New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
datapath: Fix back-edge in bpf_sock for older kernels #11739
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The commit 4fa26a4 ("datapath: Enable sessionAffinity for older kernels") enabled the session affinity feature in bpf_sock when running on older kernels (e.g. 4.19.57). However, the feature was broken on such kernels due to the back-edge detected by the BPF verifier: msg="+ tc exec bpf pin /sys/fs/bpf/tc/globals/cilium_cgroups_connect6 obj bpf_sock.o type sockaddr attach_type connect6 sec connect6" subsys=datapath-loader subsys=datapath-loader msg="Prog section 'connect6' rejected: Invalid argument (22)!" subsys=datapath-loader msg=" - Type: 18" subsys=datapath-loader msg=" - Attach Type: 11" subsys=datapath-loader msg=" - Instructions: 740 (0 over limit)" subsys=datapath-loader msg=" - License: GPL" subsys=datapath-loader subsys=datapath-loader msg="Verifier analysis:" subsys=datapath-loader subsys=datapath-loader msg="back-edge from insn 624 to 570" subsys=datapath-loader subsys=datapath-loader msg="Error fetching program/map!" subsys=datapath-loader This was happening, as in the backend reselection case (when a backend from affinity cannot be found) we goto to previous lines in the code. Fix it by immediately checking whether the backend from affinity exists. Fixes: 4fa26a4 ("datapath: Enable sessionAffinity for older kernels") Reported-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt>
brb
added
kind/bug
This is a bug in the Cilium logic.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
needs-backport/1.8
labels
May 28, 2020
Please set the appropriate release note label. |
3 similar comments
Please set the appropriate release note label. |
Please set the appropriate release note label. |
Please set the appropriate release note label. |
retest-4.19 |
retest-net-next |
retest-runtime |
pchaigno
approved these changes
May 28, 2020
brb
added
the
release-note/bug
This PR fixes an issue in a previous release of Cilium.
label
May 28, 2020
borkmann
approved these changes
May 28, 2020
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
kind/bug
This is a bug in the Cilium logic.
release-note/bug
This PR fixes an issue in a previous release of Cilium.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The commit 4fa26a4 ("datapath: Enable sessionAffinity for older
kernels") enabled the session affinity feature in bpf_sock when running
on older kernels (e.g. 4.19.57). However, the feature was broken on such
kernels due to the back-edge detected by the BPF verifier:
This was happening, as in the backend reselection case (when a backend from
affinity cannot be found) we goto to previous lines in the code.
Fix it by immediately checking whether the backend from affinity exists.
Fixes: 4fa26a4 ("datapath: Enable sessionAffinity for older kernels")
Reported-by: Paul Chaignon paul@cilium.io
Fix #11731