** Changed in: linux-bluefield (Ubuntu Focal)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1940872

Title:
  Fix fragmentation support for TC connection tracking

Status in linux-bluefield package in Ubuntu:
  Invalid
Status in linux-bluefield source package in Focal:
  Fix Committed

Bug description:
  * Explain the bug(s)
  When using OVS with tc to offload connection tracking flows, sending udp/icmp 
fragmented traffic will cause call trace with NULL dereference.  

  [ 7229.433005] Modules linked in: act_tunnel_key act_csum act_pedit xt_nat 
netconsole rpcsec_gss_krb5 act_ct nf_flow_table xt_conntrack xt_MASQUERADE 
nf_conntrack_netlink xt_addrtype iptable_filter iptable_nat bpfilter 
br_netfilter bridge overlay sbsa_gwdt xfrm_user xfrm_algo target_core_mod 
ipmi_devintf ipmi_msghandler mst_pciconf(OE) 8021q garp stp mrp llc act_skbedit 
act_mirred ib_ipoib(OE) geneve ip6_udp_tunnel udp_tunnel nfnetlink_cttimeout 
nfnetlink act_gact cls_flower sch_ingress openvswitch nsh nf_conncount nf_nat 
ib_umad(OE) binfmt_misc dm_multipath mlx5_ib(OE) uio_pdrv_genirq uio mlxbf_pmc 
mlxbf_pka mlx_trio bluefield_edac mlx_bootctl(OE) sch_fq_codel rdma_ucm(OE) 
ib_uverbs(OE) rdma_cm(OE) iw_cm(OE) ib_cm(OE) ib_core(OE) ip_tables ipv6 
crc_ccitt btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy 
async_pq async_xor async_tx xor xor_neon raid6_pq raid1 raid0 mlx5_core(OE) 
crct10dif_ce mlxfw(OE) psample mlxdevm(OE) auxiliary(OE) mlx_compat(OE) 
i2c_mlxbf(OE)
  [ 7229.433074]  gpio_mlxbf2(OE) mlxbf_gige(OE) aes_neon_bs aes_neon_blk [last 
unloaded: mst_pci]
  [ 7229.433083] CPU: 4 PID: 1602 Comm: handler6 Tainted: G           OE     
5.4.0-1017-bluefield #20-Ubuntu
  [ 7229.433085] Hardware name: https://www.mellanox.com BlueField 
SoC/BlueField SoC, BIOS BlueField:3.7.1-7-g9964f06 Aug  5 2021
  [ 7229.433087] pstate: 60000005 (nZCv daif -PAN -UAO)
  [ 7229.433101] pc : inet_frag_rbtree_purge+0x58/0x88
  [ 7229.433103] lr : inet_frag_rbtree_purge+0x6c/0x88
  [ 7229.433104] sp : ffff800013273500
  [ 7229.433105] x29: ffff800013273500 x28: ffff00037b899e80 
  [ 7229.433107] x27: 0000000000000018 x26: ffff0003b6da2228 
  [ 7229.433109] x25: ffff0003b6da2200 x24: ffff80001191e140 
  [ 7229.433111] x23: ffff80001191e140 x22: ffff00037d6a56a8 
  [ 7229.433113] x21: 0000000000000000 x20: 0000000000000300 
  [ 7229.433114] x19: 0000000100000000 x18: 0000000000000000
  [ 7229.433116] x17: 0000000000000000 x16: 0000000000000000
  [ 7229.433118] x15: 0000000000000000 x14: ffff80000944e960
  [ 7229.433119] x13: 0000000000000001 x12: ffff80000944e5e0
  [ 7229.433121] x11: 0000000000000008 x10: 0000000000000000
  [ 7229.433123] x9 : 0000000000000000 x8 : ffff0003b97ab3c0
  [ 7229.433124] x7 : 0000000000000000 x6 : 000000005464ccee
  [ 7229.433126] x5 : ffff800010be50a8 x4 : fffffe000dd9d820
  [ 7229.433127] x3 : 0000000080200005 x2 : fffffe000dd9d820
  [ 7229.433129] x1 : 0000000000000000 x0 : 0000000000000000
  [ 7229.433131] Call trace:
  [ 7229.433134]  inet_frag_rbtree_purge+0x58/0x88
  [ 7229.433138]  ip_frag_queue+0x2d0/0x610
  [ 7229.433139]  ip_defrag+0xd0/0x170
  [ 7229.433156]  ovs_ct_execute+0x3f8/0x720 [openvswitch]
  [ 7229.433160] Unable to handle kernel paging request at virtual address 
00000001000000d0
  [ 7229.433166]  do_execute_actions+0x7b4/0xa80 [openvswitch]
  [ 7229.433167] Mem abort info:
  [ 7229.433172]  ovs_execute_actions+0x74/0x188 [openvswitch]
  [ 7229.433173]   ESR = 0x96000004
  [ 7229.433178]  ovs_packet_cmd_execute+0x228/0x2a8 [openvswitch]
  [ 7229.433180]   EC = 0x25: DABT (current EL), IL = 32 bits
  [ 7229.433183]  genl_family_rcv_msg+0x1a4/0x3d8
  [ 7229.433184]   SET = 0, FnV = 0
  [ 7229.433186]  genl_rcv_msg+0x64/0xd8

   * brief explanation of fixes
  The series contains 7 patches from upstream which fix act_ct handling of 
fragmented Packets.

  * How to test
  Create OVS bridge with 2 representors (uplink and BlueField representor for 
example).
  Enable HW offload and configure connection tracking OpenFlow rules.
  Send udp/icmp traffic from the VF with packet size larger then MTU.
  Without the commits, call trace will appear in dmesg.

  * What it could break.
  Bug fix, doesn't break other functionality

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1940872/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to