lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241106071727.466252-1-gerald.yang@canonical.com>
Date: Wed,  6 Nov 2024 15:17:24 +0800
From: Gerald Yang <gerald.yang@...onical.com>
To: Jianbo Liu <jianbol@...dia.com>,
	Frode Nordahl <frode.nordahl@...onical.com>,
	Saeed Mahameed <saeedm@...dia.com>,
	Ariel Levkovich <lariel@...dia.com>
Cc: "David S . Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Eric Dumazet <edumazet@...gle.com>,
	netdev@...r.kernel.org,
	Tariq Toukan <tariqt@...dia.com>,
	Saeed Mahameed <saeed@...nel.org>,
	Jay Vosburgh <jay.vosburgh@...onical.com>,
	Gerald Yang <gerald.yang@...onical.com>
Subject: Re: [net 09/10] net/mlx5e: Don't offload internal port if filter device is out device

>>> From: Jianbo Liu <jianbol@...dia.com>
>>>
>>> In the cited commit, if the routing device is ovs internal port, the
>>> out device is set to uplink, and packets go out after encapsulation.
>>>
>>> If filter device is uplink, it can trigger the following syndrome:
>>> mlx5_core 0000:08:00.0: mlx5_cmd_out_err:803:(pid 3966): SET_FLOW_TABLE_ENTRY(0x936) op_mod(0x0) failed, status bad parameter(0x3), syndrome (0xcdb051), err(-22)
>>>
>>> Fix this issue by not offloading internal port if filter device is out
>>> device. In this case, packets are not forwarded to the root table to
>>> be processed, the termination table is used instead to forward them
>>> from uplink to uplink.
>> 
>> This patch breaks forwarding for in production use cases with hardware
>> offload enabled. In said environments, we do not see the above
>> mentioned syndrome, so it appears the logic change in this patch hits
>> too wide.
>> 
>
>Thank you for the report. We'll send fix or maybe revert later.
>
>Jianbo

Hi Jianbo,

Thanks for checking this, since this issue affects our production environment,
is it possible to revert this commit first, if it would take some time to fix it?

Thanks,
Gerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ