Add support for packet-per-second policing

Bug #1938818 reported by Bodong Wang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-bluefield (Ubuntu)
Invalid
Undecided
Bodong Wang
Focal
Fix Released
Medium
Bodong Wang

Bug Description

* Explain the bug(s)

It’s a missing feature in current kernel.

* brief explanation of fixes

Cherry-pick and backport the related patches from upstream kernel.

* How to test

Add tc filter rule with police action, and check it is offloaded.
For example:
    tc filter add dev enp8s0f0_0 ingress protocol ip flower \
        dst_mac b8:ce:f6:7b:d9:24 \
        action police pkts_rate 1000 pkts_burst 100 conform-exceed drop/pipe \
        action mirred egress redirect dev enp8s0f0

* What it could break.

New feature, doesn't break existing features.

CVE References

Changed in linux-bluefield (Ubuntu):
assignee: nobody → Bodong Wang (bodong-wang)
Stefan Bader (smb)
Changed in linux-bluefield (Ubuntu Focal):
assignee: nobody → Bodong Wang (bodong-wang)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-bluefield (Ubuntu):
status: New → Invalid
Changed in linux-bluefield (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Kelsey Skunberg (kelsey-skunberg) wrote :

Hi Bodong. May you please verify the kernel in -proposed for Focal-bluefield resolves this bug? Thank you!

Revision history for this message
Bodong Wang (bodong-wang) wrote : Re: [Bug 1938818] Re: Add support for packet-per-second policing

Hi Kelsey, it was fixed. Thanks!
________________________________
From: <email address hidden> <email address hidden> on behalf of Kelsey Skunberg <email address hidden>
Sent: Tuesday, September 21, 2021 5:43:53 PM
To: Bodong Wang <email address hidden>
Subject: [Bug 1938818] Re: Add support for packet-per-second policing

Hi Bodong. May you please verify the kernel in -proposed for Focal-
bluefield resolves this bug? Thank you!

--
You received this bug notification because you are subscribed to the bug
report.
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.launchpad.net%2Fbugs%2F1938818&amp;data=04%7C01%7Cbodong%40nvidia.com%7Cefc748aabf074af46bb908d97d523b14%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637678614399499685%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=KGxUMaNWAmHhXWRVX7BPW0F8D1fROE%2FhfRyUde8GWho%3D&amp;reserved=0

Title:
  Add support for packet-per-second policing

Status in linux-bluefield package in Ubuntu:
  Invalid
Status in linux-bluefield source package in Focal:
  Fix Committed

Bug description:

  * Explain the bug(s)

  It’s a missing feature in current kernel.

  * brief explanation of fixes

  Cherry-pick and backport the related patches from upstream kernel.

  * How to test

  Add tc filter rule with police action, and check it is offloaded.
  For example:
      tc filter add dev enp8s0f0_0 ingress protocol ip flower \
          dst_mac b8:ce:f6:7b:d9:24 \
          action police pkts_rate 1000 pkts_burst 100 conform-exceed drop/pipe \
          action mirred egress redirect dev enp8s0f0

  * What it could break.

  New feature, doesn't break existing features.

To manage notifications about this bug go to:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.launchpad.net%2Fubuntu%2F%2Bsource%2Flinux-bluefield%2F%2Bbug%2F1938818%2F%2Bsubscriptions&amp;data=04%7C01%7Cbodong%40nvidia.com%7Cefc748aabf074af46bb908d97d523b14%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C637678614399499685%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=dZxZJM%2BEID5cInvvt5kl6ol1fiYRlgx9k3ib0Pmm%2FAc%3D&amp;reserved=0

Revision history for this message
Kelsey Skunberg (kelsey-skunberg) wrote :

Marking verification completed. Thank you, Bodong!

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (95.1 KiB)

This bug was fixed in the package linux-bluefield - 5.4.0-1019.22

---------------
linux-bluefield (5.4.0-1019.22) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1019.22 -proposed tracker (LP: #1942533)

  * Focal update: v5.4.134 upstream stable release (LP: #1939440)
    - [Config] bluefield: CONFIG_BATTERY_RT5033=m

  * Fix fragmentation support for TC connection tracking (LP: #1940872)
    - net/sched: act_ct: fix restore the qdisc_skb_cb after defrag
    - net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct
    - net/sched: fix miss init the mru in qdisc_skb_cb
    - net/sched: act_ct: fix wild memory access when clearing fragments
    - Revert "net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments()
      error flow"
    - net/sched: act_mirred: refactor the handle of xmit
    - net/sched: The error lable position is corrected in ct_init_module
    - net/sched: sch_frag: add generic packet fragment support.
    - ipv6: add ipv6_fragment hook in ipv6_stub

  * Add the upcoming BlueField-3 device ID (LP: #1941803)
    - net/mlx5: Update the list of the PCI supported devices

  * CT state not reset when packet redirected to different port (LP: #1940448)
    - Revert "UBUNTU: SAUCE: net/sched: act_mirred: Reset ct when reinserting skb
      back into queue"
    - net: sched: act_mirred: Reset ct info when mirror/redirect skb

  * Export xfrm_policy_lookup_bytype function (LP: #1934313)
    - SAUCE: xfrm: IPsec Export xfrm_policy_lookup_bytype function

  [ Ubuntu: 5.4.0-85.95 ]

  * focal/linux: 5.4.0-85.95 -proposed tracker (LP: #1942557)
  * please drop virtualbox-guest-dkms virtualbox-guest-source (LP: #1933248)
    - [Config] Disable virtualbox dkms build
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2021.09.06)
  * LRMv5: switch primary version handling to kernel-versions data set
    (LP: #1928921)
    - [Packaging] switch to kernel-versions
  * disable “CONFIG_HISI_DMA” config for ubuntu version (LP: #1936771)
    - Disable CONFIG_HISI_DMA
    - [Config] Record hisi_dma no longer built for arm64
  * memory leaking when removing a profile (LP: #1939915)
    - apparmor: Fix memory leak of profile proxy
  * CryptoExpress EP11 cards are going offline (LP: #1939618)
    - s390/zcrypt: Support for CCA protected key block version 2
    - s390: Replace zero-length array with flexible-array member
    - s390/zcrypt: Use scnprintf() for avoiding potential buffer overflow
    - s390/zcrypt: replace snprintf/sprintf with scnprintf
    - s390/ap: Remove ap device suspend and resume callbacks
    - s390/zcrypt: use fallthrough;
    - s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc
    - s390/ap: remove power management code from ap bus and drivers
    - s390/ap: introduce new ap function ap_get_qdev()
    - s390/zcrypt: use kzalloc
    - s390/zcrypt: fix smatch warnings
    - s390/zcrypt: code beautification and struct field renames
    - s390/zcrypt: split ioctl function into smaller code units
    - s390/ap: rename and clarify ap state machine related stuff
    - s390/zcrypt: provide cex4 cca sysfs attributes for cex3
    - s390/ap: rework cry...

Changed in linux-bluefield (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers