[Bug 1922672] Re: kernel crash with stress CT offload traffic
This bug was fixed in the package linux-bluefield - 5.4.0-1011.14 --- linux-bluefield (5.4.0-1011.14) focal; urgency=medium * focal/linux-bluefield: 5.4.0-1011.14 -proposed tracker (LP: #1923761) * kernel crash with stress CT offload traffic (LP: #1922672) - netfilter: conntrack: Move nf_ct_offload_timeout to header file - netfilter: flowtable: Set offload timeout when adding flow * support offloading of ct_state flags invalid and reply (LP: #1922682) - net/sched: cls_flower add CT_FLAGS_INVALID flag support - net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct - net/sched: act_ct: clear post_ct if doing ct_clear - net/sched: cls_flower: Add match on the ct_state reply flag - net: flow_offload: Add original direction flag to ct_metadata * netfilter offload could bloat up memory (LP: #1922678) - netfilter: flowtable: separate replace, destroy and stats to different workqueues - SAUCE: netfilter: nf_flow_table_offload: Limit work entries on offload add wq * TLS fixes (LP: #1916508) - net/tls: Add asynchronous resync - net/tls: fix sign extension issue when left shifting u16 value - net/tls: Fix wrong record sn in async mode of device resync * ipmb_host.c: Fix slow transactions (LP: #1922393) - SAUCE: ipmb_host.c: Fix slow transactions * i2c-mlx.c: sync up with upstream (LP: #1921506) - SAUCE: Syncup i2c-mlx driver with upstreamed version [ Ubuntu: 5.4.0-73.82 ] * focal/linux: 5.4.0-73.82 -proposed tracker (LP: #1923781) * Packaging resync (LP: #1786013) - update dkms package versions * CIFS DFS entries not accessible with 5.4.0-71.74-generic (LP: #1923670) - Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath." * CVE-2021-29650 - Revert "netfilter: x_tables: Update remaining dereference to RCU" - Revert "netfilter: x_tables: Switch synchronization to RCU" - netfilter: x_tables: Use correct memory barriers. * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key (LP: #1918134) - [Packaging] dkms-build{,--nvidia-N} sync back from LRMv4 * 5.4 kernel: when iommu is on crashdump fails (LP: #1922738) - iommu/vt-d: Refactor find_domain() helper - iommu/vt-d: Add attach_deferred() helper - iommu/vt-d: Move deferred device attachment into helper function - iommu/vt-d: Do deferred attachment in iommu_need_mapping() - iommu/vt-d: Remove deferred_attach_domain() - iommu/vt-d: Simplify check in identity_mapping() * Backport mlx5e fix for tunnel offload (LP: #1921769) - net/mlx5e: Check tunnel offload is required before setting SWP * Bcache bypasse writeback on caching device with fragmentation (LP: #1900438) - bcache: consider the fragmentation when update the writeback rate * Fix implicit declaration warnings for kselftests/memfd test on newer releases (LP: #1910323) - selftests/memfd: Fix implicit declaration warnings * net/mlx5e: Add missing capability check for uplink follow (LP: #1921104) - net/mlx5e: Add missing capability check for uplink follow * [UBUNUT 21.04] s390/vtime: fix increased steal time accounting (LP: #1921498) - s390/vtime: fix increased steal time accounting * Mute/Mic-mute LEDs are not work on HP 850/840/440 G8 Laptops (LP: #1920030) - ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 - ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8 * Focal update: v5.4.106 upstream stable release (LP: #1920246) - uapi: nfnetlink_cthelper.h: fix userspace compilation error - powerpc/pseries: Don't enforce MSI affinity with kdump - ath9k: fix transmitting to stations in dynamic SMPS mode - net: Fix gro aggregation for udp encaps with zero csum - net: check if protocol extracted by virtio_net_hdr_set_proto is correct - net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 - sh_eth: fix TRSCER mask for SH771x - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership - can: flexcan: assert FRZ bit in flexcan_chip_freeze() - can: flexcan: enable RX FIFO after FRZ/HALT valid - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode - can: tcan4x5x: tcan4x5x_init(): fix initialization - clear MRAM before entering Normal Mode - tcp: add sanity tests to TCP_QUEUE_SEQ - netfilter: nf_nat: undo erroneous tcp edemux lookup - netfilter: x_tables: gpf inside xt_find_revision() - selftests/bpf: No need to drop the packet when there is no geneve opt - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier - samples, bpf: Add missing munmap in xdpsock - ibmvnic: always store valid MAC address - mt76: dma: do not report truncated frames to mac80211 - powerpc/603: Fix protection of us
[Bug 1922672] Re: kernel crash with stress CT offload traffic
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922672 Title: kernel crash with stress CT offload traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922672] Re: kernel crash with stress CT offload traffic
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922672 Title: kernel crash with stress CT offload traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922672] Re: kernel crash with stress CT offload traffic
** Changed in: linux-bluefield (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922672 Title: kernel crash with stress CT offload traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922672] Re: kernel crash with stress CT offload traffic
** Description changed: + [SRU Justification] + + = Impact = + + A potential race between cancelling offloaded traffic timeouts on busy + systems and those timeouts triggering could potentially crash the + system. + + = Fix = + + Picking a patch (and its pre-req which just moves code from local code + into a header) that sets sufficiently large timeout values to prevent + those from accidentally triggering will solve the problem. + + = Testcase = + + See original description below. + + = Regression Potential = + + If those large timeouts never happen (from the code description those + are set to days) and are not stopped by the offload functions, this + could lead to stuck traffic and possibly running out of buffers/memory. + + --- original description --- + Configuring CT offload with OVS and running stress http traffic that opens conns, send short data and close the conns. there is a race that could potentially crash the system. X86 side: /etc/init.d/openibd restart ifconfig $1 up ifconfig $2 up tc qdisc del dev $1 ingress tc qdisc del dev $2 ingress sleep 5 tc qdisc add dev $1 ingress tc qdisc add dev $2 ingress tc filter add dev $1 protocol all parent : flower action mirred egress redirect dev $2 tc filter add dev $2 protocol all parent : flower action mirred egress redirect dev $1 ip l set dev $1 promisc on ip l set dev $2 promisc on arm side: ovs-vsctl set Open_vSwitch . other_config:hw-offload=true service openvswitch restart for br in `ovs-vsctl list-br`; do - ovs-vsctl del-br $br + ovs-vsctl del-br $br done ovs-vsctl add-br ovsbr1 ovs-vsctl add-port ovsbr1 p0 ovs-vsctl add-port ovsbr1 pf0hpf ovs-vsctl add-br ovsbr2 ovs-vsctl add-port ovsbr2 p1 ovs-vsctl add-port ovsbr2 pf1hpf ovs-ofctl del-flows ovsbr1 ovs-ofctl add-flow ovsbr1 arp,actions=normal ovs-ofctl add-flow ovsbr1 "table=0, ip,ct_state=-trk actions=ct(table=1)" ovs-ofctl add-flow ovsbr1 "table=1, ip,ct_state=+trk+new actions=ct(, commit),normal" ovs-ofctl add-flow ovsbr1 "table=1, ip,ct_state=+trk+est actions=normal" - - - - # ovs-vsctl show 9b68adbd-406b-4f72-8b4c-312d9379b8b9 - Bridge ovsbr2 - Port ovsbr2 - Interface ovsbr2 - type: internal - Port pf1hpf - Interface pf1hpf - Port p1 - Interface p1 - Bridge ovsbr1 - Port p0 - Interface p0 - Port ovsbr1 - Interface ovsbr1 - type: internal - Port pf0hpf - Interface pf0hpf - ovs_version: "2.14.1" - dmesg: + Bridge ovsbr2 + Port ovsbr2 + Interface ovsbr2 + type: internal + Port pf1hpf + Interface pf1hpf + Port p1 + Interface p1 + Bridge ovsbr1 + Port p0 + Interface p0 + Port ovsbr1 + Interface ovsbr1 + type: internal + Port pf0hpf + Interface pf0hpf + ovs_version: "2.14.1" + Â dmesg: - 1285.179728] Failed to associated timeout policy `ovs_test_tp' - [ 1587.421221] Unable to handle kernel NULL pointer dereference at virtual address 004c - [ 1587.430043] Mem abort info: - [ 1587.432929] ESR = 0x9604 - [ 1587.436025] EC = 0x25: DABT (current EL), IL = 32 bits - [ 1587.421221] Unable to handle k[ 1587.441377] SET = 0, FnV = 0 - ernel NULL pointer dereference a[ 1587.447279] EA = 0, S1PTW = 0 - t virtual address 004[ 1587.453188] Data abort info:
[Bug 1922672] Re: kernel crash with stress CT offload traffic
** Also affects: linux-bluefield (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-bluefield (Ubuntu Focal) Importance: Undecided => High ** Changed in: linux-bluefield (Ubuntu Focal) Status: New => Triaged ** Changed in: linux-bluefield (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922672 Title: kernel crash with stress CT offload traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922672] Re: kernel crash with stress CT offload traffic
there is already a patch in upstream kernel solving this. was tested. will submit. 07f8edbfd279 netfilter: flowtable: Set offload timeout when adding flow -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922672 Title: kernel crash with stress CT offload traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1922672/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs