datapath: Fix back-edge in bpf_sock for older kernels #11739
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The commit 4fa26a4 ("datapath: Enable sessionAffinity for older kernels") enabled the session affinity feature in bpf_sock when running on older kernels (e.g. 4.19.57). However, the feature was broken on such kernels due to the back-edge detected by the BPF verifier: msg="+ tc exec bpf pin /sys/fs/bpf/tc/globals/cilium_cgroups_connect6 obj bpf_sock.o type sockaddr attach_type connect6 sec connect6" subsys=datapath-loader subsys=datapath-loader msg="Prog section 'connect6' rejected: Invalid argument (22)!" subsys=datapath-loader msg=" - Type: 18" subsys=datapath-loader msg=" - Attach Type: 11" subsys=datapath-loader msg=" - Instructions: 740 (0 over limit)" subsys=datapath-loader msg=" - License: GPL" subsys=datapath-loader subsys=datapath-loader msg="Verifier analysis:" subsys=datapath-loader subsys=datapath-loader msg="back-edge from insn 624 to 570" subsys=datapath-loader subsys=datapath-loader msg="Error fetching program/map!" subsys=datapath-loader This was happening, as in the backend reselection case (when a backend from affinity cannot be found) we goto to previous lines in the code. Fix it by immediately checking whether the backend from affinity exists. Fixes: 4fa26a4 ("datapath: Enable sessionAffinity for older kernels") Reported-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Martynas Pumputis <m@lambda.lt>
brb
added
kind/bug
|
Please set the appropriate release note label. |
3 similar comments
|
Please set the appropriate release note label. |
|
Please set the appropriate release note label. |
|
Please set the appropriate release note label. |
|
retest-4.19 |
|
retest-net-next |
|
retest-runtime |
pchaigno
approved these changes
May 28, 2020
brb
added
the
release-note/bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The commit 4fa26a4 ("datapath: Enable sessionAffinity for older
kernels") enabled the session affinity feature in bpf_sock when running
on older kernels (e.g. 4.19.57). However, the feature was broken on such
kernels due to the back-edge detected by the BPF verifier:
This was happening, as in the backend reselection case (when a backend from
affinity cannot be found) we goto to previous lines in the code.
Fix it by immediately checking whether the backend from affinity exists.
Fixes: 4fa26a4 ("datapath: Enable sessionAffinity for older kernels")
Reported-by: Paul Chaignon paul@cilium.io
Fix #11731