Enable eBPF JIT in the linux-azure kernels

Bug #1827916 reported by Joseph Salisbury on 2019-05-06
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Marcelo Cerri
Cosmic
Undecided
Marcelo Cerri
Disco
Undecided
Marcelo Cerri

Bug Description

eBPF is available as of kernel version 4.15, which is used on AKS nodes.
Enabling JIT eBPF (built-in kernel feature) will speed-up execution of eBPF aware tools.
eBPF JIT is controlled by the file /proc/sys/net/core/bpf_jit_enable.
More details for eBPF JIT - https://www.kernel.org/doc/Documentation/sysctl/net.txt

The file /proc/sys/net/core/bpf_jit_enable is not present on AKS nodes.

Also, to support eBPF in AKS, we are requesting to switch the mlx* and ib* drivers to loadable modules instead of static.

Joseph Salisbury (jsalisbury) wrote :

This request is for the 16.04 and 18.04 kernels.

Marcelo Cerri (mhcerri) wrote :

What version is being used on AKS nodes?

I checked both the 4.15 and 4.18 azure kernels and they have that sysfs file available:

user@x:~$ uname -r
4.15.0-1046-azure
user@x:~$ cat /proc/sys/net/core/bpf_jit_enable
1

user@b:~$ uname -r
4.18.0-1019-azure
user@b:~$ cat /proc/sys/net/core/bpf_jit_enable
1

Marcelo Cerri (mhcerri) on 2019-05-28
Changed in linux-azure (Ubuntu Xenial):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Cosmic):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Disco):
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Xenial):
status: New → In Progress
Changed in linux-azure (Ubuntu Cosmic):
status: New → In Progress
Changed in linux-azure (Ubuntu Disco):
status: New → In Progress
Marcelo Cerri (mhcerri) wrote :

Any updates on that?

Besides that eBPF is already enabled, most of the mlx and ib modules are already built as modules, the exceptions are the modules listed on bug #1785822, where it was explicitly requested to built them statically.

Is it possible to compile an exact list of the modules that should be changed? That way we can discuss if those changes conflicts or not with past requests.

Marcelo Cerri (mhcerri) on 2019-06-10
Changed in linux-azure (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux-azure (Ubuntu Cosmic):
status: In Progress → Fix Committed
Marcelo Cerri (mhcerri) wrote :

@Josh, @Joseph,

I used this bug to apply the mlx* and ib* changes to the linux-azure kernels. If AKS really needs another config change for eBPF, please open a new bug.

Thank you.

Changed in linux-azure (Ubuntu Disco):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.15.0-1049.54

---------------
linux-azure (4.15.0-1049.54) xenial; urgency=medium

  * linux-azure: 4.15.0-1049.54 -proposed tracker (LP: #1834091)

  * Upstream Commits Needed for DPDK on Azure (LP: #1812123)
    - uio: document uio_hv_generic regions
    - uio_hv_generic: create send and receive buffers
    - uio_hv_generic: add rescind support
    - uio_hv_generic: support sub-channels
    - uio_hv_generic: fix subchannel ring mmap
    - uio_hv_generic: use standard mmap for resources
    - vmbus: keep pointer to ring buffer page
    - uio: introduce UIO_MEM_IOVA
    - hv_uio_generic: map ringbuffer phys addr
    - uio_hv_generic: use ISR callback method
    - uio_hv_generic: use correct channel in isr
    - uio_hv_generic: make ring buffer attribute for primary channel
    - uio_hv_generic: defer opening vmbus until first use
    - uio_hv_generic: set callbacks on open
    - vmbus: pass channel to hv_process_channel_removal
    - vmbus: split ring buffer allocation from open
    - vmbus: fix subchannel removal

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes

  * [linux-azure] Commits Requested in 16.04 for the Azure Kernel (LP: #1830242)
    - blk-mq: remove the request_list usage
    - nvme-pci: remove cq check after submission
    - nvme-pci: split the nvme queue lock into submission and completion locks

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 4.15.0-54.58 ]

  * linux: 4.15.0-54.58 -proposed tracker (LP: #1833987)
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

 -- Marcelo Henrique Cerri <email address hidden> Mon, 24 Jun 2019 17:44:20 -0300

Changed in linux-azure (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.0.0-1010.10

---------------
linux-azure (5.0.0-1010.10) disco; urgency=medium

  * linux-azure: 5.0.0-1010.10 -proposed tracker (LP: #1833924)

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * linux-azure: Add the Catapult FPGA Driver (LP: #1824879)
    - SAUCE: linux-azure: Include Catapult FPGA PCI driver
    - [Config] linux-azure: CONFIG_CATAPULT_PCI=m

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 5.0.0-20.21 ]

  * linux: 5.0.0-20.21 -proposed tracker (LP: #1833934)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  [ Ubuntu: 5.0.0-19.20 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Marcelo Henrique Cerri <email address hidden> Tue, 25 Jun 2019 10:36:47 -0300

Changed in linux-azure (Ubuntu Disco):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.18.0-1023.24

---------------
linux-azure (4.18.0-1023.24) cosmic; urgency=medium

  * linux-azure: 4.18.0-1023.24 -proposed tracker (LP: #1833946)

  * [linux-azure] XDP generic fixes (LP: #1831254)
    - netvsc: unshare skb in VF rx handler
    - net: convert rps_needed and rfs_needed to new static
    - net: core: support XDP generic on stacked devices.

  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m

  * Azure: Backport vIOMMU driver (increase vCPU limits) (LP: #1826447)
    - PCI: hv: Replace hv_vp_set with hv_vpset
    - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset()
    - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
      available
    - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    - [Config] linux-azure: CONFIG_HYPERV_IOMMU=y

  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes

  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files

  [ Ubuntu: 4.18.0-25.26 ]

  * linux: 4.18.0-25.26 -proposed tracker (LP: #1833952)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()

  [ Ubuntu: 4.18.0-24.25 ]

  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Stefan Bader <email address hidden> Tue, 25 Jun 2019 12:46:06 +0200

Changed in linux-azure (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.18.0-1023.24~18.04.1

---------------
linux-azure (4.18.0-1023.24~18.04.1) bionic; urgency=medium

  * linux-azure: 4.18.0-1023.24~18.04.1 -proposed tracker (LP: #1833945)

  [ Ubuntu: 4.18.0-1023.24 ]

  * linux-azure: 4.18.0-1023.24 -proposed tracker (LP: #1833946)
  * [linux-azure] XDP generic fixes (LP: #1831254)
    - netvsc: unshare skb in VF rx handler
    - net: convert rps_needed and rfs_needed to new static
    - net: core: support XDP generic on stacked devices.
  * Enable eBPF JIT in the linux-azure kernels (LP: #1827916)
    - [Config] linux-azure: CONFIG_MLX{4,5}_INFINIBAND=m
  * Azure: Backport vIOMMU driver (increase vCPU limits) (LP: #1826447)
    - PCI: hv: Replace hv_vp_set with hv_vpset
    - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset()
    - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is
      available
    - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    - [Config] linux-azure: CONFIG_HYPERV_IOMMU=y
  * [linux-azure] Please Include Mainline Commit ebaf39e6032f in the 16.04 and
    18.04 linux-azure kernels (LP: #1830266)
    - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes
  * [Packaging] Improve config annotations check on custom kernels
    (LP: #1820075)
    - [Config] linux-azure: Include custom annotations files
  * linux: 4.18.0-25.26 -proposed tracker (LP: #1833952)
  * CVE-2019-11479
    - SAUCE: tcp: add tcp_min_snd_mss sysctl
    - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
  * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
    manipulation (LP: #1831638) // CVE-2019-11478
    - tcp: refine memory limit test in tcp_fragment()
  * CVE-2019-12817
    - SAUCE: powerpc/mm/64s/hash: Reallocate context ids on fork

 -- Marcelo Henrique Cerri <email address hidden> Tue, 25 Jun 2019 11:42:46 -0300

Changed in linux-azure (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers