Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: Various fixes for MAX_*_OPTIONS and support for 5.10 #24122

Merged
merged 8 commits into from Mar 29, 2023
Merged

bpf: Various fixes for MAX_*_OPTIONS and support for 5.10 #24122

merged 8 commits into from Mar 29, 2023

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Mar 1, 2023
edited

Summary of changes:

  • Commits 1-2 adds debugging information to the verifier test.
  • Commits 3 and 5 fix issues with the make -C bpf kernel=X command.
  • Commits 4 and 6 simplify the MAX_*_OPTIONS a bit.
  • Commit 7 adds support for 5.10 in the MAX_*_OPTIONS and in the complexity tests.
  • Commit 8 fixes a mistake to be on the safe side (not causing a bug today AFAIK).

See commits for details.

Successful run: https://github.com/cilium/cilium/actions/runs/4552745444?pr=24122.

@pchaigno pchaigno added area/CI Continuous Integration testing issue or flake sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/ci This PR makes changes to the CI. kind/complexity-issue Relates to BPF complexity or program size issues labels Mar 1, 2023
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch from f8823c4 to 5e35a27 Compare March 2, 2023 21:53
@pchaigno pchaigno mentioned this pull request Mar 3, 2023
Merged
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch 15 times, most recently from 9b59387 to 6f56e35 Compare March 10, 2023 13:05
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch 3 times, most recently from b2c5bfb to f08fe78 Compare March 11, 2023 23:05
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch 2 times, most recently from 0006388 to 9a9f091 Compare March 16, 2023 13:17
gentoo-root
gentoo-root requested changes Mar 16, 2023
View reviewed changes
bpf/Makefile Outdated Show resolved Hide resolved
bpf/Makefile Outdated Show resolved Hide resolved
bpf/Makefile Outdated Show resolved Hide resolved
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch from 9a9f091 to 0e92958 Compare March 24, 2023 12:03
@pchaigno pchaigno requested review from tklauser and aanm March 24, 2023 12:33
@pchaigno pchaigno changed the title bpf: Various fixed for MAX_*_OPTIONS and support for 5.10 bpf: Various fixes for MAX_*_OPTIONS and support for 5.10 Mar 24, 2023
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch from 7e466fe to 5e13a15 Compare March 25, 2023 12:15
@pchaigno pchaigno requested a review from aanm March 27, 2023 10:47
tklauser
tklauser approved these changes Mar 28, 2023
View reviewed changes
test/verifier/verifier_test.go Show resolved Hide resolved
pchaigno and others added 8 commits March 29, 2023 12:04
@pchaigno @tklauser
test/verifier: Output make errors
fbcf93c 
Co-authored-by: Tobias Klauser <tobias@cilium.io>
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Tobias Klauser <tobias@cilium.io>
@pchaigno
workflows/verifier: Display exact kernel version
6aa8871 
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf/Makefile: Fix compilation with KERNEL=netnext
aea75bf 
Running make -C bpf KERNEL=netnext currently fails with:

    In file included from bpf_xdp.c:42:
    In file included from /home/paul/cilium3/bpf/lib/nodeport.h:20:
    In file included from /home/paul/cilium3/bpf/lib/encap.h:11:
    /home/paul/cilium3/bpf/lib/wireguard.h:80:12: error: no member named 'mark' in 'struct xdp_md'
            if ((ctx->mark & MARK_MAGIC_WG_ENCRYPTED) == MARK_MAGIC_WG_ENCRYPTED)
                 ~~~  ^
    1 error generated.

That is because ENABLE_WIREGUARD is enabled even for bpf_xdp. Instead of
enabling it in MAX_BASE_OPTIONS, we should enable it only for bpf_host,
bpf_lxc, and bpf_overlay.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf/Makefile: Fix condition to enable egress gateway
2ed7df0 
I tested with KERNEL=419 and KERNEL=54 and the ENABLE_EGRESS_GATEWAY
macro would never be defined. In short, this is caused by an improper
use of double quotes. See [1] for the longer explanation.

We also update KERNEL's default value to be 'kernel' and not '"kernel"'
(quotes were part of the variable).

1 - #24122 (comment)
Fixes: d0390ff ("bpf: add wider compile testing for EgressGW")
Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf/Makefile: Move ENABLE_VTEP to MAX_BASE_OPTIONS
f8298b0 
By moving ENABLE_VTEP to MAX_BASE_OPTIONS, we simplify a bit the logic,
but it also means we will now enable it for all BPF programs. That
shouldn't be an issue given it's compatible with e.g. XDP.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf/Makefile: Simplify conditions using filter
7eeb85e 
No functional changes in this commit.

We make use of the filter function to simplify conditions into the
following pattern:

    if $KERNEL one of 54, netnext; then
        Enable any feature that isn't supported on 4.19
    if $KERNEL one of netnext; then
        Enable any feature that isn't supported on 4.19 and 5.4

(Remember that we currently only support 4.19, 5.4, and netnext as
KERNEL values.)

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf,test: Support 5.10 in complexity tests
67e18c4 
This commit adds explicit coverage for 5.10 in complexity tests. I'm
calling it 'explicit' because it doesn't just run on a 5.10 kernel but
also tailors the datapath configuration to that kernel.

The 5.15 CI run will also use the datapath configuration for 5.10. Until
now, it used the 5.4 configuration which has less features enabled.

The features we can enable on 5.10 are the same we can enable on
net-next today. That is, we don't have any feature yet that requires
5.11 or newer. The exception would be IPv6 BIG TCP, but that doesn't
impact the BPF code.

5.10 and netnext configuration are currently the same. That will change
once we start having 5.11+ features.

Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno
bpf/complexity-tests: ENABLE_SCTP to ENABLE_SCTP=1
1aed520 
All feature macros should follow the pattern ENABLE_XXX=1. Our
is_defined macro in the datapath relies on that pattern so best to use
it everywhere.

Fixes: ae046b4 ("bpf: Add partial SCTP support.")
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch from 5e13a15 to d80e94a Compare March 29, 2023 10:05
@pchaigno pchaigno mentioned this pull request Mar 29, 2023
Closed
@pchaigno pchaigno force-pushed the pr/pchaigno/bpf-options-cover-510-515 branch from d80e94a to 1aed520 Compare March 29, 2023 10:12
@pchaigno
Copy link
Member Author

pchaigno commented Mar 29, 2023
edited

The changes made here are only covered by the verifier workflow (updated link to passing run in OP) and the build datapath job. Both are passing. I don't think we need to wait for the cilium/loader review given we already have three reviews including Maxim from datapath and Tobias who originally ported this code to a workflow.

@pchaigno pchaigno added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 29, 2023
@julianwiedmann
Copy link
Member

The changes made here are only covered by the verifier workflow (updated link to passing run in OP) and the build datapath job. Both are passing. I don't think we need to wait for the cilium/loader review given we already have three reviews including Maxim from datapath and Tobias who originally ported this code to a workflow.

Don't we need a focused Jenkins run to cover 4.19 ?

@pchaigno
Copy link
Member Author

The changes made here are only covered by the verifier workflow (updated link to passing run in OP) and the build datapath job. Both are passing. I don't think we need to wait for the cilium/loader review given we already have three reviews including Maxim from datapath and Tobias who originally ported this code to a workflow.

Don't we need a focused Jenkins run to cover 4.19 ?

I wondered the same (and even triggered the test 😅), but no, I don't think so. The 4.19 Jenkins run relies on the configs under bpf/complexity-tests/419 (not changed) and the test code under test/k8s/verifier.go (not changed). It doesn't rely on bpf/Makefile's MAX_*_OPTIONS macros.

@julianwiedmann
Copy link
Member

It doesn't rely on bpf/Makefile's MAX_*_OPTIONS macros.

👍

@julianwiedmann julianwiedmann merged commit a03aed2 into master Mar 29, 2023
41 of 42 checks passed
@julianwiedmann julianwiedmann deleted the pr/pchaigno/bpf-options-cover-510-515 branch March 29, 2023 11:22
julianwiedmann pushed a commit that referenced this pull request Mar 29, 2023
@pchaigno @julianwiedmann
bpf/Makefile: Fix condition to enable egress gateway
2711357 
I tested with KERNEL=419 and KERNEL=54 and the ENABLE_EGRESS_GATEWAY
macro would never be defined. In short, this is caused by an improper
use of double quotes. See [1] for the longer explanation.

We also update KERNEL's default value to be 'kernel' and not '"kernel"'
(quotes were part of the variable).

1 - #24122 (comment)
Fixes: d0390ff ("bpf: add wider compile testing for EgressGW")
Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno mentioned this pull request Mar 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@gentoo-root gentoo-root gentoo-root approved these changes

@aanm aanm aanm approved these changes

@ldelossa ldelossa Awaiting requested review from ldelossa ldelossa was automatically assigned from cilium/loader

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake kind/complexity-issue Relates to BPF complexity or program size issues ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@pchaigno @julianwiedmann @tklauser @gentoo-root @aanm