[SRU,F:linux-bluefield] UBUNTU: SAUCE: net/sched: act_ct: Fix ct template allocation for zone 0

From: Ariel Levkovich <lariel@nvidia.com>

BugLink: https://bugs.launchpad.net/bugs/1929460

Fix current behavior of skipping template allocation in case the
ct action is in zone 0.

Skipping the allocation may cause the datapath ct code to ignore the
entire ct action with all its attributes (commit, nat) in case the ct
action in zone 0 was preceded by a ct clear action.

The ct clear action sets the ct_state to untracked and resets the
skb->_nfct pointer. Under these conditions and without an allocated
ct template, the skb->_nfct pointer will remain NULL which will
cause the tc ct action handler to exit without handling commit and nat
actions, if such exist.

For example, the following rule in OVS dp:
recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
recirc(0x37a)

Will result in act_ct skipping the commit and nat actions in zone 0.

The change removes the skipping of template allocation for zone 0 and
treats it the same as any other zone.

Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
Signed-off-by: Daniel Jurgens <danielj@nvidia.com>
---
 net/sched/act_ct.c | 3 ---
 1 file changed, 3 deletions(-)

On 24/05/2021 15:23, Daniel Jurgens wrote:
> From: Ariel Levkovich <lariel@nvidia.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1929460
> 
> Fix current behavior of skipping template allocation in case the
> ct action is in zone 0.
> 
> Skipping the allocation may cause the datapath ct code to ignore the
> entire ct action with all its attributes (commit, nat) in case the ct
> action in zone 0 was preceded by a ct clear action.
> 
> The ct clear action sets the ct_state to untracked and resets the
> skb->_nfct pointer. Under these conditions and without an allocated
> ct template, the skb->_nfct pointer will remain NULL which will
> cause the tc ct action handler to exit without handling commit and nat
> actions, if such exist.
> 
> For example, the following rule in OVS dp:
> recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
> in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
> recirc(0x37a)
> 
> Will result in act_ct skipping the commit and nat actions in zone 0.
> 
> The change removes the skipping of template allocation for zone 0 and
> treats it the same as any other zone.
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj@nvidia.com>
> ---
>  net/sched/act_ct.c | 3 ---
>  1 file changed, 3 deletions(-)


Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>


Best regards,
Krzysztof

On 24/05/2021 15:23, Daniel Jurgens wrote:
> From: Ariel Levkovich <lariel@nvidia.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1929460
> 
> Fix current behavior of skipping template allocation in case the
> ct action is in zone 0.
> 
> Skipping the allocation may cause the datapath ct code to ignore the
> entire ct action with all its attributes (commit, nat) in case the ct
> action in zone 0 was preceded by a ct clear action.
> 
> The ct clear action sets the ct_state to untracked and resets the
> skb->_nfct pointer. Under these conditions and without an allocated
> ct template, the skb->_nfct pointer will remain NULL which will
> cause the tc ct action handler to exit without handling commit and nat
> actions, if such exist.
> 
> For example, the following rule in OVS dp:
> recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
> in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
> recirc(0x37a)
> 
> Will result in act_ct skipping the commit and nat actions in zone 0.
> 
> The change removes the skipping of template allocation for zone 0 and
> treats it the same as any other zone.
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj@nvidia.com>
> ---
>  net/sched/act_ct.c | 3 ---
>  1 file changed, 3 deletions(-)
> 


Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>


Best regards,
Krzysztof

On 24.05.21 21:23, Daniel Jurgens wrote:
> From: Ariel Levkovich <lariel@nvidia.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1929460
> 
> Fix current behavior of skipping template allocation in case the
> ct action is in zone 0.
> 
> Skipping the allocation may cause the datapath ct code to ignore the
> entire ct action with all its attributes (commit, nat) in case the ct
> action in zone 0 was preceded by a ct clear action.
> 
> The ct clear action sets the ct_state to untracked and resets the
> skb->_nfct pointer. Under these conditions and without an allocated
> ct template, the skb->_nfct pointer will remain NULL which will
> cause the tc ct action handler to exit without handling commit and nat
> actions, if such exist.
> 
> For example, the following rule in OVS dp:
> recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
> in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
> recirc(0x37a)
> 
> Will result in act_ct skipping the commit and nat actions in zone 0.
> 
> The change removes the skipping of template allocation for zone 0 and
> treats it the same as any other zone.
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj@nvidia.com>

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

Thanks

> ---
>   net/sched/act_ct.c | 3 ---
>   1 file changed, 3 deletions(-)
> 
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index 4627bb7..96b1417 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -1186,9 +1186,6 @@ static int tcf_ct_fill_params(struct net *net,
>   				   sizeof(p->zone));
>   	}
>   
> -	if (p->zone == NF_CT_DEFAULT_ZONE_ID)
> -		return 0;
> -
>   	nf_ct_zone_init(&zone, p->zone, NF_CT_DEFAULT_ZONE_DIR, 0);
>   	tmpl = nf_ct_tmpl_alloc(net, &zone, GFP_KERNEL);
>   	if (!tmpl) {
>

Applied to F/bluefield master-next. Thank you!

-Kelsey

On 2021-05-24 22:23:17 , Daniel Jurgens wrote:
> From: Ariel Levkovich <lariel@nvidia.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1929460
> 
> Fix current behavior of skipping template allocation in case the
> ct action is in zone 0.
> 
> Skipping the allocation may cause the datapath ct code to ignore the
> entire ct action with all its attributes (commit, nat) in case the ct
> action in zone 0 was preceded by a ct clear action.
> 
> The ct clear action sets the ct_state to untracked and resets the
> skb->_nfct pointer. Under these conditions and without an allocated
> ct template, the skb->_nfct pointer will remain NULL which will
> cause the tc ct action handler to exit without handling commit and nat
> actions, if such exist.
> 
> For example, the following rule in OVS dp:
> recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
> in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
> recirc(0x37a)
> 
> Will result in act_ct skipping the commit and nat actions in zone 0.
> 
> The change removes the skipping of template allocation for zone 0 and
> treats it the same as any other zone.
> 
> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct")
> Signed-off-by: Ariel Levkovich <lariel@nvidia.com>
> Signed-off-by: Daniel Jurgens <danielj@nvidia.com>
> ---
>  net/sched/act_ct.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index 4627bb7..96b1417 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -1186,9 +1186,6 @@ static int tcf_ct_fill_params(struct net *net,
>  				   sizeof(p->zone));
>  	}
>  
> -	if (p->zone == NF_CT_DEFAULT_ZONE_ID)
> -		return 0;
> -
>  	nf_ct_zone_init(&zone, p->zone, NF_CT_DEFAULT_ZONE_DIR, 0);
>  	tmpl = nf_ct_tmpl_alloc(net, &zone, GFP_KERNEL);
>  	if (!tmpl) {
> -- 
> 1.8.3.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team