler for Linux systems |
74 | 74 |
%patch1 -p1 |
75 | 75 |
%patch2 -p1 |
76 | 76 |
%patch3 -p1 |
77 |
+%patch4 -p1 |
|
77 | 78 |
|
78 | 79 |
%build |
79 | 80 |
make mrproper |
... | ... |
@@ -161,6 +163,8 @@ ln -sf %{name}-%{version}-%{release}.cfg /boot/photon.cfg |
161 | 161 |
/lib/modules/%{version}/kernel/arch/x86/oprofile/ |
162 | 162 |
|
163 | 163 |
%changelog |
164 |
+* Sun Feb 14 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-15 |
|
165 |
+- veth patch: don’t modify ip_summed |
|
164 | 166 |
* Thu Feb 11 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.0-14 |
165 | 167 |
- Full tickless -> idle tickless + simple CPU time accounting |
166 | 168 |
- SLUB -> SLAB |
167 | 169 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,73 @@ |
0 |
+From ce8c839b74e3017996fad4e1b7ba2e2625ede82f Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Vijay Pandurangan <vijayp@vijayp.ca> |
|
2 |
+Date: Fri, 18 Dec 2015 14:34:59 -0500 |
|
3 |
+Subject: =?UTF-8?q?veth:=20don=E2=80=99t=20modify=20ip=5Fsummed;=20doing?= |
|
4 |
+ =?UTF-8?q?=20so=20treats=20packets=20with=20bad=20checksums=20as=20good.?= |
|
5 |
+MIME-Version: 1.0 |
|
6 |
+Content-Type: text/plain; charset=UTF-8 |
|
7 |
+Content-Transfer-Encoding: 8bit |
|
8 |
+ |
|
9 |
+Packets that arrive from real hardware devices have ip_summed == |
|
10 |
+CHECKSUM_UNNECESSARY if the hardware verified the checksums, or |
|
11 |
+CHECKSUM_NONE if the packet is bad or it was unable to verify it. The |
|
12 |
+current version of veth will replace CHECKSUM_NONE with |
|
13 |
+CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to |
|
14 |
+a veth device to be delivered to the application. This caused applications |
|
15 |
+at Twitter to receive corrupt data when network hardware was corrupting |
|
16 |
+packets. |
|
17 |
+ |
|
18 |
+We believe this was added as an optimization to skip computing and |
|
19 |
+verifying checksums for communication between containers. However, locally |
|
20 |
+generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as |
|
21 |
+written does nothing for them. As far as we can tell, after removing this |
|
22 |
+code, these packets are transmitted from one stack to another unmodified |
|
23 |
+(tcpdump shows invalid checksums on both sides, as expected), and they are |
|
24 |
+delivered correctly to applications. We didn’t test every possible network |
|
25 |
+configuration, but we tried a few common ones such as bridging containers, |
|
26 |
+using NAT between the host and a container, and routing from hardware |
|
27 |
+devices to containers. We have effectively deployed this in production at |
|
28 |
+Twitter (by disabling RX checksum offloading on veth devices). |
|
29 |
+ |
|
30 |
+This code dates back to the first version of the driver, commit |
|
31 |
+<e314dbdc1c0dc6a548ecf> ("[NET]: Virtual ethernet device driver"), so I |
|
32 |
+suspect this bug occurred mostly because the driver API has evolved |
|
33 |
+significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix |
|
34 |
+packet checksumming") (in December 2010) fixed this for packets that get |
|
35 |
+created locally and sent to hardware devices, by not changing |
|
36 |
+CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming |
|
37 |
+in from hardware devices. |
|
38 |
+ |
|
39 |
+Co-authored-by: Evan Jones <ej@evanjones.ca> |
|
40 |
+Signed-off-by: Evan Jones <ej@evanjones.ca> |
|
41 |
+Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
|
42 |
+Cc: Phil Sutter <phil@nwl.cc> |
|
43 |
+Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> |
|
44 |
+Cc: netdev@vger.kernel.org |
|
45 |
+Cc: linux-kernel@vger.kernel.org |
|
46 |
+Signed-off-by: Vijay Pandurangan <vijayp@vijayp.ca> |
|
47 |
+Acked-by: Cong Wang <cwang@twopensource.com> |
|
48 |
+Signed-off-by: David S. Miller <davem@davemloft.net> |
|
49 |
+--- |
|
50 |
+ drivers/net/veth.c | 6 ------ |
|
51 |
+ 1 file changed, 6 deletions(-) |
|
52 |
+ |
|
53 |
+diff --git a/drivers/net/veth.c b/drivers/net/veth.c |
|
54 |
+index 0ef4a5a..ba21d07 100644 |
|
55 |
+--- a/drivers/net/veth.c |
|
56 |
+@@ -117,12 +117,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev) |
|
57 |
+ kfree_skb(skb); |
|
58 |
+ goto drop; |
|
59 |
+ } |
|
60 |
+- /* don't change ip_summed == CHECKSUM_PARTIAL, as that |
|
61 |
+- * will cause bad checksum on forwarded packets |
|
62 |
+- */ |
|
63 |
+- if (skb->ip_summed == CHECKSUM_NONE && |
|
64 |
+- rcv->features & NETIF_F_RXCSUM) |
|
65 |
+- skb->ip_summed = CHECKSUM_UNNECESSARY; |
|
66 |
+ |
|
67 |
+ if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) { |
|
68 |
+ struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats); |
|
69 |
+-- |
|
70 |
+cgit v0.12 |
|
71 |
+ |