[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
This bug was fixed in the package linux-bluefield - 5.4.0-1021.24 --- linux-bluefield (5.4.0-1021.24) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1021.24 -proposed tracker (LP: #1947236) * Packaging resync (LP: #1786013) - [Packaging] update Ubuntu.md * Add psample tunnel support and also two fixes for psample issues. (LP: #1946266) - net: psample: Add tunnel support - net: psample: fix build error when CONFIG_INET is not enabled - net: psample: Fix netlink skb length with tunnel info - psample: Fix user API breakage * Fix ignoring ct state match of OVS offload to TC/HW (LP: #1944390) - netlink: add mask validation - net/sched: cls_flower: Reject invalid ct_state flags rules - net/sched: cls_flower: validate ct_state for invalid and reply flags - net/sched: cls_flower: fix only mask bit check in the validate_ct_state * Fix byte count on fragmented packets in tc ct action (LP: #1946393) - net/sched: act_ct: add miss tcf_lastuse_update. - SAUCE: net/sched: act_ct: Fix byte count on fragmented packets [ Ubuntu: 5.4.0-90.101 ] * focal/linux: 5.4.0-90.101 -proposed tracker (LP: #1947260) * Packaging resync (LP: #1786013) - debian/dkms-versions -- update from kernel-versions (main/2021.10.18) * Add final-checks to check certificates (LP: #1947174) - [Packaging] Add system trusted and revocation keys final check * No sound on Lenovo laptop models Legion 15IMHG05, Yoga 7 14ITL5, and 13s Gen2 (LP: #1939052) - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops. - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 * CVE-2020-36385 - RDMA/cma: Add missing locking to rdma_accept() - RDMA/ucma: Fix the locking of ctx->file - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy * Focal update: v5.4.148 upstream stable release (LP: #1946802) - rtc: tps65910: Correct driver module alias - btrfs: wake up async_delalloc_pages waiters after submit - btrfs: reset replace target device to allocation state on close - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN - PCI/MSI: Skip masking MSI-X on Xen PV - powerpc/perf/hv-gpci: Fix counter value parsing - xen: fix setting of max_pfn in shared_info - include/linux/list.h: add a macro to test if entry is pointing to the head - 9p/xen: Fix end of loop tests for list_for_each_entry - tools/thermal/tmon: Add cross compiling support - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast - pinctrl: ingenic: Fix incorrect pull up/down info - soc: qcom: aoss: Fix the out of bound usage of cooling_devs - soc: aspeed: lpc-ctrl: Fix boundary check for mmap - soc: aspeed: p2a-ctrl: Fix boundary check for mmap - arm64: head: avoid over-mapping in map_memory - crypto: public_key: fix overflow during implicit conversion - block: bfq: fix bfq_set_next_ioprio_data() - power: supply: max17042: handle fails of reading status register - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() - VMCI: fix NULL pointer dereference when unmapping queue pair - media: uvc: don't do DMA on stack - media: rc-loopback: return number of emitters rather than error - Revert "dmaengine: imx-sdma: refine to load context only once" - dmaengine: imx-sdma: remove duplicated sdma_load_context - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs - ARM: 9105/1: atags_to_fdt: don't warn about stack size - PCI/portdrv: Enable Bandwidth Notification only if port supports it - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure - PCI: xilinx-nwl: Enable the clock through CCF - PCI: aardvark: Fix checking for PIO status - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts - HID: input: do not report stylus battery state as "full" - f2fs: quota: fix potential deadlock - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND - IB/hfi1: Adjust pkey entry in index 0 - RDMA/iwcm: Release resources if iw_cm module initialization fails - docs: Fix infiniband uverbs minor number - pinctrl: samsung: Fix pinctrl bank pin count - vfio: Use config not menuconfig for VFIO_NOIOMMU - powerpc/stacktrace: Include linux/delay.h - RDMA/efa: Remove double QP type assignment - f2fs: show f2fs instance in printk_ratelimited - f2fs: reduce the scope of setting fsck tag when de->name_len is zero - openrisc: don't printk() unconditionally - dma-debug: fix debugfs initialization order - SUNRPC: Fix potential memory corrupti
[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1944390 Title: Fix ignoring ct state match of OVS offload to TC/HW Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug When using OVS with tc to offload connection tracking flows, if user matches on ct_state other then trk and est, such as ct_state +rpl, it will be silently ignored by TC/HW and might result in wrong actions being executed. * How to test Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices) Enable HW offload and configure connection tracking OpenFlow rules which match on ct_state +rpl and do different actions based on that match. e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2" With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl match, and without they don't have, meaning the match is ignored. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
Hi Bodong, may you please verify the focal/bluefield kernel in -proposed resolves this bug? You can find more instructions in comment #1. Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1944390 Title: Fix ignoring ct state match of OVS offload to TC/HW Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug When using OVS with tc to offload connection tracking flows, if user matches on ct_state other then trk and est, such as ct_state +rpl, it will be silently ignored by TC/HW and might result in wrong actions being executed. * How to test Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices) Enable HW offload and configure connection tracking OpenFlow rules which match on ct_state +rpl and do different actions based on that match. e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2" With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl match, and without they don't have, meaning the match is ignored. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
This bug is awaiting verification that the linux-bluefield/5.4.0-1021.24 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1944390 Title: Fix ignoring ct state match of OVS offload to TC/HW Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug When using OVS with tc to offload connection tracking flows, if user matches on ct_state other then trk and est, such as ct_state +rpl, it will be silently ignored by TC/HW and might result in wrong actions being executed. * How to test Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices) Enable HW offload and configure connection tracking OpenFlow rules which match on ct_state +rpl and do different actions based on that match. e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2" With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl match, and without they don't have, meaning the match is ignored. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
** Changed in: linux-bluefield (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1944390 Title: Fix ignoring ct state match of OVS offload to TC/HW Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: Fix Committed Bug description: * Explain the bug When using OVS with tc to offload connection tracking flows, if user matches on ct_state other then trk and est, such as ct_state +rpl, it will be silently ignored by TC/HW and might result in wrong actions being executed. * How to test Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices) Enable HW offload and configure connection tracking OpenFlow rules which match on ct_state +rpl and do different actions based on that match. e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2" With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl match, and without they don't have, meaning the match is ignored. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1944390] Re: Fix ignoring ct state match of OVS offload to TC/HW
** Also affects: linux-bluefield (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-bluefield (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: linux-bluefield (Ubuntu Focal) Status: New => In Progress ** Changed in: linux-bluefield (Ubuntu Focal) Assignee: (unassigned) => Bodong Wang (bodong-wang) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-bluefield in Ubuntu. https://bugs.launchpad.net/bugs/1944390 Title: Fix ignoring ct state match of OVS offload to TC/HW Status in linux-bluefield package in Ubuntu: New Status in linux-bluefield source package in Focal: In Progress Bug description: * Explain the bug When using OVS with tc to offload connection tracking flows, if user matches on ct_state other then trk and est, such as ct_state +rpl, it will be silently ignored by TC/HW and might result in wrong actions being executed. * How to test Create OVS bridge with 2 devices $dev1, $dev2 (can be any devices) Enable HW offload and configure connection tracking OpenFlow rules which match on ct_state +rpl and do different actions based on that match. e.g: ovs-ofctl del-flows br-ovs ovs-ofctl add-flow br-ovs arp,actions=normal ovs-ofctl add-flow br-ovs "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+new actions=ct(commit),normal" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est-rpl, actions=$dev1" ovs-ofctl add-flow br-ovs "table=1, ip,ct_state=+trk+est+rpl, actions=$dev2" With commits, ovs dump-flows (or tc show on devs) will have ct_state +rpl match, and without they don't have, meaning the match is ignored. * What it could break. NA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1944390/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
